12 Factor Apps - Factor #2 - Dependencies

This is one of the areas that development teams I have been on were the weakest at. On the upside, this means that practicing this, makes me more valuable to all future teams I am a part of!

This factor tells us that our applications should not assume that dependencies will be available and installed properly. Ideally, our app will install any necessary dependencies as a part of its installation, and verify they are working. Like all of the other factors, this is not a language specific process. I found an interesting article about how to accomplish "vendoring" when programming Go. I have not programmed in Go, but I was able to follow the article quite easily.

To give you an idea of how handling Dependencies in your app properly can positively impact your group, let me tell you a few stories about how my software team was impacted by improperly prepared servers.

1 - IIS app pools were not setup properly. Our team used to depend on people to select the right app pool when installing our applications. It turns out people are fallible. This is a dependency area where we made good choices. We modified our automated installation routine to specify the correct IIS pool.

2 - Correct versions of .Net installed. At various points in history, a team I was on would have applications fail because the right version of IIS was not installed. You can guess when this happened - when new servers were built. A more healthy choice for us to make would have been to partner with our Ops group to talk about how servers are built, and verified? We could then have automated that process and reused the verification process before (and after) application installation. Our servers were pets, not cattle.

3 - Wrong cryptoversion installed. This is another one that hit us when new servers were created or when we upgraded our external crypto libraries. When I left the team, we were discussing approaches to verify our libraries were all inline with the dependencies required of our applications.

As an FYI, if you have servers that are pets, and want to change them into cattle, you are in store from some enlightening conversations with your dev team, ops team, security and maybe a few others. Do not shy away from these conversations. Lean into them. This is the information that your original application team probably knew when it was a greenfield app, and it is information you must know now if you want to make strides towards a 12 factor application.

Interesting article that discusses vendoring as a way to address dependencies in application installation: https://goenning.net/2017/02/23/packages-vendoring-in-go/