A Survey of Continuous Integration, Continuous Delivery and Continuous Deployment Sergejs Bobrovskis, Aleksejs Jurenoks1 1 Institute of Applied Computer Systems, Riga Technical University, Latvia Abstract. Modern Information Technology (IT) practices are heavily dependent on the organizations' ability moving changes/features/fixes live in an agile and errorless way. As technology evolves, the requirement to implement automation practices increases exponentially. Over the past decades, waterfall software de- velopment practices are substituted by agile methods of software development. This shift undoubtedly brings businesses, operations, and software developers closer to each other towards the commonly established goals. The market intro- duced a great amount of open-source and proprietary solutions to facilitate this merger. In turn, technologies itself also augmented, and as a result, new practic- es have emerged, namely continuous integration (CI), continuous delivery (CDE) and continuous deployment (CD), all supported by cited open-source and proprietary solutions. This research represents an initial step towards de- signing and developing methods for automated distribution of resources in a programmable environment, by doing market research and analyzing related ar- ticles to verify and summarize the current status of CI/CDE/CD. Keywords: Continuous integration, proprietary solutions, DevOps, IaaS, PaaS, SaaS, IaaC, GIT. 1 Introduction Information Technology has closely integrated into all industries and domains (for- profit and non-profit organizations), goods delivery automation to consumers plays a crucial role in “surviving” on the marketplace. Historically organizations had to maintain a manual quality assurance (QA) teams represented the last security layer before any updates/changes could go live (this is still valid for many organizations). It is worth to mention that several decades ago programming languages started to evolve exponentially and the broad variety of new and derivative languages appeared on the market. Depending on the application lan- guages differ from case-to-case, including database (DB) solutions (SQL vs. NoSQL), frameworks (for example, flask, Django, Node, and others), iOS, Android, Web front- end/back-end and automatization practices (with a custom syntax). Shifting from waterfall to agile practices QA teams without automation procedures are deemed to becoming "an outsider." It is critical for QA teams to apply automation methods and tools within a dynamic environment by the integration of CI/CDE/CD in order to stay in the market and proceed with the established business goals. [1] This article tends to perform literature source research review and analysis of de- veloped and established practices amongst researches, communities, and blogs for CI/CDE/CD in order to find known and undocumented flaws. The further structure of the article is as follows: Chapter II focuses on explaining the differences between CI/CDE/CD and explain- ing the involvement of cloud-computing in IT industry, giving the overview of pros and cons of various existing solutions on the market. Chapter III is a content analysis of related articles with emphasis on finding a po- tential solution for the research subject, in order to further expand and clarify previ- ously undocumented issues. Chapter IV addresses methods for automated resource distribution in a program- mable environment. Chapter V concludes the findings and explains the steps required and set future re- search focal points. 2 Continuous Integration, Continuous Delivery, Continuous Deployment Market Distribution, and Practices Research There are several market-accepted automation practices: • CI – is the practice that instructs developers to commit changes several times per day into common repository/mainline. [2] • CDE – is the practice that tends to ensure every available build is stable, checked and verified to be pushed live on a single button click. [3] • CD – is the practice that further expands CDE by ensuring the build is not just ready and checked, but automatically get pushed live onto production environ- ment so real consumers could see changes delivered immediately. [4] All aforementioned practices are interrelated and are the consequence of the desire for automation striving toward consuming more market place by allowing rapid and errorless deployments. In order to move forward CI/CDE/CD practices, organizations had to move from old-fashion on premise server infrastructure to cloud-based solutions. In turn, this has led to the appearance of new practices, such as: • Software as a Service (SaaS); • Platform as a Service (PaaS); • Infrastructure as a Service (IaaS); • Infrastructure as a Code (IaaC); • Network as a Service (NaaS); • Communication as a Service (CaaS). A further outcome of the development of information technologies are [5]: • Microservices – divides technology stack and development of features into sep- arate services. 315 • Containers – ready-to-work application logic encapsulated to so-called packag- es, that can be distributed anywhere, be portable, and should perform program- mable actions. Containers are not microservices; however, microservices can be integrated into containers; • Docker – is an orchestration of containers, having an internal architecture and management tools. • Kubernetes – is a current trend and provides a container-centric management environment. The theory mentioned above is critical to be aware of, as CI/CDE/CD solutions, one way or another, are connected to cloud computing and community-accepted or- chestration tools for reaching company goals and sustaining on the market with rapid and errorless deployments. 3 Related Research Works Reading through academic and research articles, the author sees CI/CDE/CD are rele- vant thematic as organizations keep searching for the lightweight solutions to stay “alive” in the business. Most of the articles read mainly considered explanations of various solutions open- source and proprietary that exist on the market and accepted by various online com- munities. Some authors are trying to dig into specific CI or CDE proprietary tools, giving critical explanations for the implementation phases (which the author believes as an essential aspect, alleviating the resolution for making a decision). [6] Moreover, the author has found several papers focusing on the challenges organi- zations are facing during the integration of CI/CDE/CD practices. Few examples are changing the culture of an organization, qualification expansion of developers and operations team, “cracking” the business, so business truly believe spending money will impact on return on investment (RoI) [7] Main observation authors noted that various articles focus on deployment proce- dure itself, and explaining prerequisites and challenges organizations need to go through. Specifically designing deployment pipelines, using described tools. Im- portant to note that because of the huge amount of programming languages, a unified solution does not exist; thus main focus is explaining technological stack with further explanations of its use. The author believes it is an important consideration, as organi- zations might refer to the paper and its findings and make appropriate configuration of their infrastructure. The paper “Continuous Integration, Delivery, and Deployment: A Systematic Review on Approaches, Tools, Challenges, and Practices” does a great job in explaining tools, approaches, steps for implementation of overall automation, it covers most of the market-wise open-source and proprietary solutions. One paper from the author's point of view deserves a separate attention “Chuck Rossi, Kent Beck, Elisa Shibley, Tony Savor, Shi Su, Michael Stumm "Continuous Deployment of Mobile Software at Facebook (Showcase);” author has been surprised that Facebook assisted and allowed to write a paper describing the actual development procedures within the company. It only touches aspects for mobile devices, but the 316 deployment system Facebook has built is incredible. Manipulation with the source code, commits security checks, separate rooms with cameras focusing on analyses of updates on the piloting of changes, feature-toggles, fully automated continuous deliv- ery, a colossal amount of tests constructed with one secure pipeline and many other practices. The author truly believes CI/CDE/CD is not a simple application of tools, but a tremendous challenge of changing the overall approach for development, en- sures developers and operations start to think differently, truly changing the way-of- thinking rather than the tools used. [8] Another few papers are focusing mainly on testing procedures, as the author states quality and security can be reached solely by passing all automatic tests, including applying security conformity tests. At some point, organizations can refer to specifi- cally designed security practices. The Software Assurance Marketplace (SWAMP) was established to support Continuous Assurance (CA). The Author explains the tools to be used, steps to execute, and empirically prove the concept to ensure created de- ployment package can be considered secure for being pushed further into live envi- ronments. [9] Interestingly the author found only one paper focusing on automation. Mostly this is an explanation and enhancement of the tool called “GuideAutomator.” Even though this is not just a GUI tool, it calls for having a programming experience in writing Macros, but it allows going through the code,