What does it mean to be in "production"? What makes code "production ready"? If you are learning something new, how do you know when you are "ready" to work in production with the thing you have been learning?
- Environments
- A specific place that code is running
- An environment might have specific configuration for said environment
- Types of environments you might come across:
- Development (Local)
- Playground / Experimental
- Test
- Automated Testing
- User Acceptance Testing / QA
- Staging
- Production
- What does it mean to be in "production"?
- We have actual users - using the application
- Feedback we get from users is valuable
- "Client" has signed off on what has been built
- What makes code "production ready"?
- Secure
- Backend is locked down in an appropriate way
- End users can't see or do things they are not allowed to
- Credentials and Secrets are managed
- Controls around access
- Things are not hard coded in the app
- Compatibility
- Has been tested cross browser and cross platform...
- Accessible
- People of all backgrounds and experiences can use the app effectively
- A mistake could cost the business real money...
- Tested
- Automation testing
- Manual testing
- Only required code is shipped
- Optimized / minified
- Logs are removed in user facing code
- No unused dependencies
- Tools / services for telemetry are included
- Google Analytics or similar to track user behavior
- The app is as fast as possible
- Deployed to edge / CDN (as close as possible to end users)
- Minified / optimized - the front-end code that is downloaded by the user is as small as possible
- Attention to code quality
- There is a process around getting new code / features into production
- Code Reviews
- Coding Standards
- CI / CD
- Documentation
- Code is documented
- Processes are documented
- There is a process around getting new code / features into production
- Redundancy and Scalability
- Can scale
- Tests for scaling with stress / load tests
- Can scale
- Disaster Recovery Plan
- Data Backup and Recovery
- Legal Agreements
- Licensing and Credits
- Open source software licenses
- Licenses for proprietary software
- Dependencies and Libraries are audited
- No security vulnerabilities
- Contributors are active
- Regularly maintained
- Compliance / Government Regulations
- GDPR - European data privacy
- DSGVO - Germany (stricter GDPR)
- PIPA - Canadian data privacy
- PIPEDA - Canadian - Personal Information Protection and Electronic Documents Act
- CCPA - California (USA) data privacy
- COPPA - Children's Online Privacy Protection (USA)
- HIPPA - Healthcare privacy (USA)
- Secure
- If you are learning something new, how do you know when you are "ready" to work in production with the thing you have been learning?
- Is the project well documented?
- Is the community around the package active?
- Do they answer questions quickly?
- Are issues on github quickly resolved?
- Dependencies and Libraries are audited
- No security vulnerabilities
- Contributors are active
- Regularly maintained
- How to audit:
- license
- Make sure the open source license aligns with what you're trying to do
- Github
- Look at github issues and PRs
- Github stars - indicate interest and popularity, not usage
- npm
- How many weekly downloads?
- Take this number with a grain of salt
- Automated systems get counted here...
- Take this number with a grain of salt
-
- This number is only packages published to npm...
- How many weekly downloads?
- license