Before the actual production deployment, there are four required key release readiness states (Figure 2). These four product statuses provide confidence to the release team, consisting of the Product Owner, Operations Coordinator, Security Architect, and the Release Coordinator, that the production candidate release is ready for prime time. This team represents the sole deciders for what is, and is not, releasing to production. The decision is only influenced by product quality, compliance, and organization’s readiness to support. Each member of the release team is responsible for one of these states; this role ensures the production release preparation for the organization. During regularly scheduled release meetings, the team reviews each scheduled product release and capture the four readiness states. If all states are approved, the product release moves forward.
Release Readiness States
In this approach, only four reviewers/approvers exist for any given product release. The full authority for that release is also only born by these four roles, which greatly improves both the speed of release approval and clearly assigns the ultimate responsibility for release success.
Tool Use and Workflow Responsibilities
The Release Coordinator typically uses several tools to schedule, track, and perform deployments. The Atlassian Jira product tracks issues, product readiness activities, and verifies the release content (i.e. release notes). To actually execute the deployment of other toolings, such as the UrbanCode release suite, can be used. In all cases, it is helpful to include a series of user and administrator guides to assist in proper tool configuration.
The Release Coordinator has a specific set of responsibilities. Concerning secure software release coordination, this includes the stakeholder communication plan, prioritization of the release schedule to avoid deployment conflicts, ensuring that the necessary personnel is available on the release date, and to verify all environments are ready to accept the product candidate release.
For the release readiness review, the Release Coordinator schedules the release meeting (typically on a regular cadence with exceptions for emergency releases), reviews the product readiness states with the secure software release team and verifies the scheduled release date with the Product Owner and Operations Coordinator. Covered at this time are issues with the pending release or required pre-deployment activities. Only with formal agreement from all four members of the release team is the product candidate release ready for production.
There are several key artifacts that the Release Coordinator uses, tracks, or manages:
- Release Plan – a detailed description of the steps required for production deployment
- Release Schedule – anticipated date and time for the product release to production
- Assertions of Release Readiness – assertion of four readiness states (Security, Product, Operation, Organization)
- Resourcing Plan – all required personnel and other resources are available and reserved for the deployment
- Deployable Unit – the packaged product candidate release for deployment
The Release Coordinator persona encapsulates and describes the activities, responsibilities, authority, and restrictions of this critical product deployment role. As the “first amongst equals” on the product release team, this persona is the final authority on the readiness of a given product to release into a production environment. As is the case with all significant authority, the Release Coordinator is ultimately responsible for the success of the product production deployment.