Heroku as a snap: talking security, Snapcraft & daily updates
by Sarah Dickinson on 4 October 2017
Created 10 years ago and now owned by Salesforce, Heroku is a hosted cloud platform as a service (PaaS) which makes it easy for developers to run apps and services at scale. Heroku’s focus is on the developer experience and productivity. With that in mind, we caught up with Jeff Dickey (CLI Engineer) at the recent Ubuntu Rally to find out about Heroku’s use of snaps.
How did you find out about snaps?
Evan in the advocacy team at Canonical reached out to me initially regarding snaps and explained the concept. We had been facing issues with packaging problems for years to the extent it was taking up to a quarter or even a third of our time whether it be on Windows, Linux or Mac. It seemed it would make my life a lot easier but for organisations that can’t devote an engineer to work solely on CLI, I can imagine there would be substantial benefits. The auto-updating feature is huge and one that we haven’t seen elsewhere. Due to the nature of our platform, we release updates more than daily which admittedly can be annoying for our users to constantly update. Therefore, having them done seamlessly in the background makes life for our users so much easier. We do have a homegrown tool but snaps offer us a few benefits over this such as having an edge channel and the ability to roll back is of value to our users. It’s great to see snaps as the first serious attempt to try and unify the community. We are happy to be a part of it.
How easy was it to integrate with your existing infrastructure and process?
We use circle CI which can be unclear on how to build a cross-platform node snap. Being here at the Ubuntu Rally we are looking forward to trying to solve problems and discover more about snaps and Snapcraft. For example, working with the Snapcraft team to use more node conventions. We do use Snapcraft but currently it doesn’t integrate with our testing platform so we are looking forward to discussing that as it seems a very solvable problem. The documentation is great though which helps us on our journey.
Do you currently use the snap store as a way of distributing your software?
At the moment we are using the store for publishing and it’s a great tool for that – we couldn’t ask for any more as a publisher. Security is a big topic for us and snaps are moving in the right direction here. As we are owned by such a large organisation (Salesforce), we have to take security very seriously as any company should do. Snaps help us sandbox which gives a lot of promise for delivering a secure tool.
What are your expectations on savings by using snaps instead of having to package for other distros?
In the short term, it may take a bit more time due to the current tools we are using and the integration we need to consider. However, the value of a better user experience and a unified Linux platform is definitely beneficial. If we were starting from scratch like some users will be then it would have been great as we wouldn’t have had to write all the packaging and updating code.
What release channels (edge/beta/candidate/stable) in the store are you using or plan to use, if any?
We like to have a beta channel which is a few hours ahead of stable. When we make a patch to something, the users need to get it right away. It’s important for us to push things out very quickly without a manual approval process.
sudo snap install heroku