We use this at my place, though in bash, and we call it executable documentation.
Stuff like:
NAME="$1"
# Create directory for the code
mkdir "$NAME"
# Checkout the source
cd $NAME && git something
# and so on
Sometimes with an
echo "You need to read and understand this before just using it"; exit 1 thrown in somewhere for good measure.
These files will have no logic, and make very little use of variables. They will also have a .txt filename to ensure that people understand, that first of all, this is a set of instructions for how to do something, which just so happens to be a valid bash script.
We embed similar explanatory docs in Markdown. A short example for dig from our troubleshooting guide:
# General form
dig @<resolver> <record>
dig @1.1.1.1 www.example.com
# Omit the resolver to use the system's configured resolvers
dig www.example.com
# Don't need the full output?
dig +short www.example.com
This sounds like basically what I use READMEs or supplementary Markdown documentation files for, just in a bash code block in a Markdown file rather than in a bash file.
That's true. I guess I tend to just use those as examples/documentation at the start, and then when I want to automate the process, I do it more in an all-at-once way (with a Python project or something) rather than incremental additions to a bash script. Do-nothing scripting does definitely sound like a technique I should try out. I'm not a huge fan of bash for stuff beyond a list of short commands/steps, though.
This idea is great. You could even argue that these scripts actually do something: they allow storing and updating the state of a process. By having these scripts run in a shell rather than in your head, the current state is stored in a machine, not in an unreliable human brain.
That looks to be a big advantage of scripts like this, they allow the gradual automation of processes.
I realized that I've written scripts that are "executable checklists", but didn't see it as a design pattern until reading this article. Typically such a script starts out as fully manual (do this, do that next, copy here, paste there..) then I replace steps as actual code, where I can, while some steps remain manual if needed.
Great use of such checklist scripts is on-boarding collaborators or new team members in a project.
Also, as grandparent comment pointed out, they reduce cognitive load by keeping the state of a process outside the head.
this seems like the real magic here. The author states at the start, automating all of the steps of something can be daunting. But this script can incrementally become a do everything script.
I have a script in our automation setup called "be-the-change" which takes either markdown or a wiki url as a parameter. It will output the markdown or wiki content, wait for the user to confirm they've completed the steps and then print:
Doing manual steps sucks, wouldn't it be great if this was automated for the next person? Be the change you want to see in the world.
I love things like this. Mindbendingly simple ideas that rely purely on overturning preconceived notions about what things are "worth" a certain amount of effort. There's a tautological, cart-before-horse paradox in many cases.
I'd go farther... you can have steps that literally "do nothing". They can be comments, or simple echo statements. They're placeholders to remember to write the code for that step later. This is particularly important when you need to deal with integration that isn't necessarily easy - handling auth credential safely, making sure it works in your pipeline, etc.
But all this gets back to something I used to say a lot, and the more refined version I say now. I used to say "Have humans do what humans do well; have computers do what computers do well". The key part of that was the idea that computers can't do what humans do. Now, I say "Anything a computer can do well, a human cannot do well". Which includes those pesky twenty step manual processes.
my hot take is that it differs is that you plan to never automate some of the steps, if they're steps for a human to do. As part of onboarding, you might send out an email introducing this new human. The "description" field of this new human should be written by a person, not scraped from their linkedin or google, and summarized to less than 100 words by a computer.
In a truly minimal system, there isn't even a prompt. A code comment is about as minimal as I know how to get. That's just a placeholder to remember to automate a step.
When automating a complex manual process, the first thing I do is write comments describing the sequence, and any parameters needed. Parameters in particular can be enlightening, because when manual processes grow organically, naming consistency becomes a source of suffering - humans can just sort of figure out the right thing to type, computers can't intuit these things and they must be made explicit. It's worse when it can't be explicit without updating the process or creating some sort of data store for mapping.
This is why naming things is one of the two hard problems in computer science.
Printing means you can run the script as-is, and any bits which aren't done automatically are prompted for. Just putting comments describing the steps would be like writing a README except in a more esoteric format and would defeat the primary benefit of the approach outlined in TFA.
It kind of boggles me that a real analysis of the problems with naming conventions in manual process got massively downvoted. But no one ever got rich counting on the analytical sophistication of HN.
I'm not saying the original approach is bad. I'm saying it's not the simplest thing that can possibly work. I'm talking about how to move to automation, not how to reduce errors on the manual process. Both are needed.
I get it, but this script looks a lot like a checklist to me. Seems like a checklist is a good place to start, no?
If you want more "interest" during the process, make it a point to refine the documentation for your process (clarify a step here, split one command into two steps). Then you have a very clear spec by the time the process needs to be automated.
I think the value of using a script as your checklist is that the script can handle some of the book-keeping for you, including making it harder to lose track of where you are.
Each part of a script can be replaced with actual code over time without committing to trying to automate the entire thing. I think it’s a pretty nifty idea that helps avoid putting the whole thing off for later.
We do a similar thing for tests that are hard to automate. Instead of having the test protocol in a document it’s in a script that prompts the user to do things. The observations are then recorded and stored.
They are do-nothing scripts but it isn't equivalent to say that the scripts do nothing. That is a very important distinction to me.
These scripts organize tasks into flows in a way that makes it possible to split work by logical checkpoints. The tasks between these checkpoints are dependent on one another in the overall flow, but have independent implementations that can be delegated to software or done by humans.
It seems to me that all you want is to document a manual process. Having them documented in dump scripts is no different than having them documented as a guide in your knowledge base .e.g in Confluence or as product requirements.
I can see the usage in an isolated team of a few people that will write these scripts for their own benefit.
I am opposed in general with having scarce information around. Better have everything a single place, whether that's a guide on how to provision a user or is how to add a new endpoint to your API or write a new end to end test.
Having them documented in dump scripts is no different than having them documented as a guide in your knowledge base
It’s very different, in at least two ways:
- If your checklist is on a wiki, people may stop referring to the checklist once they’re familiar with the process. That’s bad if there are important changes. But if the process is “run this script and do what it says”, I think people are much more likely to keep doing that.
- When you start automating steps, people using the checklist pick up that automation for free. With a checklist on a wiki, any new automation means the user has to do something differently (eg maybe step 10 is “run this script” instead of “log on to the dev console and disable write access”)
There is one advantage of this script over an equivalent document: it provides the instructions in the same context that it's being used (the command shell).
Unless we have script shells that can universally launch a web document side-by-side from the shell prompt where it needs to be used, having it being displayed from the shell itself step by step will reduce the mental load required to follow the instructions. Also, the benefit of having an already semi-automated process in order to build a script in the future is not negligible.
In addition to the sibling commenters point about providing instructions in context, this approach has another much bigger advantage (mentioned in the article): it informs you of where you are in the process so you don't miss steps.
Keeping track of which step you are on while following a long doc is no easy task when some steps needs to be left unattended (and produce scrolling terminal output making viewing the last-run command harder).
Furthermore, some tasks are nonlinear in complexity. Documenting those properly would quickly lead to a "choose your own adventure" type scenario.
Most documentation software (i.e. Wikis) do a poor job of encapsulating this. The "do-nothing" scripts might be easier to maintain, but it forces you to use plaintext.
I find structure-free knowledge bases like Confluence becoming outdated quickly, lacking forking/merging (other customer has sligtly modified process), lacking enforced peer review (pull requests) or prone to company structural changes (NIH, "let's create new page in our space").
You can keep these scripts versioned in a repository next to the actual product code, with all benefits like forking, merging and pull-request reviews.
An additional benefit of this approach is that your checklists now get code reviews, git hooks, history, etc. for free.
I mention this because I worked at a company where checklists were typically simply added to a wiki and required separate processes for things like peer review.
This is a really great idea, and appealing in its simplicity -- I think we might try to implement this in my company for some of our tasks which are really very manual, but for which automation is a daunting task.
Suggested upgrade: Have such scripts ask for a unique name/"instance identifier" when run so they can log to simple text files in a well-known directory and potentially pick up where they left off. For when you invariably use these for long-running tasks and have 7 of them in-flight, and your power goes out or Windows forces a reboot.
That's actually a runbook. But it's a pretty good idea to make your runbook into code! This is a nice, gradual way to begin automating. You automate one step at a time, easiest tasks first, until eventually all of it is automated. The more your steps are reusable, the easier it is to automate other tasks.
An example is approving new users to access a service. Say your list of users is a YAML file. Someone edits the file, fires off a PR, waits for someone to approve it, merges it, and applies the config. You might think it's so easy to do by hand, automating it would be a waste. But if you actually add up the time it takes for humans to do those steps, plus the lead-time from creation to completion, plus the occasional typo, wrong username, or Norway bug, it can take from hours to days to actually complete the task. By automating steps one at a time, you gradually move toward the entire process being a single script that takes a username, and completes the task in about 30 seconds. This is a small win, but added up over all your operations, reduces hundreds of hours of toil and reduces human error. If every engineer automates one step of one runbook per week, over a year you'll have hundreds of reusable automation steps.
To the OP, I'd add the following: 1) use the least-complex way to accomplish the task. If you don't need to write Python, don't. Bourne shell is your friend. Re-use existing tools and automated features. 2) Add documentation to the code that can be auto-generated, so you can use the script as long-lived static documentation. Documenting somewhere else will lead to stale docs. 3) Run all your runbooks from a Docker container. 4) Plan to run these runbooks-in-containers from a CI/CD system using paramaterized builds. 5) Organize your reusable automation steps by technology, but have product-specific runbooks that call the automated features. 6) In a big org, a monorepo of automation features is an efficient way to expose automated features to other teams and ramp up on shared automation quicker.
I can't help looking at this and working out how to build a tool that can generate a Do Nothing script straight from your histfile, making the business of archiving the commands you just executed as easy as possible too...
If you're about to do a sequence of commands into a terminal, you can create a transcript with the 'script $filename' command ('script' command is in the util-linux package', according to the man page), and it will capture input/output into the transcript. This would probably make this task easier, since you could see the output data, and how the output data is transformed into arguments into the next command ...
Reminds me of the time I decided to try kanban to start moving forward on tasks I procrastinate on or have trouble starting.
Of course, to make sure it was efficient enough to be helpful it had to be a configurable terminal app I could quickly update and review via cli and abundant io flags/options.
It also made sense to write it in Scheme because I had been thinking I wanted to try Lisp earlier that day.
Fast-forward three weeks and I find myself hopelessly trying to refactor this strangely ugly-beautiful ascii-art themed effort tracker run by an abomination of labrynthine "functional" source and realize (maybe just finally admit to myself) it was all an excuse to avoid all that shit I'd convinced myself I was going to acheive by kanbanning in the first place.
I did something very similar just recently. I have a calendar event to backup all personal data every 3 months, based on a checklist. I'd always wanted to automate it but every time I tried, it just seemed such a daunting task that I never ended up doing it.
Last time, I figured I'd start going at it gradually. So what I did was I turned the checklist into a bash script, telling me what to do at each step. I also implemented the ones that are easy to automate. The plan is to knock out two or three items each time I do the backup, until it's fully automated.
That's not “do-nothing” scripting, it's orchestration scripting for a process where the steps are executed by a human.
It's basically the minimal version of a standalone workflow automation; it's got crappy state storage and is really only good for a single human execution unit per script (or perhaps multiple swapped sequentially rather than in parallel), but it's an instance of a fairly well-known class of do-something software.
Nice idea! I'm actually in the process of automating a task bit by bit. Unfortunately it's with the intention of moving it into a CI pipeline, so the "success" there is rather binary, but I will most definitely adopt this process in future.
In situations where using full-blown configuration management has too much overhead I often do something like this by just copying the commands I run into a script to begin with.
It allows me to easily generalize a sequence of actions into a do-nothing template and doubles as documentation.
I'm very much against documenting concrete steps in a wiki if it is something that can be scripted. Such documentation becomes something that you must maintain, and faulty documentation is worse than no documentation.
I think that wiki documentation should be used to summarize workflows and provide context, but if you're writing step-by-step instructions, often you can just write a script with exactly the same amount of effort.
This is a good idea. I recently wrote down some ideas about "How to Grow a Program," in a symbolic programming environment: https://github.com/theronic/hoist/
I call it Hoist - from "hoisting up" concrete, hard-coded values into abstract symbols for reuse. It's complete vaporware at this point, just a place to collect my thoughts for a future essay.
See also: In TDD, there are defined steps you go through as you gradually refine your code to actually do more and more things; from returning nothing, to returning one value, to returning a list, etc.
Great idea! From personal experience I can say that there are some things ops teams never get around to automate, either because there is always something more important to do, or because it would be too expensive to have a developer spend time automating them. This is a simple, quick solution that solves the problem of accidentally skipping a subtask, thus screwing something up and feeling stupid for doing so.
I stumbled into doing roughly the same in my macOS system bootstrap script. I found it from the other side, though--usually only after failing to find a good way to automate a step, or realizing automation would be vastly more complex/fragile than just prompting myself to do something manually at the right time.
Probably a more useful concept when it's conscious from the getgo. :)
if you are working at a small shop or startup - then whatever makes you happy, even these classes are OK.
if you are working at enterprise - then these processes gotta be implemented according to ITIL in a specialized IT Service Management system - like ServiceNow, which allows building process flows like directed acyclical graphs and automation of necessary steps
The difference is that it's a more gradual entry to automate the task.
One could, for example, replace any item with a script/program invocation, while leaving the others untouched. It's an intelligent, piecemeal step towards automation.
I would also add that in really critical tasks, one could automate _either_ the item, or it's verification. Sometimes it's easier to check that something is correct than to do it-- or vice-versa.
However, I don't think it's a good idea. Checklists are not bad, but they are to be executed by humans.
I think trying to automate an existing human process directly is a mistake. Human processes often have features that only humans can do, such as pattern recognition or adapting to small difference. It's often easier to create a computerized (automated) process from scratch than to try to account for all the edge cases that humans might have to deal with (and do without problems).
(The opposite is also true, processes that computers have no issues with can make trouble for humans. For example, humans have imperfect memory. So if the process asks humans to keep track something for extended periods, it can be difficult.)
>Checklists are not bad, but they are to be executed by humans.
I disagree. People employ checklists precisely in the situations where it is most critical that every step be executed, in order, as written. The airline industry flies on checklists.
>I think trying to automate an existing human process directly is a mistake. Human processes often have features that only humans can do, such as pattern recognition or adapting to small difference. It's often easier to create a computerized (automated) process from scratch than to try to account for all the edge cases that humans might have to deal with (and do without problems).
Now, you're letting perfect prevent you from ever attempting the good. TFA is explicitly about building a checklist that can morph the automatable steps into automated ones.
> People employ checklists precisely in the situations where it is most critical that every step be executed
I am not arguing against checklists per se. At work, I work on (a rather old) software product which also largely runs on checklists. (Various installation and maintenance procedures are described by a checklist.)
> Now, you're letting perfect prevent you from ever attempting the good.
No. I just, based on my experience with checklists, argue that they are often poor starting point. Often they rely on abilities of humans to execute them properly.
For example, the checklist might read "edit this text file and add this and this line after line that is like this". This is difficult to automate correctly - the proper way might be perhaps to generate or keep a correct copy of the text file so automation can pick it up.
Humans are good at adapting checklists for the purpose at hand, computers aren't. That makes (human-oriented) checklists somewhat difficult to automate.
1. We have a tedious manual checklist
2. We’d like it to be fully automated
3. How do we get there from here??
You’re correct to say that if the process had been fully automated from the start it may well have been implemented very differently. But those scripts are hard to write, and basically useless until they’re complete.
Often the only practical way to do this stuff is incremental refinement, where each small step adds a little bit of value.
The trick is figuring out where to begin. I think the suggestion in this post is a wonderful way to get over that first hurdle.
You can do automation incrementally, but it's quite a different mindset to automate computer than to write a checklist for humans.
If you try to emulate a person with a checklist, then you will often find it is actually harder to automate, because the steps often rely on human adaptability and common sense.
What other approach do you suggest, then, in the extremely common scenario where you have an existing, tedious yet reliable multi-step manual process, and you’d like to automate it?
I think you just have to look at the process and consider why is it being tedious. Is there anything specific humans do? Often there are many small decisions hidden in the checklist.
The second thing I would do would be to make sure that the automation happens in a "clean" environment, or at least, there is a clear boundary. Humans can adapt to changing conditions and have no issues to adapt the checklists where circumstances are a bit different.
IMHO the key part to creating automation is to make sure you operate in environment that you can fully control. You can avoid a lot of trouble with emulating the decisions that humans need to take if you just create environment where the machine doesn't have to make the decisions.
> IMHO the key part to creating automation is to make sure you operate in environment that you can fully control.
This pretty much is the opposite of an employee onboarding environment. Much of the discussion here is about automating things via scripts. A typical large enterprise uses a bunch of HR and related systems that are fairly resistant to automation. If you can automate, it may be a massive saga involving cooperation from the vendor of some arcane software.
e.g there is no concept of a "clean environment" when you are interacting with a benefits system, a payroll system build last century, a manual procedure where Barry downstairs has to cut you an access card, etc. etc.
You can aspire to automate these steps but they are 100 x as hard as running bash scripts on a box. And onboarding new employees does not typically happen often enough to justify the effort.
The best way is probably a bootstrap script ie. ps1 or sh which supplies the platform-specific parameters, and can pip install any script dependencies. So, 3-file solution.
Additonally, this can be generalised to a CI platform as python can subprocess-run anything there's not a native lib for.
Lastly, you could do autodoc via the script for a complete solution.
The only interpretation of that I'm coming up with is that each step of the process would be kicked off in Slack.
Wouldn't that mean people could easily stomp on each other's toes? Wouldn't there also be tons of needless noise as each of us does our workflows?
I use Slack daily, but we don't have any automation hooked up in it. I realize some teams drive deploys, alerts, and other stuff through it. That makes sense to me - this does not.
Combined with the concept of literate programming this would also help capture the "why"s of the slog, resulting in inline documentation. Jupyter and org-mode for the win!
Running such a checklist in Jupyter seems like a very good approach.
The big advantage is someone else can pick up from where you started.
And reporting is built in as you can save the notebook and review it later.
The only thing it lacks is control flow. A good operations script has exit points: if an operation fails, you often want to rollback and abort. Though even there, you can save state in a variable and have a check.
I know this isn’t the point of the article but the code shown there is the archetypal case where writing classes is an anti-pattern, as argued in “Stop Writing Classes” [1]. All the classes in that code can — should! — be functions. There’s no downside, and it’s less code (and otherwise identical).
all joking aside, the reason he's doing classes seems to be an intention towards making a FooStep (and/or a BarStep) which could then maybe handle generic Foo stuff (authentication comes to mind) in the future?
Well... that is certainly correct in 99.99% of cases. But does it really apply when you write a "Do Nothing Script"(!) with the intention of automating the steps later? If you follow the "rules" to the end you just end up deleting the file after writing it, because it has no effect.
Only if your intention encompasses as much detail as you're leaving out in advance. It's baggage and comes with nigh certainty of wasting your willpower.
The problem is you get more information in the future, but all this boilerplate is has been written before that information so the first instinct / seemingly least-resistance thing to do is to fit the new information into the old boilerplate / hierarchy.
Lots of people have OO scar tissue from getting weird impedance mismatches on newish OO systems designed this way.
> Do not put code in your program that might be used. Do not leave hooks on which you can hang extensions. The things you might want to do are infinite; that means that each has 0 probability of realization. If you need an extension later, you can code it later and probably do a better job than if you did it now. And if someone else adds the extension, will he notice the hooks you left? Will you document this aspect of your program?
My face fell when I saw the code. I will actually henceforth use this as an example of this anti-pattern.
Whether or not the author was a Java programmer shouldn't matter - I think one should try to writing idiomatic code in any language, unless there are reasonable reasons against it.
I dunno. it could be argued that in the "do nothing" form of the script it's silly. HOWEVER some of those steps could eventually require the encapsulation of lots of behavior and information. So, `CreateSSHKeypairStep` Could become a full-on class with lots of small methods in it that eventually get wrapped up in a `.call` method. It seems better to start with code that's prepped for the eventuality you know is coming. Setting yourself up for a good long term codebase.
The point of writing this script is to follow up by replacing each function's implementation with code that automates the step. Using a data-driven design here ossifies the code and makes it harder to migrate the automated version.
Is anyone else bothered by how they were handling ssh keys in the example?
The whole point of public keys is that the private key never has to leave the box it’s generated on. Once you go sharing them you might as well just use a random passphrase.
Because Jenkins has its own ssh client, that wasn't supported as of last year with elliptic curve based keys and I had to re-launch a bunch of servers in production to downgrade back to RSA or DSA keys because they were basically the only key types that Jenkins supported. Really not sure why Jenkins had to go this far to re-invent a cryptographic wheel (besides the usual "support both Windows and Linux" angle).
Yeah, at our company things are done in the reverse of that script: the user generates their SSH keys, and there's a process they use to register the public key with the rest of the system.
Gitlab also has a keys URL, but I can’t say if it’s available for unauthorized clients from the top of my head (currently on mobile). For me it’s usually the fastest way to authorize other team members.
NAME="$1"
# Create directory for the code
mkdir "$NAME"
# Checkout the source
cd $NAME && git something
# and so on
Sometimes with an echo "You need to read and understand this before just using it"; exit 1 thrown in somewhere for good measure.
These files will have no logic, and make very little use of variables. They will also have a .txt filename to ensure that people understand, that first of all, this is a set of instructions for how to do something, which just so happens to be a valid bash script.