Comment by peterwwillis
6 years ago
If you're going to run these containers in production [on more than a single host], throw out the volumes and docker compose. Mock up your dev sdlc to work like production (ex. you can't use Docker Compose to start Fargate tasks)
In fact, I'm going to make a very heretical suggestion and say, don't even start writing app code until you know exactly how your whole SDLC, deployment workflow, architecture, etc will work in production. Figure out all that crap right at the start. You'll have a lot of extra considerations you didn't think of before, like container and app security scanning, artifact repository, source of truth for deployment versions, quality gates, different pipelines for dev and prod, orchestration system, deployment strategy, release process, secrets management, backup, access control, network requirements, service accounts, monitoring, etc.
The reason to map all that out up front is to "shift left". If you do these things one at a time, you lose more time later as you slowly implement each piece, refactoring as you go. Whereas if you know everything you're going to have to do, you have much better estimates of work. It's like doing sprint grooming but much farther ahead. Figure out potential problems sooner and it saves your butt down the road. (You can still change everything as you go, but your estimates will be wayyyy closer to reality, and you'll need less rework)
A weird comparison would be trying to build wooden furniture without planning out how you were gonna build it. You can get it done, but you have no idea if it'll take a weekend or two months. Plan it out and you can get more done in one shot, and the quality even improves. This is also the principle behind mise en place.
I don't think you're worrying about the right things here if you're about to start writing app code. Infrastructure can be changed easily - poorly architected code cannot.
What I'm talking about isn't infrastructure, it's the entire system architecture and workflow. Code architecture is a part of that. If you design your code architecture, and then look at system architecture, your code architecture may have to change. I'm suggesting to do them at the same time.
Say you did your code architecture, and you've been writing code for 3 months. The security architect comes by and takes a look at your work, and announces that your design is inherently flawed; you need to fix some token-passing thing that's tied deeply into your app to support some system they have to audit company apps. You end up doing rework for a sprint or 2 to fix it. This in particular may not apply to you, but there are hundreds of examples like this.
This.
And even if you are planning to write desktop only software or an app for mobile, think in advance how do you want to package and release it, sign the code, provide help, branding customisation, etc.
Agile is an anti-pattern of SDLC as the lie "improve as you go" doesn't apply to release planning
I will make a heretical suggestion on the other side and say that unless you're pretty certain up front that your app will succeed, you need to get it in front of users ASAP, and if to you that means cutting corners on the SDLC and infra, so be it. If the app falls flat in the market, you'll never get a chance to amortize all that work.