External libraries and deployment
A couple of days ago I had an interesting deployment experience that made me think about controversies of the library version management strategies.
For instance, you can specify the version number for any libraries you use in the code and then let the build server fetch them during the build process. Sounds straightforward. Provided that the libraries will always be available and would not disappear into the void like in the infamous node disaster that broke the Internet, that should do the trick.
An alternative, although this is not always recommended, is to include dependent libraries to your repository. In this way you will always have a copy and would not have to wait for a package installation. The downside is the project size and some legal issues that might be involved. The latter, however, is rare.
The most controversial approach, in my opinion, is fetching the latest library during the build, regardless of the dependency version specified. On the one hand, this would allow you to always have the "latest and greatest" and lower the overhead related to version fragmentation in your team. On the other hand, there is always a chance of breaking changes being introduced and that would not be pretty to say the least. Also, imaging a rare situation when version update happens after staging deployment and before production. The level of enjoyment in this case would be over 9000 indeed. One needs to be very unlucky to get that one.
Now the question is, which strategy should you choose? In my opinion, there is no right answer. For me, the decision is based on the type of the project you are working with. Trying to include npm dependencies is obviously ridiculous, so I would not even bother. In such projects I would simply allow minor versions to be automatically updated and made sure that the serious upgrades would only come to the system after they are tested properly. For dotnet ones I think it is not a crime of the century to actually add them in, provided that your repository size would not create a black hole and distort the space-time continuum. But as always, the actual decision is on the mercy of the reader.
For instance, you can specify the version number for any libraries you use in the code and then let the build server fetch them during the build process. Sounds straightforward. Provided that the libraries will always be available and would not disappear into the void like in the infamous node disaster that broke the Internet, that should do the trick.
An alternative, although this is not always recommended, is to include dependent libraries to your repository. In this way you will always have a copy and would not have to wait for a package installation. The downside is the project size and some legal issues that might be involved. The latter, however, is rare.
The most controversial approach, in my opinion, is fetching the latest library during the build, regardless of the dependency version specified. On the one hand, this would allow you to always have the "latest and greatest" and lower the overhead related to version fragmentation in your team. On the other hand, there is always a chance of breaking changes being introduced and that would not be pretty to say the least. Also, imaging a rare situation when version update happens after staging deployment and before production. The level of enjoyment in this case would be over 9000 indeed. One needs to be very unlucky to get that one.
Now the question is, which strategy should you choose? In my opinion, there is no right answer. For me, the decision is based on the type of the project you are working with. Trying to include npm dependencies is obviously ridiculous, so I would not even bother. In such projects I would simply allow minor versions to be automatically updated and made sure that the serious upgrades would only come to the system after they are tested properly. For dotnet ones I think it is not a crime of the century to actually add them in, provided that your repository size would not create a black hole and distort the space-time continuum. But as always, the actual decision is on the mercy of the reader.
Comments
Post a Comment