Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Secure Continuous Delivery on Google Cloud
Secure Continuous Delivery on Google Cloud

Secure Continuous Delivery on Google Cloud: Implement an automated and secure software delivery pipeline on Google Cloud using native services

Arrow left icon
Profile Icon Galloro Profile Icon Dorbin Profile Icon Avery
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (3 Ratings)
Paperback Apr 2024 304 pages 1st Edition
eBook
$39.99
Paperback
$49.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Galloro Profile Icon Dorbin Profile Icon Avery
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (3 Ratings)
Paperback Apr 2024 304 pages 1st Edition
eBook
$39.99
Paperback
$49.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$39.99
Paperback
$49.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Secure Continuous Delivery on Google Cloud

Introducing Continuous Delivery and Software Supply Chain Security

Most transactions and interactions today are digital or rely on digital services, so the ability to deliver software quickly, reliably, and securely is a critical competitive advantage. Continuous delivery (CD) is a software engineering practice that enables teams to achieve this goal by automating the entire software release process, from committing code to deploying to production. CD, properly done, empowers organizations to reduce their time to market (TTM), improve software quality, and release new features and bug fixes more frequently.

The goal of this book is to share how to implement secure CD using Google Cloud services such as Cloud Code, Cloud Workstations, Cloud Build, Artifact Registry, Cloud Deploy, and others.

In this book, we describe each service and show how you can use them together to automate and secure your software delivery pipeline. But first, in this chapter, we introduce CD principles and some of the practices and technical capabilities that drive the ability to implement them.

This chapter also provides an overview of security threats that a software supply chain can face and some practices that can mitigate those threats.

This chapter includes the following sections:

  • Introduction to CD
  • Understanding continuous integration
  • Understanding continuous testing
  • Understanding deployment automation
  • Securing your software delivery pipeline

We start this book by looking at what CD is.

Introduction to CD

CD is a set of practices and principles that aim to streamline and automate software delivery from commit to production. Teams and organizations practice with the goal of deploying software to production on demand at any time without impacting service availability. The main objective of CD is that software should always be in a deployable state and software release should be a fast, repeatable process.

This section is a quick overview of CD, what it consists of, and how it can help your organization achieve better and faster software delivery.

CD practices

Some of the practices that underpin CD are set out here:

  • CI: CI means that code changes are integrated into the source code repository quickly and regularly. Automated builds and tests are triggered with each code commit, providing rapid feedback to developers. Consistent, reliable builds are at the foundation of a trustworthy CD process.
  • Continuous testing: This includes unit tests, integration tests, and end-to-end (E2E) tests. Test suites are executed automatically during the pipeline to catch regressions early and increase your confidence in the quality of the system.
  • Small, frequent releases: Instead of large, infrequent releases, CD tries to break down features and changes into small, manageable chunks that can be released more frequently. This reduces the risk of introducing regressions and makes it easier to identify and fix problems.
  • Trunk-based development: A software development methodology in which developers divide their work into small batches and merge each batch into the trunk at least once a day. This approach is in contrast to more complex branching strategies such as feature branching or Gitflow, in which developers create separate branches for different features or bug fixes.
  • Deployment pipeline: The entire release process, from building the code to deploying it to production, is automated using a pipeline. The automated pipeline can run such tasks as the following:
    • Compiling code
    • Executing unit tests
    • Building software artifacts as container images
    • Progressively deploying the app on different pre-production environments where different kinds of automated or manual tests can be performed
    • Finally releasing the application to production

The following diagram represents an example pipeline, starting when there is a new commit in the source code repository. The tasks represented in the diagram and the ones listed previously are examples. The exact pipeline sequence changes depending on factors such as the application itself, the programming language, and the framework, as well as specific organizational contexts:

Figure 1.1 – A high-level look at a software delivery pipeline

Figure 1.1 – A high-level look at a software delivery pipeline

That process, with those practices, can help you achieve improved software delivery performance, as described in the next section.

The impact of CD on software delivery performance

The DevOps Research and Assessment (DORA) research program has identified CD as one of the main capabilities driving software delivery performance, as measured by DORA’s four key metrics.

The following list shows those four metrics and how they can help you improve your software delivery performance:

  • Deployment Frequency: How often code changes are deployed to production.

    CD encourages more frequent deployments because it automates the deployment process and ensures that code changes are always production ready. Teams practicing CD can deploy changes to production on demand, often multiple times a day. Compare this to traditional approaches that might have longer release cycles.

  • Lead Time for Changes: The time it takes to go from code commit to a production-ready release.

    CD streamlines the software development process, enabling faster development cycles and reducing delays. CD automates steps in the delivery pipeline, such as building, testing, and deploying, which reduces manual intervention and wait times.

    With CD, code changes are continuously integrated, tested, and delivered, shortening the time from development to production. Frequent, small releases accelerate TTM.

  • Change Failure Rate: The percentage of changes or deployments that fail or require rollback.

    CD emphasizes continuous testing, including unit tests, integration tests, and acceptance tests. This reduces the chance that defects and errors make their way into production.

    Automation, in general, makes the release process repeatable and less error-prone because almost nothing is left to interpretation. Frequent, smaller releases make it easier to identify and fix issues early in the development process, reducing the likelihood of catastrophic failures in production.

  • Time to Restore Services: The average time it takes to restore services after a production failure.

    CD practices typically include automated monitoring and alerting in production environments. This helps teams detect issues quickly. When issues do occur, CD enables rapid rollback or forward fixes. Automated deployments make it easier to apply fixes and quickly get the system back to a working state.

See https://dora.dev/ for more info on DORA and the four key metrics.

In the rest of this chapter, we describe the most important underlying CD practices in more detail, starting with CI.

Understanding continuous integration

Continuous integration (CI) is a set of software development practices for frequently integrating code changes. Each time a developer integrates changes (usually at least daily), those changes are automatically verified and tested. This means that there is always an up-to-date build ready to deploy.

The practice of CI was created to solve integration and compatibility problems caused by the old approach of developers working in isolation for an extended period on their version of code and then attempting to merge their changes into a shared code base.

CI follows the counterintuitive principle that if something is painful, you can make it less painful by doing it more often. This is based on the understanding that the integration effort is exponentially proportional to the amount of time between integrations (as found on https://martinfowler.com/articles/originalContinuousIntegration.html#TheMoreOftenTheBetter).

The next section describes how to bring these principles to your software development process.

How to implement CI

Here is a list of fundamental practices that a team should consider following to implement CI:

  • Trunk-based development: As described previously, developers divide their own work into small batches and merge that work into the main code branch (trunk) at least once a day.
  • Automated builds: For every change committed to the repository, the application is automatically compiled, built, and tested without manual intervention. This helps ensure that the software is always in a state that can be deployed to production. Artifacts produced by the CI build should be used by all subsequent deployment tasks. An automatic build is run at least once a day.
  • Continuous testing: Automated tests run every time a change is committed, including unit tests, integration tests, and other types of automated tests. This helps ensure that new code doesn’t break existing functionality. Immediate feedback from these tests allows developers to fix issues quickly before those issues cause bigger problems. Tests should run successfully at least once a day, and if they fail, the team prioritizes fixing the problem.
  • Collaboration: This is probably more a consequence of the previously listed elements than a principle to implement. With all team members committing to the shared repository regularly, there’s a continual exchange of ideas and code. This openness not only improves the quality of the software but also enhances team dynamics, as everyone can see what others are working on. It also encourages developers, testers, and operations teams to work more closely together. This collaboration breaks down silos and promotes a more cohesive approach to software development, in which everyone is aware of the goals and challenges of the project.

Now that we’ve covered the main elements of CI, let’s explore continuous testing.

Understanding continuous testing

Continuous testing automates as much of the testing as possible, running the tests frequently (before and after each build) as part of a CD pipeline.

This approach has the following benefits:

  • Developers and the rest of the team get quick feedback on how the software is functioning and can immediately fix any issues.
  • Tests’ reliability is better than that of manual tests, which are repetitive and error-prone.
  • Software can be released more frequently because the feedback loop is shorter.

Using continuous, automated testing doesn’t mean you won’t also run some manual tests, such as exploratory or usability testing, throughout the delivery process.

Now, let’s look at the types of testing that are typically included in continuous testing.

Test types

The following are some test types typically used in continuous testing:

  • Unit tests: These tests are building blocks, focusing on individual code units (functions, classes). Unit tests run quickly and provide fine-grained feedback.
  • Integration tests: These tests verify how different parts of a system work together. Integration tests are crucial for identifying issues in the interactions between integrated components or systems. These are more likely to be run within your CI server where multiple code packages come together.
  • Acceptance tests: These tests simulate real-world usage of a running application or service, verifying that essential functionality aligns with user expectations and business requirements. These may happen from your CI environment or other outside services that test applications running in a staging environment.

And now, let’s see how to make continuous testing happen.

Implementing continuous testing

The following is a list of fundamental principles and practices for teams to implement continuous testing:

  • Test automation: Automating unit tests, integration tests, and regression tests is essential for continuous testing. Automation allows the team to quickly identify and address issues, making the testing process more efficient.
  • Developer involvement in testing: Developers should be the people primarily responsible for creating and maintaining automated test suites.

    This approach ensures that tests are always updated based on code changes and that developers write code that is relatively easy to test. The natural consequence and best realization of this approach is the test-driven development (TDD) practice, which is described next.

  • TDD: A software development methodology in which tests are written before code. Initially, the developer writes an automated test for a new function or feature and then writes the actual code. This test defines how the new functionality should behave.

    The developer then writes the minimal amount of code necessary to make the test pass. After the test passes, the developer then refactors the code, which involves cleaning up and optimizing the code without changing its functionality.

  • Unit and acceptance tests’ proportion: One of the main goals of continuous testing is to detect and fix issues as soon as possible. Unit tests are typically faster than acceptance tests and are executed in the early phases, so the more issues are detected in unit tests, the sooner defects are detected and remediated.

    As much as possible, unit tests should do the work of detecting issues. When an error is found in acceptance tests or other manual tests, create an automated unit test for that behavior to ensure that this error is detected sooner if it occurs again.

Now that we’ve covered the main elements of continuous testing, we’ll explore automated deployment in the next section.

Understanding deployment automation

Deployment automation allows software to be easily and automatically deployed to pre-production and production environments, at the push of a button. This is crucial for minimizing risks during production rollouts and results in rapid feedback on software quality. By enabling teams to perform extensive testing immediately after updates, deployment automation ensures prompt assessment and enhances overall software quality. Implementing deployment automation doesn’t necessarily mean that you are doing continuous deployment. Continuous deployment is when you try to deploy every code change to production as soon as possible, and this can or cannot be applicable to your environment. You can do CD and automate your deployments but still have gated releases, feature flags, or even manual switches to formally light up the release.

An automated deployment process has the following inputs:

  • Software artifacts (created by CI) that are ready for deployment in any environment, including production
  • Configuration details unique to each environment
  • Scripts for setting up the environment, deploying packages, and conducting deployment tests

Now, let’s look at how to automate your deployments.

Implementing deployment automation

Here is a list of fundamental principles and practices that a team should follow to implement deployment automation:

  • Implement a uniform deployment process across all environments, including production. This ensures the deployment method is thoroughly tested before it’s used in production.
  • Enable automated deployment of any artifact version to any environment by anyone with the right permissions. A process is not fully automated if it requires that someone file a ticket or manually prepare an environment.
  • Use identical packages across all environments and maintain environment-specific configurations separately. This ensures packages deployed in production are the same as those tested.
  • Ensure each environment’s state can be re-created using version control. This makes deployment repeatable and enables deterministic production restoration in disaster recovery (DR) scenarios.

That covers deployment automation. In the next section, we introduce software delivery security.

Securing your software delivery pipeline

Software production and delivery can be viewed as a supply chain in which the same developer can be both a software producer (by developing software) and a consumer (by using existing software as a dependency for the app being developed).

This section is a high-level overview of some of the security threats against a software delivery pipeline, as well as some best practices that help protect against those threats. In later chapters, we describe how to implement some of the best practices, using Google Cloud-managed services.

First, let’s look at the security of your source code.

Source code management threats and remediations

Threats to source code management systems affect the security of the source code. These threats can come from the code itself (for example, submitting source code that is unintentionally or intentionally vulnerable) or can be threats to the source control platform, which can be compromised in different ways. The next section lists some practices to help ensure your source code is safe.

Source code management security best practices

The following is a list of security best practices to protect the integrity of your source code:

  • Repository configuration: Configure repositories using a secure, automated method that offers preconfigured templates based on the application’s security level.

    Enforce centralized identity management with multi-factor authentication (MFA) for users, ensuring updated access privileges. Limit repository ownership to a few trusted employees, integrate identity management systems, and require dual approval for merges to enhance security.

  • Code reviews: Code reviews are one of the most important practices to ensure software quality and security and should always be part of a secure software supply chain.

    Reviewers should be assigned to a repository application or a specific commit based on expertise in the programming language and relevant security risks. Perform code reviews on feature-branch pull requests as soon as developers are ready.

    In addition to human code reviews, implement static code analysis tools.

  • Merge approvals: Establish a select group of trusted individuals to authorize merges into production branches. For applications with stricter security requirements, implement a process that requires more than one approver.

Now, let’s look at security for your build process.

Build threats and remediations

The following are some examples of security threats to the artifact build process and tools:

  • Builds that use modified source code (not from a trusted source control system)
  • Compromise of the build system
  • Artifacts built outside of the official build system and process
  • Compromise of the artifact storage system

The following section lists some practices to help ensure the security of your build process.

Build security best practices

The Supply-chain Levels for Software Artifacts (SLSA) specification defines a set of build-security best practices. These are established by multiple software-industry organizations under the Open Source Security Foundation (OpenSSF) (https://openssf.org/).

SLSA (http://slsa.dev) is a specification meant to help you describe and improve your software supply chain security. It’s structured as a series of tracks, each one covering an aspect of supply chain security, and levels, with each level offering progressively stronger security guidelines and requirements for each track.

At the time of this writing, the SLSA specification is at version 1.0, the first stable release of SLSA. SLSA v1.0 consists of only one track: Build. Future versions of SLSA will add tracks that cover other parts of the software supply chain.

Each level includes a set of requirements for the build process: lower-level requirements are easier to implement but provide lower security guarantees. Higher-level requirements are harder and usually more expensive to adopt but demonstrate that tougher security guidelines have been adopted for software build practices.

The level-based structure also allows you to incrementally adopt the guidelines, progressively improving the security posture of your software supply chain.

The primary goal of the SLSA Build track is to attest and verify that an artifact was built as expected. This is done mainly by generating build provenance, which software consumers can verify. The SLSA v1.0 Build track includes three levels: L1 to L3. There is also an L0 level, which refers to software that doesn’t meet any SLSA requirements. The following table summarizes the build levels:

Track/Level

Requirements

Focus

Build L0

None

N/A

Build L1

Provenance showing how the package was built

Mistakes, documentation

Build L2

Signed provenance, generated by a hosted build platform

Tampering after the build

Build L3

Hardened build platform

Tampering during the build

Table 1.1 – SLSA v1 Build tracks

These security levels, and descriptions thereof, are from the SLSA specification, version 1.0, courtesy of the SLSA Working Group. You can find more details on the requirements for each level at http://slsa.dev.

In the next section, we’ll talk about threats in your code’s dependencies and some practices for remediating those threats.

Dependency threats and remediations

Dependency threats are vulnerabilities or intentionally malicious code in any software that your application depends on.

Dependency management best practices

The following is a list of security best practices for managing dependencies:

  • Scan dependencies for vulnerabilities: Integrate a scanning tool into the development and build workflow that identifies vulnerabilities, using databases such as the National Institute of Standards of Technology National Vulnerability Database (NIST NVD).
  • Store dependencies in a private registry: A private registry offers the convenience of a public repository, with enhanced control over dependencies. It can provide capabilities such as access control, vulnerability scanning, and repository management.
  • Remove unused dependencies: Regularly cleaning up unneeded dependencies keeps your application lean and nimble, improving its performance and reducing its attack surface. This proactive approach helps minimize potential security risks associated with outdated or irrelevant dependencies.
  • Use open source tools to track dependency insights: Various tools can help you to get information on dependencies. Here are two examples:
    • Open Source Insights (https://deps.dev/): A website that provides information about software packages vulnerabilities and licenses.
    • Open Source Vulnerability (OSV) Database (https://osv.dev/): A searchable vulnerability database.

This section described how to secure your software delivery pipeline, including a look at how your code and its dependencies can face vulnerabilities.

Summary

In this chapter, you were introduced to CD principles and some of the practices and technical capabilities that underpin them, such as CI, continuous testing, deployment automation, and trunk-based development. You also learned how CD and these practices positively impact software delivery performance and achieve organization goals, as measured by DORA research.

In the second part of the chapter, we described some potential security threats to a software supply chain and some strategies to protect against them. We also provided an overview of the SLSA Build track specification.

This information should prepare you for the rest of the book, in which we show how to implement CD and software supply chain security best practices using Google Cloud-managed services.

The next chapter is a look at Skaffold, an open source tool for continuous development and CD that is used by several of the Google Cloud services described in this book.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Gain hands-on experience building an end-to-end software delivery pipeline using Google Cloud services
  • Deploy your applications on GKE, Cloud Run, and across hybrid and multi-cloud environments
  • Secure pipelines with artifact scanning, dependency vulnerability checks, signed provenance, and admission control
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Continuous delivery, a cornerstone of modern software engineering, facilitates quick and secure software delivery using a robust toolkit encompassing automated builds, testing, source code management, artifact storage, and deployment. Whether you integrate tools from different providers or use a set of managed services from a single cloud provider, the goal is to streamline setup, integration, and management. This book focuses on continuous delivery on Google Cloud. Starting with an introduction to continuous delivery and secure software supply chain concepts, this book uses hands-on exercises to demonstrate how to continuously test your application with Skaffold and Cloud Code, leverage AI-assisted code generation with Cloud Code and Cloud Workstations, and automate your continuous integration with Cloud Build. You’ll see how to store and scan your software artifacts on Artifact Registry, orchestrate deployments with Cloud Deploy, and release your software on GKE and Cloud Run, configured to admit only trusted code. Using an example application, you’ll implement tools for creating an end-to-end delivery pipeline using Google Cloud services. By the end of this book, you’ll be able to build a secure software delivery pipeline from development to production using Google Cloud managed services and best practices.

Who is this book for?

This book is for DevOps, Platform, and Cloud Engineers tasked with managing application deployment and creating continuous delivery pipelines who want to automate workflows in a fully managed, scalable, and secure platform. Software developers involved in application delivery and interested in harnessing Google Cloud tools to optimize development flow status and feedback loop will also find this book useful. Prior knowledge of Google Cloud fundamentals (including Cloud APIs and IAM), software delivery, containerization, and Kubernetes will enhance the reading experience.

What you will learn

  • Create an end-to-end continuous delivery pipeline using Cloud Build, Artifact Registry, and Cloud Deploy
  • Develop, build, and deploy container-based applications with Skaffold and Cloud Code
  • Experiment with AI-assisted code generation in Cloud Code
  • Automate continuous integration with Cloud Build triggers
  • Automate deployment on GKE and Cloud Run through Cloud Deploy
  • Enhance pipeline security with Artifact Analysis, Binary Authorization, and SLSA
  • Apply best practices, including logging and monitoring

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 12, 2024
Length: 304 pages
Edition : 1st
Language : English
ISBN-13 : 9781805129288
Languages :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Apr 12, 2024
Length: 304 pages
Edition : 1st
Language : English
ISBN-13 : 9781805129288
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 146.97
Secure Continuous Delivery on Google Cloud
$49.99
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
$59.99
Data Exploration and Preparation with BigQuery
$36.99
Total $ 146.97 Stars icon

Table of Contents

18 Chapters
Part 1:Introduction and Code Your Application Chevron down icon Chevron up icon
Chapter 1: Introducing Continuous Delivery and Software Supply Chain Security Chevron down icon Chevron up icon
Chapter 2: Using Skaffold for Development, Build, and Deploy Chevron down icon Chevron up icon
Chapter 3: Developing and Testing with Cloud Code Chevron down icon Chevron up icon
Chapter 4: Securing Your Code with Cloud Workstations Chevron down icon Chevron up icon
Part 2: Build and Package Your Application Chevron down icon Chevron up icon
Chapter 5: Automating Continuous Integration with Cloud Build Chevron down icon Chevron up icon
Chapter 6: Securely Store Your Software on Artifact Registry Chevron down icon Chevron up icon
Part 3: Deploy and Run Your Application Chevron down icon Chevron up icon
Chapter 7: Exploring Runtimes – GKE, GKE Enterprise, and Cloud Run Chevron down icon Chevron up icon
Chapter 8: Automating Software Delivery Using Cloud Deploy Chevron down icon Chevron up icon
Chapter 9: Securing Your Runtimes with Binary Authorization Chevron down icon Chevron up icon
Part 4: Hands-On Secure Pipeline Delivery and Looking Forward Chevron down icon Chevron up icon
Chapter 10: Demonstrating an End-to-End Software Delivery Pipeline Chevron down icon Chevron up icon
Chapter 11: Integrating with Your Organization’s Workflows Chevron down icon Chevron up icon
Chapter 12: Diving into Best Practices and Trends in Continuous Delivery Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(3 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Ozan Seymen May 11, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Giovanni, Nate and Dave's latest book is a revelation for anyone involved in the intricate dance of software delivery. I had high expectations as someone familiar with their work, and this book exceeded them all.The book takes a methodical approach, starting with an overview of the entire pipeline before diving deep into each element. This builds a solid foundation for understanding how the pieces fit together. The culminating chapter, demonstrating an end-to-end pipeline, is the perfect cherry on top – a satisfying synthesis of all you've learned.One of the book's key strengths is its structure; each chapter focuses on a specific component of the software delivery pipeline and guides you through practical exercises that you can follow through on your own Google Cloud project. This approach works great for me in solidifying theoretical concepts through real-world application.The level of detail in each chapter is impressive. For instance, the chapter on workstations doesn't just scratch the surface; it offers both the administrator's and developer's perspectives. The hands-on exercises aren't limited to the base editor (Code OSS) but also include IntelliJ and custom container image creation, covering the whole ground.I think this book is an essential addition to any software professional's library. It's a rare combination of comprehensive theory and hands-on practice, presented in a clear and engaging style. Whether you're new to software delivery or a seasoned expert, this book will undoubtedly elevate your knowledge and skills.
Amazon Verified review Amazon
Tiny Jun 25, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Loved the step by step approach, Explained all the underlying tools such as Skaffold, Cloud Code and extensions. Obviously heavily focused on Google solutions but includes lots of screen shots and code samples to move from one to the other. One of my favorites in this type of book is not just the small shots of what to do, but the full length example in Chap 10 for an end to end pipeline. Then, of course, I couldn't leave without mentioning how much I liked the best practices. Monitoring and Observability are some of my favorites and the authors hit those perfectly. Recommend for anyone using Google Cloud as their delivery tool.
Amazon Verified review Amazon
Daniel May 06, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is a fantastic resource for anyone looking to better understand different aspects of a secure software supply chain from a practical point of view. The book provides easy to follow step by step instructions and crisp explanations of the most important concepts. Anyone with experience in this field will appreciate the examples and deep dives that go beyond the usual hello world and happy path examples and align more closely with real world requirements. I really appreciate the level of detail and practical examples that come with the book and make it easy for me as a reader to not only read about the topics theoretically but also try them out in my own environment and gain some firsthand experience.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.