JFrog’s Release Lifecycle Promotion vs. Build Promotion
We here at JFrog have long advocated for promoting – never rebuilding – release candidates as they advance across the stages of your SDLC. For many JFrog customers, that meant using JFrog’s “Build Promotion” capabilities.
Now you can level up your CI/CD game with promotions using Release Lifecycle Management (RLM)! In this article we’ll show you why promotions with RLM are more simple, secure, and scalable than our legacy build promotion API.
Understanding Build Promotion
Build promotion is a process that allows you to promote or advance the contents of build outputs intended for release towards a production-ready repository. Typically, promotion moves the contents of a potential release through repositories representing different stages of the SDLC. Organizations do this to control who can access contents at given stages and prevent rebuilding of releases which may inadvertently cause changes in the actual release content.
Software builds are published frequently, with some organizations rebuilding software components each time a developer commits code to a VCS. Regardless of build frequency, the goal of build promotion is to progress a build version that represents a stable release candidate through the development lifecycle towards production.
Release Lifecycle Management
JFrog’s Release Lifecycle Management delivers an approach to maturing releases that, among other benefits, ensures the immutability of the release from the build stage to production. JFrog guarantees that the same release content, including all packages associated with the release, are promoted without changes, maintaining integrity and traceability.
Additionally, JFrog’s robust Evidence Collection ensures comprehensive auditability of any process taken on a release level, enhancing software quality and security. This approach enables faster, more reliable releases while providing full control and visibility over the release process.
RLM Components
The main component of RLM is a Release Bundle, which represents the release candidate version. Actions you can perform on the Release Bundle are: Create, Promote, Distribute.
An additional significant addition to RLM is Evidence, which represents signed metadata of any testing, scanning, and approval processes performed in the scope of readying and promoting the release candidate for production.
Advantage Over Legacy Methods
JFrog’s legacy build promotion API is designed for one thing – promoting builds. Release Lifecycle management is a more comprehensive approach to managing release candidates as they mature towards production.
Strictly speaking from a promotion perspective, RLM is a superior choice over using the build promotion API, as the latter involves a lot of manual work which can be error-prone and hard to track at scale. In contrast, promotion with JFrog Release Lifecycle Management streamlines this process, ensuring consistency and reliability.
Detailed Comparison of RLM vs. Build Promotion
|
Category |
Build Promotion | RLM Promotion |
|
Integrity and Consistency |
There is sometimes a time gap between build publishing and a decision to promote it as a release candidate. During that time some artifacts may be moved or deleted accidentally. | A Release Bundle can be created as the last step of the release candidate build pipeline. Once created, it becomes tamper-proof. |
|
Multi-Technology One-Step Promotion |
Although there is an option to build a multi-technology pipeline that combines Docker images and Helm charts, there is no way to promote the Docker Image and its Helm chart using the build promotion mechanism as one step. | A Release Bundle can be created as the last step of a multi-technology release candidate build pipeline. Once created, it is promoted as a unified unit in a single step. |
|
Evidence Collection |
Although evidence can be attached to any build or artifact, there is no simple way to verify that all the evidence attached to individual packages that have been promoted using build promotion are valid. | The release bundle holds the entire context of the release, providing quick access to an evidence tree that holds every piece of evidence collected on a specific package and build object based on a single point of entry – a Release Bundle version. |
|
Visibility |
When working with build promotion, there is no end-to-end visibility of all the release candidates for a specific application. | An RLM Kanban Board provides a view of all the release candidates associated with a specific application. |
|
Control |
The maturity level of the release is indicated in the “status” parameter passed through the build promotion API. | In RLM Promotion you can preconfigure the maturity stages in alignment with the workflow you design and use that as a target when promoting the release candidate. In addition, as you implement your CI/CD pipeline you can define an entry gate to each environment and inspect all the preconditions by implementing a CI/CD policy. Example here. |
Easing the Transition to Release Lifecycle Management
To make it easy for JFrog customers using the legacy “Build Promotion” approach to transition to the comprehensive Release Lifecycle Management approach, JFrog now performs certain actions and generates several assets in the background when the legacy build promotion API is called.
Signing Key: Creating a Release Bundle requires a signing process. The platform will create a default signing key to ease the alignment with RLM promotion.
Environment Configurations: An environment will be created in alignment with the status parameter you use in the build promotion API. The target repos used in the build promotion API will be automatically assigned to the environment.
Release Bundle Promotion: Each time the build promotion API is called, in the background we create and promote the release bundle that contains the build output, ensuring easy auditing and enhanced visibility.
With all of these items in place, the next time a build job is completed, all the builds you promoted so far, will also be represented as release bundles in the platform, enabling you to smoothly start using our Release Lifecycle capabilities going forward.
Adding evidence to the release context will allow you to experience the end-to-end benefit of the transition from the build promotion process to RLM promotion.
Learn more about Release Lifecycle Management
Learn more at our live Release Lifecycle Management + Evidence Collection Masterclass. Register Now >
You can also take a tour of our platform and check out the Release Lifecycle Management tours.
If you’re interested in a deeper technical dive into Release Lifecycle Management, visit the Help Center or book a meeting with us to learn more.
Train and Learn with the Best in DevOps, DevSecOps, Al, and MLOps!
