DevOps — 7 services we use to build software
As a small software team we rely on a handful of services to help ensure that our codebases stay clean and stable.
1. Github
Like a hell of a lot of people, we use Github to host our repositories. We keep a fair bit on there, even our email signatures.
When we’re working on a project, we use a simplified git flow model, and use the Github UI for pull requests. We enforce rebasing, so that we don’t have big merge commits all over the place messing up our history.
We also use the Codacy, snyk.io and Travis CI integrations to make sure that a feature branch isn’t going to cause any issues when we merge it into develop.
We’re also Slack addicts, so we’ve got Github plugged right into our channels to keep us updated throughout the day.
Alternatives
GitLab and Bitbucket are both solid repository hosts, and we’ve used both at various points in the past. Bitbucket was even our default up until a couple of years ago.
2. Codacy
Saying that Codacy is just a code review tool wouldn’t be doing it justice. Not only does it backup our lint scripts, it also keeps track of metrics like code complexity and test coverage.
The Slack and Github integrations make sure we know when we’ve made a mistake (as well as giving us a little dopamine hit when it says we’ve done a good job!).
Alternatives
3. Snyk
We build progressive web applications with React and NodeJS. This means we use npm for of our dependencies.
Snyk scans the package.json in our projects every day for security vulnerabilities, and alerts us when theres a problem. It even automagically opens Github pull requests to mitigate issues, and tells us when we have to take action on Slack.
Secure dependencies mean a more secure app, and that’s good for everyone.
Alternatives
Github Security Alerts — Now built in to Github, and currently covers JavaScript and Ruby.
Roll your own with NPM Audit — With the recent acquisition of ^Lift Security and the Node Security Project, you can now run security audits directly from the command line.
4. Travis
Travis CI runs on our code on every push. It runs our lint scripts and our unit tests to make sure we haven’t broken anything. Once it’s finished doing that it sends test coverage metrics to Codacy.
If a build fails we’re notified in Slack, and our code isn’t deployed until we fix the build failure.
We also use the cron jobs feature to run our builds monthly, making sure everything still works even if we aren’t actively working on a project.
Alternatives
Codeship — We used to use Codeship, but we prefer the configuration as code aspect of Travis CI.
5. Heroku
We’re big Heroku fans. Its fast, easy to use, stable, and automates a whole lot of our devops.
We use pipelines to link up our staging and production instances, and use Heroku GitHub Deploys to deploy straight from Github once our Travis builds pass.
On top of that, we use the the Slack integration (sensing a theme yet?) to keep us up-to-date with pipeline events.
Alternatives
We don’t actually know of any drop in alternatives to Heroku. You can always roll your own code onto AWS or Google Cloud Platform or even on Digital Ocean, but for small teams this might be too much overhead. If you have any recommendations, drop them in the comments!
6. Papertrail
We log a lot. Errors, requests, cron jobs, the whole shebang. Knowing what’s happening in your app in the moments running up to an error or a system outage is critical in working out exactly what went wrong.
Papertrail lets us do all of that in a centralised, secure environment. We pipe all our logs from all our apps into one Papertrail account so we don’t have to spend time finding the right addon on Heroku.
Also features Slack alerts, and S3 archiving for historical records.
Alternatives
We’ve always used Papertrail, but we’ve heard good things about Logz.io and logentries.
7. Bugsnag
A massively important part of any app is error logging. If you don’t know when and what is going wrong in your app, then you’re shooting in the dark when you have to fix problems reported by your users.
We chose Bugsnag for error logging and tracking. If we’re being honest about it, most bug tracking platforms perform roughly the same tasks. We went with Bugsnag because of their Slack integration. Being able to handle errors from without having to pop open a browser and sign into a different system makes life easier for us.
Alternatives
Sentry — We moved from Sentry to Bugsnag last year, but recent updates might make it viable for heavy Slack users.
In case you hadn’t noticed, all the services that we use link into Slack. We’re a remote company and hang out together in Slack all day, so it makes total sense for use to use services that pipe events into our channels.