Book review: DevOps Tools for Java Developers

This book is a serviceable introduction to DevOps, with solid sections on security and discussions of best practices.

Despite the widening adoption of the DevOps approach to software construction, useful books on the topic have been few and far between. Even topics such as continuous integration and continuous deployment (CI/CD) have received comparatively little long-form coverage. Rather, these topics have been conveyed primarily by podcasts, videos, and blog posts, which, for all their benefits, are not conducive to use as reference tools. This situation makes a book, such as the present volume, about the tools and methods of DevOps particularly welcome.

The subtitle of the book is “Best practices from source code to production containers.” And indeed, the book ably intertwines coverage of tools with best practices. Among the chapters on tools is coverage of source code management, primarily Git, as you would expect; containers (primarily Docker, with a passing introduction to Kubernetes); a pivot to microservices; and then a return to CI, package management, security of binaries, and deployment. There follows a chapter on workflows for mobile development and, finally, a discussion of patterns and antipatterns in CD, which consists primarily of analyses of case histories.

The presentation of the various tools consistently offers a basic explanation of the features, so you will obtain a good preliminary understanding of the technology. That is, you’ll gain enough knowledge to use the tools in a basic way and to understand how they fit in the overall DevOps toolbox—but not enough to go beyond that. The notable exception is Maven, which is discussed in considerable detail across several chapters.

I was particularly gratified to see more than 30 pages dedicated to security, which is a greatly underdiscussed topic, but security needs to be well-integrated into DevOps in this era in which serious attacks on software are common. The chapter discusses securing the software supply chain, static analysis tools (SAST) and dynamic analysis tools (DAST), and how to build a culture of security in the software development lifecycle. Few books on DevOps or CD devote much space to security, so its inclusion here is a demonstration of thoughtful consideration of the issues development organizations should address.

The chapter on mobile development is especially interesting in that it discusses in detail testing strategies for the wide variety of devices. It has a section on building a device farm both onsite and in the cloud.

The majority of the authors are Java Champions, so the technical quality of the material is unimpeachable and the suggestions regarding best practices are on point. You can rely with confidence on the many recommendations that appear throughout this volume. Note that all but one of the authors work for tools vendor JFrog; however, I noticed no particular bias toward or excess mention of the company’s products.

Much as I appreciated the good technical content, I found this book frustrating on two points: gaps in coverage and structure.

The gaps are a particularly serious problem. It’s hard to figure out how a book on DevOps with a focus on containers could have no more than a couple of pages on the cloud—and most of those pages are devoted to testing mobile devices.

Even more of an enigma is how there could be no discussion whatsoever of CI platforms: Jenkins, JetBrains TeamCity, Atlassian Bamboo, and the like are all mentioned in a single sentence. Meanwhile, cloud options such as CircleCI or GitHub’s tools and others are mentioned strictly in passing—if at all.

This is a serious gap in a book on tools and, by the way, this problem has a disturbing aspect: The book’s page on the O’Reilly website promises coverage of “CI/CD with CircleCI,” whereas CircleCI is mentioned strictly in passing but never discussed. In fact, the three passing references did not merit an entry in the book’s index. Readers relying on the promotional text will rightfully feel misled by this.

My second concern is structural. The book is written by a cohort of six authors. While only four names appear on the cover, two additional writers, Ana-Maria Mihalceanu and Sven Ruppert, contributed chapters. Books that are a collection of standalone chapters from different authors put a lot of pressure on the publishers’ editors to create consistency in style across the pages. O’Reilly, with its strong editorial tradition, does a decent job of this—although the excessively folksy tone of some chapters clashes with the more expository voice of other chapters.

But the multiauthor paradigm has another key requirement: Coverage must be coordinated carefully. This is especially true of books that aim to cover tools, because there is a constant tension between trying to be comprehensive while examining only the tools that matter. In this book, both forces collide in the coverage of build tools. The core section discusses Ant, Maven, and Gradle. A later section on builds covers only Maven and Gradle (no Ant), while another section discusses Maven nearly exclusively (with minimal Gradle). Little explanation is provided, precisely because each author writes within their own area of interest. Coordination was, in my view, insufficient.

This book is a serviceable introduction to DevOps and would give anyone who’s new to the Java ecosystem or to modern software development practices a reasonable leg up and basic orientation. Experienced developers will benefit primarily from the section on security and the discussions of best practices. However, you should be aware that real-world DevOps relies on far more resources and tools than this book covers.

More book reviews

• The Well-Grounded Java Developer, second edition
• Java Cookbook, fourth edition
• Head First Java, third edition
• Java Programming, fifth edition
• Core Java, volumes I and II, 12th edition
• Crafting Interpreters