Continuous Integration and Deployment in Grants Management
In this grants management engagement, Karsun Solutions used DevSecOps best practices, including continuous integration and deployment, to implement a common delivery process allowing agile teams to develop, deploy and deliver business features in 2-week sprints. Combining modern software development and DevSecOps principles with the proprietary GoLean® platform the Karsun Solutions DevOps Practice accelerates digital transformation for government agencies with solutions built on AWS. These highly skilled resources deliver superior solutions and architectures to customers at federal agencies.
About the Customer
The Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) Grant Management Modernization (GMM) program owns and operates the GMM Streamlined Platform for Agile Release and Transformation Acceleration (SPARTA) system. Through the development and deployment of the GMM SPARTA system, GMM seeks to streamline grants management across the agency’s 40-plus grant programs through a user-centered, business-driven approach. Grants are the principal funding mechanism FEMA uses to commit and award federal funding to eligible State, Local, Tribal, Territorial, certain private non-profits, individuals and institutions of higher learning.
Customer Challenge
FEMA manages over 40+ active grants programs that were developed independently. Enhancements and/or updates to these programs were not coordinated and FEMA was incurring high sustainment costs. FEMA Grants Management Modernization (GMM) had a business imperative to integrate 40+ active grants programs into a single grants platform that would deliver the full grant lifecycle management and establishment of common business practices and processes. A common delivery process was critical for the 12 agile teams to develop, deploy and deliver the business features in 2-week sprints.
Partner Solution
Karsun followed DHS standard Agile processes and SecDevOps and worked with FEMA stakeholders to promote a consistent delivery model that drove customer value. We use DevSecOps tools including BitBucket, Jenkins Enterprise, SonarQube Enterprise, Fortify, Nexus IQ server, and Twistlock to implement automated continuous integration and continuous deployment (CI/CD) pipelines. All DevOps tools except BitBucket are installed within OpenShift cluster as containers.
Continuous Integration and Deployment
All application source code is stored in BitBucket. We follow the GitFlow model for development and release management with three core branches Master, Develop and Hot Fix. Story branches are created from “Develop” branch and changes are pushed via pull requests to the “Develop” branch. On submission of each pull request, Sonar and Fortify scans are executed and on successful scans, the code is merged to “Develop” branch after peer review. After each merge to “Develop” branch, a docker image is created and tagged appropriately and uploaded to OpenShift internal registry. Using Imagestreams in OpenShift, additions or updates of new images are watched for and builds or deployments are automatically triggered.
Smoke test runs every hour against the development branch and if the tests are successful, the corresponding commit ids are tagged as golden and pushed to master. Each “master” branch build also goes through sonar and fortify scans, Nexus IQ scan, and twistlock image scans.
Production deployment is handled on demand once the product owners approve the changes.
Technologies Used
OpenShift 3.11
AWS Services – VPC, IAM, S3, RDS (PostgreSQL, Oracle), ELB/ALB, Lambda, Cloudwatch, Cloudtrail, Route 53, DMS, SQS, SNS, Dynamo DB, Athena, Elastic Search, Glue
DevOps tools – Bitbucket, Jenkins, SonarQube, Fortify, Twistlock/Prisma Cloud, Terraform, Nexus Suite
Test Automation – Selenium
Monitoring – NewRelic
Results and Benefits
- Consistent and rapid builds and deployments for new feature rollouts and bug fixes
- All critical, high, medium risks are remediated before production
- Implementation of 12 factor principles enables independent deployment of components
- Infrastructure as a code to fully automate the provisioning process resulting in consistent environments
- Continuous delivery to other environments
- Static and dynamic scanning for security vulnerabilities
About the Partner
Karsun Solutions provides cloud migration technical expertise and develops new products and services to solve business partners’ complex challenges. This includes a wide range of activities such as quality management and planning, enterprise data management, solution and enterprise architecture, information delivery, application development, testing and sustainment with federal agencies.