Tag Archives: outsourcing

Outsourcing Continuous Integration

Outsourcing Continuous Integration isn’t a new idea, but we’re seeing more and more traction in the space. The headline news is:

  • It’s certainly not for everyone.
  • The space is going to get more and more interesting as cloud services increase.

Not for everyone

If you’re at all paranoid about security, you’re unlikely to want outsourced CI.

You might fall at the first hurdle: will you be able to justify outsourcing the build of your most valuable asset to an auditor? If you can’t address the (low) risk of your code being subverted, it might be game over. Perhaps you can prove that no code built at your outsourced service is used. It also raises the question of your version control system. Is it inside your firewall? Do you need to provide secured access to your outsourcing partner? Perhaps you outsource version control elsewhere. Can those parties talk? Could there be a man-in-the-middle attack?

What about some more practical reasons for keeping it in house? You might depend on internal services for your build. What’s your internet connection like? Do you mind if you lose your connection to the Internet, and therefore the outsourced continuous integration server?

Cooler tools

Can your IT department supply you with Linux, XP, Vista, and now Windows 7 with a host of different browsers? Of course not. They aren’t there to deliver a glittering array of choice in operating systems. Your friendly local IT department is there to drive down the cost of computing by stamping a uniform operating system onto all your computers. Your helpful IT vendor is there to help said IT department, being the guys who pay Bill’s bill.

It’s a good thing Amazon branched out from selling dead trees. The Amazon Web Services tool-set is amazing. Want somewhere to keep all those built artifacts? Then how about S3? Need a few dozen build agents? EC2 is your friend. We’re really just getting started here. One of the most obvious uses for the cloud is in allowing you to test all those pesky client configurations: those permutations of Windows, IE and Firefox, for example. I predict that Continuous Integration vendors will quickly reach feature parity on this, because it’s so darn useful.

Such services will become more specialised as more service models evolve. Need to test with your enterprise stack? I imagine you’ll be able to piece together some of those components as well. Will there be an API for submitting builds to any build farm? I certainly hope so.

In the medium term, I’m not convinced that many CI servers will end up fully hosted on the cloud. What’s more likely is that many enterprises will end up with:

  • One big, hand-rolled build machine, hosted at the firm.
  • Lots of nodes in the cloud.
  • A really freaking big Amazon EC2 bill.

This works, because you get to assume that you’re protecting the your assets, and just giving your built code a workout out there in cloud-land (I also predict the rise of compromised cloud servers, FWIW). You still need to deploy the app somewhere and fire up nodes to test against it, but you are limiting the opportunities to inject malicious code at build time. This allows you to keep built artifacts (be they in a Maven-style repo, or just spat out from an Ant build) on the inside of your network (ironically where you probably face the most realistic risks of attack – by disgruntled or financially compromised employees).

Perhaps some of the cloud vendors will acquire enough security certifications to convince auditors that it’s safe to use. And maybe, enough organisations will start thinking of operating systems and middleware as bigger code objects to play with via an API or toolset, rather than infrastructure to manage with a meatcloud.

Some vendors

So who actually provides outsourced Continuous Integration? This is by no means an exhaustive list. Tweet me if you have suggestions for the list. Thanks.

  • Collabnet offer Team Forge, which looks like it used to be SourceForge Enterprise Edition. Remember that? I worked at a bank that used it. Happy times. [mainly due to NPR and Peet’s Coffee. Though SFEE did work reasonably well for a large programme of work]
  • Run Code Run – have built off the back of GitHub with a sweet little model – they consume hooks from GitHub, and trigger from those to build your Java apps. They are branching out from Ruby projects to include Java as well, and will rent you a private CI system by the month.
  • CI in a Box is an Amazon EC2-based solution. I’m not sure who’s making money off of this one apart from Amazon – the house always wins. Looks like low cost and scalable Hudson implementation, anyway.
  • Mike CI contacted me the other day – they have a new service – operated out of the UK, but available everywhere, of course. They are pre-launch, but they seem to be in a similar space to Run Code Run – allowing developers to easily adopt CI. They support Java but might also offer .NET. I’ll try and get something more in-depth, and pounce on them for an interview if they come to London. They seem really nice.
  • Atlassian just joined the game with JIRA Studio, their outsourced suite of tools. This is a good play from them: they have a strong brand in JIRA, and they are leveraging it.
  • Electric Cloud offer a tool that can be fully or partly cloud hosted.  It’s not clear who offers this as a managed service or not.  I’ll ask them.
  • Bitbar are new.  Looks like they have a strong mobile vertical.
  • Hosted CI got in touch as well. They self-describe as “Hosted Continuous Integration for iOS and Mac”
  • TDDium (geddit?) said hello recently. They are “a cloud-based test environment designed to change the way developers build web applications”. Or as we call it, Continuous Integration.
  • CI Foundry is also new, and in super-alpha. This is a bespoke service, so aimed at companies who want things done for them, or in situations where the standardised offerings don’t fit. DISCLAIMER: I’m behind this one. I’m going to be open about this. Compromising my editorial integrity would feel dirty. I’ll even try and get someone else to do reviews if there’s a problem.

Are you using outsourced Continuous Integration? Do you want to share your experiences? Tweet me!

Updates:

Added Atlassian on December 17, 2009

Added Bitbar on June 14, 2010

Added hosted-ci, and removed Run Code Run and Mike, September 30, 2011

Added TDDium on December 29, 2011

Tagged