Web Application Change Management SOP
The goal of this SOP is to ensure clear documentation and processes highlighting steps required for developing, testing, and deploying web applications on the Pantheon hosting platform.
Deployment Planning Checklist
A deployment planning and post launch checklist can be accessed here. Please make a copy for each deployment.
Change Management & Deployment Process
- Motionstrand (MOS) will align on the appropriate branch and multidev environment for development and testing.
- MOS will begin work while adhering to Client coding standards and commit code via GIT best practices.
- MOS will thoroughly test the application within the elected development environment. Localhost testing is not acceptable.
- Run database updates & clear/rebuild caches as needed to ensure latest updates are available for testing.
- MOS conducts code peer reviews to cross check work and confirm the application looks and functions to spec.
- All issues are tracked, fixed, and re-tested until they are resolved. See smartsheet template for issue tracking.
- Once MOS testing is complete the developer(s) sign off on all issues tracked and resolved.
- MOS moves code and any associated databases to the “DEV” environment for User Activity Testing (UAT) and Quality Assurance (QA) for operating system, browser, and device compatibility.*
- QA & UAT issues are tracked, fixed, and re-tested until all issues are resolved.*MOS is responsible for ensuring the application has been fully tested and ready for production.
- MOS coordinates code review and deployment timeline. Only MOS hosting administrators can deploy code to production.
- MOS will meet to review application release candidate for production.
- MOS will review code to ensure Client standards and best practices are followed.
- MOS will provide a report of any issues that require changes.
- MOS addresses any issues identified in the report.
- MOS alerts Pantheon and security vendor to initiate penetration (pen) testing.*
- Security vendor will conduct pen testing and provide an issue report.
- MOS is required to address any issues associated with the application.
- MOS communicates any platform related issues to Pantheon.
- For new properties only:
- MOS communicates domain DNS configurations to Client IS team for execution.
- MOS configures domain(s) and SSL certificate(s) within the Pantheon platform.
- MOS hosting admin initiates production environment backup.
- MOS hosting admin deploys code, database(s)†, and clear/rebuild the site caches within the production environment to ensure latest updates are published.
- MOS configures New Relic application and performance monitoring.
- MOS conducts post deployment QA and UAT to ensure the application design and functionality renders correctly within the Pantheon production environment.
- If any issues are discovered the development team notifies MOS immediately to revert updates to the prior production release. Go back to step three of this process.
- MOS signs off and informs Client and applicable Agency Partners
- MOS updates Client deployment tracking log.
* Depending on volume of changes, complexity, and timeline QA operating system and device testing and/or penetration testing may not be needed. Please consult with MOS and Client
† Database changes are always to be made on a development server for testing, and to ensure that they get migrated up to production with any future deployments. Hotfix database updates on production are not allowed. Form submissions shall be sent to CRM immediately. We will not rely on the CMS database for reviewing form submissions.
Pantheon Managed Updates
Security updates will be automatically be applied to the Dev environment on a regular basis. Motionstrand will be responsible for implementing, reviewing, approving, and deploying security updates.
- All code not approved for production must be made on Git topic branches. No unapproved code is ever to be committed to Master.
- Non-critical security updates will be made on a quarterly basis.
- Critical security updates will be made ASAP, and will be reviewed and deployed within 1 business day.