What “engineering maintenance day” is, and how it keeps us sane

Author: “You should keep your dependencies up to date”
Reader: “No shit, tell me something I don’t know :)“

However, most teams I’ve worked in fall behind on maintenance over time.

Why?

Because keeping dependencies up-to-date takes time and effort. In an environment when shipping is the primary objective, maintenance takes a back seat. Sure, when the effects of outdated dependencies are apparent (something is breaking, or development is slowed down significantly), it’s easy for anyone in the organization to say “we should stay up-to-date with these things!”.

A couple of examples when:

  • The new major version of Ruby on Rails has been released and six months later, your other dependencies stop releasing updates for your old major version.
  • The new shiny version of Webpack 2 (or 3) hit the streets, and all your loaders all of a sudden stop supporting Webpack 1.

You don’t necessarily need to upgrade, but the day you do (security issues perhaps), it’s going to take you way longer to do the migrations. Compared to if you had done it regularly. The challenge is to be proactive enough that the team isn’t put in those situations.

With that in mind, what are the actions we as developers can take that ensures that the outcome never becomes a production halt? For us, the main action is Engineering Maintenance Day (EMD).

EMD occurs one day a month, per project, where we take the time to update dependencies, do risk assessment and look at our current technical debt.

We do it because we don’t want to fall behind on our dependencies and software as the pain of getting back on track has a tendency to accumulate quite heavily.

Software development these days is moving at a rapid speed and the more code you touch, the more likely you are to introduce bugs, even if your intent is to improve it. That means increased development time, testing, and therefore cost ($$$). And if it slips through all the way to a release with a medium to high-defect, everyone need to foot a huge bill.

On top of that, one of the larger macro-trends over the past decade, is that the use of third-party dependencies has exploded. For example, the open-source-JavaScript community right now is just the largest, most active open source community that has ever existed.

Check out the stats that GitHub announced last year: https://octoverse.github.com/ 

According to the statistics published by GitHub, open source JavaScript activity as measured by pull requests has doubled in the past two years. It’s more than the next two languages (Java and Python) combined.

“Open source JavaScript activity as measured by pull requests has doubled in the past two years”

Given we are heavily dependent on JavaScript at Sparta — we decided to implement something called Engineering Maintenance Day in order to ensure we minimise defects that are shipped to production.

We have three different products within our team, that each require a variety of tasks during an EMD.

API (Ruby, Ruby on Rails)

  • Heroku (Ruby version) — Are there any new major or minor releases that we could benefit from?
  • Database (Postgres) — Same as above (we recently updated to 9.5+ because we needed JSONB as a column type)
  • Gems — Go through the changelog’s on a regular basis. Use a lockfile. One of the tools you can take a look at is Gemnasium which helps automate this

Web (Node/Express)

  • Heroku (Node) — Are there any new major or minor releases that we could benefit from?
  • NPM packages — Go through the changelog’s of the updated dependencies. Lock your versions with a yarn lockfile or npm-shrinkwrap. Take a look at Greenkeeper.io which helps you automate this.

Mobile (Swift)

  • Cocoapods — Are there any new major or minor releases that we could benefit from?

Verification during an EMD

This is one of the times where proper test suites really shine, since we can update dependencies and quickly find any issues.

  • Unit tests
  • End to end tests

Forks

There will always be reasons for a fork to exist. In a larger organisation it will be hard to keep track of the different reasons. As always, it’s good to maintain a documented list of these in case the maintainer at your company decides to move on.

Example:

(Dependency name). Reason for fork: Forked because we decided to expose a private attribute. Pull request upstream has been submitted at 12/2 2017 by <Name>

We make sure to always put the forks in our own organisation’s namespace on GitHub. That way we as an organisation maintain control of them.

Locked versions

There might be reasons that some dependencies have been locked to a specific version. Perhaps it involves a larger refactoring because it exposes a new API. Either way, these needs to be documented somewhere.

If your dependency file (Gemfile, package.json, Podfile) supports comments, that would be a good place. If not, you should put it in a shared wiki of some sort.

Risk assessment

Even if we do EMD on a regular basis, we can not avoid that some work are just too big to fit into one or two days. This is why we keep a separate document where we list our risks and/or technical debt that we need to deal with at some point.

Its organised in a way that lists “Risk for <X>, because <Y>, which means that <Z>. Therefore we need to <A>”

Example:

“Risk for timeouts to occur, because the data layer (SQL queries and relations) is not optimized for the size of customers we are taking on, which means that scaling to bigger accounts will be harder. Therefore we need to spend some time on optimizing these parts”

These items can then be reviewed perhaps on a bimonthly schedule where you go through them and allocate proper time and resources to the bigger maintenance projects.


This blog post was written together with my colleague Jonas Martinsson at Sparta. Shoutout to Erik Hedberg for technical proofreading.

Proper Counter Cache Migrations in Rails

A lot of people are doing a lot of heavy lifting in their database migrations when deploying. That might work well for people when their data set is ~1 000 records, but when you are working with 500 000+ records, that’s just not feasible.

There’s a lot of bad advice in terms of counter_cache and Rails so I wanted to make sure this one got some extra visibility.

http://ryan.mcgeary.org/2016/02/05/proper-counter-cache-migrations-in-rails/

Migrate to Ruby on Rails 5.x using RocketPants

At Sparta, we’ve been using a Gem called RocketPants since day 1 (roughly three years now) to easier maintain, version and develop our internal API. The Gem has since then lost a decent chunk of its community and it looks like less people are using it.

I would guess that since the Rails API Gem was merged into Ruby on Rails with the 5.0 release, the need for a Gem such as RocketPants shrunk.

Anyway, I’ve been doing some work on making the Gem support Ruby on Rails 5.0 and 5.1, and it seems like some other people were stuck on the 4.x branch of Rails because they were unable to upgrade.

RocketPants with support for Ruby on Rails 5.0 (and 5.1) : https://github.com/Sutto/rocket_pants/pull/143/files

I’ve been using it myself on Ruby on Rails 5.0 for the last year without any issues, so the whole Gem feels fairly stable.

This is not a permanent solution as the Gem has lost a big part of its community and we want to avoid getting stuck on a Gem that will not be developed any further, I will follow up in another post on how we at Sparta will migrate to another solution. Most likely we will be using the built in Rails API.

In addition, my colleague Yi got the rocketpants-rpm (provides support for making RocketPants::Base work with RPM) gem up and running for Rails 5 as well. It’s available under our Github organisation here.

 

Inspect SQL queries generated by Ruby on Rails

I’m currently working on a rewrite of XCStorm, my website dedicated to crawling the web for news about cross country skiing.

Preview of the new filter system at XCStorm

I’m using Heroku for hosting and for development I’m running SQLite and for staging/production its Postgres (I know its bad practice to mix…). Anyway, I found myself in a situation where I needed to compare SQL queries generated by the ORM.

Create a file named .irbrc and put this into it:

ActiveRecord::Base.logger = Logger.new(STDOUT)

Afterwards, start your Rails console and enter your query.

The reason I’m mixing database adapters is because at this point it doesn’t matter since the data won’t be complex and its easier for my partner to setup and interact with the database.

Riding the Rails: Amazon S3 & Flowplayer

Vi har börjat använda Amazon S3 för att lagra filmer som vi sedan ska spela upp (med hjälp av Flowplayer) i en inloggningsskyddad applikation.

För att sätta upp kopplingen mot S3 så använder vi oss av Paperclip och AWS::S3. Att få igång uppladdningen mot S3 tillsammans med Paperclip var absolut inga problem, det fungerade i princip så fort vi hade lagt in något liknande detta i vår modell:

has_attached_file :media_file,
    :storage => :s3,
    :s3_credentials => Rails.root.join('config', 's3.yml'),
    :path => ":attachment/:id/:style/:basename.:extension",
    :bucket => 'our_bucket',
    :s3_permissions => 'authenticated-read',
    :url => ":s3_protected_url"
    
  # Video Validations
  validates_attachment_presence :media_file
  validates_attachment_content_type :media_file, :content_type => ['application/x-shockwave-flash', 'application/x-shockwave-flash', 'application/flv', 'video/x-flv', 'video/H264']

(Det är authenticated-read som sätter rättigheterna på anslutningen och gör att vi kan använda oss av Paperclips expiring_url-metod.)

Problemet uppstod när vi skulle använda Flowplayer för att streama direkt ifrån S3, vi vill bara ha verifierade användare som ser våra filmer. Det blev strul med tecknen i de meckiga länkarna som S3 genererar och Flowplayer kunde inte läsa de rakt av.

Vi använde oss då av en “Alternate embedding method” aka. flashembed.js. Så här beskrivs “Flashembed and Flowplayer”:

Flowplayer is a regular Flash component just like any other Flash component. It can be placed on your page with this tool or by using HTML-based object tags or you can use our “competitor”, SWFObject.

Sedan när vi skickade den “säkra” länken från controllern till viewn så fick vi manuellt ersätta lite tecken:

@media[:flash_url] = @media.media_file.expiring_url.gsub("&", "%26").gsub("?", "%3F").gsub("=", "%3D")

För att embedda den i viewn så får du även se till att säga åt Rails att det är en säker länk (med hjälp av html_safe):