RCoSE '18- Proceedings of the 4th International Workshop on Rapid Continuous Software Engineering

Continuous Integration and Continuous Delivery are established practices in modern agile software development. The DevOps movement adapted theses practices and places the deployment pipeline at its heart as one of the main requirements to automate the software development process and to deliver and operate software in a more robust way with higher quality.

Over the time a lot of systems and tools has been developed to implement the deployment pipeline and to support continuous delivery. But software development is complex, its process even more and due to the individual organization of software vendors no real all-in-one solution for CD exists. Literature identified a lot of challenges when adopting CD and DevOps in an organization.

This paper presents a conceptual model and fundamental design decisions for a new generation of software delivery systems tackling some of these issues. Our approach focuses on two specific challenges for adopting CD. The first is the lack of flexibility and maintainability of software delivery systems. The second is the insufficient user support to model and manage delivery processes and pipelines. We introduce an automated mechanism to ease the effort for developers and other stakeholders.

Based on these results this paper introduces an architectural proposal for a next-generation continuous software delivery system.

Today's advanced agile practices such as Continuous Integration and Test-Driven Development support a wide range of software development activities to facilitate the rapid delivery of high-quality software. However, the reuse of pre-existing, third-party software components is not one of them. Software reuse is still primarily perceived as a time-consuming, unsystematic and ultimately, "discontinuous" activity even though it aims to deliver the same basic benefits as continuous software engineering - namely, a reduction in the time and effort taken to deliver quality software. However, the increasingly central role of testing in continuous software engineering offers a way of addressing this problem by exploiting the new generation of test-driven search engines that can harvest components based on tests. This search technology not only exploits artifacts that have already been created as part of the continuous testing process to harvest components, it returns results that have a high likelihood of being fit for purpose and thus of being worth reusing. In this paper, we propose to augment continuous software engineering with the rapid, continuous reuse of software code units by integrating the test-driven mining of software artifact repositories into the continuous integration process. More specifically, we propose to use tests written as part of the Test-First Development approach to perform test-driven searches for matching functionality while developers are working on their normal development activities. We discuss the idea of rapid, continuous code reuse based on recent advances in our test-driven search platform and elaborate on scenarios for its application in the future.

In rapid continuous software development, time- and cost-effective prototyping techniques are beneficial through enabling software designers to quickly explore and evaluate different design concepts. Regarding low-fidelity prototyping for augmented reality (AR) applications, software designers are so far restricted to non-digital prototypes, which enable the visualization of first design concepts, but can be laborious in capturing interactivity. The lack of empirical values and standards for designing user interactions in AR-software leads to a particular need for applying end-user feedback to software refinement. In this paper we present the concept of a tool for rapid digital prototyping for augmented reality applications, enabling software designers to rapidly design augmented reality prototypes, without requiring programming skills. The prototyping tool focuses on modeling multimodal interactions, especially regarding the interaction with physical objects, as well as performing user-based studies to integrate valuable end-user feedback into the refinement of software aspects.

Configuration as code (CaC) tools, such as Ansible and Puppet, help software teams to implement continuous deployment and deploy software changes rapidly. CaC tools are growing in popularity, yet what challenges programmers encounter about CaC tools, have not been characterized. A systematic investigation on what questions are asked by programmers, can help us identify potential technical challenges about CaC, and can aid in successful use of CaC tools. The goal of this paper is to help current and potential configuration as code (CaC) adoptees in identifying the challenges related to CaC through an analysis of questions asked by programmers on a major question and answer website. We extract 2,758 Puppet-related questions asked by programmers from January 2010 to December 2016, posted on Stack Overflow. We apply qualitative analysis to identify the questions programmers ask about Puppet. We also investigate the trends in questions with unsatisfactory answers, and changes in question categories over time. From our empirical study, we synthesize 16 major categories of questions. The three most common question categories are: (i) syntax errors, (ii) provisioning instances; and (iii) assessing Puppet's feasibility to accomplish certain tasks. Three categories of questions that yield the most unsatisfactory answers are (i) installation, (ii) security, and (iii) data separation.

Decision knowledge encompasses decisions and related information such as the problems the decisions address, their rationale, or alternatives. The management of decision knowledge is considered important for software development, however, it is often not integrated, since it requires additional effort and developers do not perceive short-term benefits. Continuous software engineering offers new possibilities to overcome these drawbacks: During continuous software engineering, developers perform practices suitable to integrate the management of decision knowledge in their daily work. For example, developers regularly commit code and manage tasks to implement features. In this paper, we present ideas on how to trigger the developers to capture and use decision knowledge during these practices, in particular to 1) package distributed decision knowledge, 2) make tacit decisions explicit, and 3) consider consistency between decisions.

Continuous delivery (CD) pipelines recently gained wide adoption. They provide means for short and high-frequent development cycles in DevOps by automating many steps after a commit has been issued and bringing it into production. CD pipelines have become essential for development and delivery. Hence, they are crucial and business-critical assets that need to be protected from harm in terms of dependability and security. DevOps practices like canary releasing and A/B testing aim to improve the quality of the software that is built by CD pipelines while keeping a high pace of development. Although CD is a part of DevOps, the DevOps practices have primarily been applied to the artifacts that are processed but not on the pipelines themselves. We outline our vision of using these DevOps practices to improve the dependability and security of CD pipelines. The goal is to detect, diagnose, and resolve dependability and security issues in the CD pipeline behavior. In this paper, we outline our envisioned roadmap and preliminary results from an ongoing industrial case study.

With agile methodologies increasingly being applied in regulated environments, security and compliance emerge as critical issues. Combining both concerns is challenging because security engineering techniques are often based on linear development. We propose a method for achieving continuous and secure development by mapping the requirements of security standards into an agile process model. Additionally, this allows verification of compliance even in the face of dynamic process changes. Applicability of the method is demonstrated by using Business Process Model and Notation (BPMN) to model and extend activities and artifacts of Scaled Agile Framework (SAFe) according to requirements of IEC 62443-4-1, a standard for secure product development in industrial systems.

Background. Continuous experimentation (CE) has recently emerged as an established industry practice and as a research subject. Our aim is to study the application of CE and A/B testing in various industrial contexts. Objective. We wanted to investigate whether CE is used in different sectors of industry, by how it is reported in academic studies. We also wanted to explore the main topics researched to give an overview of the subject and discuss future research directions. Method. We performed a systematic mapping study of the published literature and included 62 papers, using a combination of database search and snowballing. Results. Most reported software experiments are done online and with software delivered as a service, although varied exemptions exist for e.g., financial software and games. The most frequently researched topics are challenges to conduct experiments and statistical methods for software experiments. Conclusions. The software engineering research on CE is still in its infancy. There are future research opportunities in evaluation research of technical topics and investigations of ethical experimentation. We conclude that the included studies show that A/B testing is applicable to a diversity of software and organisations.

Continuous Delivery (CD) can bring huge benefits, but implementing CD is challenging. This is particularly true for implementing CD at an ultra-large-scale (across an R&D organization of tens of thousands of staff) for mission critical systems. In this talk, I will present the challenges in implementing CD in such a large scale and discuss the potential research opportunities.