Earlier this week, Wired published an extended article on Monty Taylor, the guy who runs the CI and Developer Automation for the OpenStack project. One of the quotes from the article really stood out for me:
“You can’t have human enforcement of the rules. That lends itself to corruption.” — Monty Taylor, Wired Magazine
One of the main tenets of Good Component Practice is that the rules and policies of the organization need to be built into the developer tools themselves, not policed after the fact. It is extremely easy to subvert a process if enforcement is human based.
An automated process of enforcement is mandatory, not just to enforce policy, but from a management perspective. Current research shows that major applications assembled today have 80% or more of their code base as open source components. It is virtually impossible to manually track, manage and maintain a large scale application without automating.
Tracking is done at three gateways to corruption: Consumption, Integration, Deployment. Each of these gateways have different issues. But even if a component passes through the first two gateways of the process, once it has been inserted into a deployed application, how will that component be updated and maintained? How will the dependencies associated with that component be managed.
Large scale applications can contain tens of thousands of components. The only possible way to manage for scale is through automation. As Taylor says, “We can’t do this in normal human life, but we can do it in source code.”