Friday, October 15, 2021

DevOps Links for 15/10/2021

New GitHub Releases Public Beta

GitHub releases allows repository maintainers to release versions of their software. It accompanies notes, version of the software, contributors, etc. When I see releases page of some OSS projects, I feel like so many smart people contributed to this release and how much effort goes into writing these. This new version of GitHub Releases will help maintainers with auto-generated release notes, new UI refresh, using GitHub Actions using APIs you can integrate this feature and more. Go check out the preview. You will have to turn on this feature.

GitHub Advisory Database now powers npm audit


As a web developer, you would have come across npm. It is the package manager for your web projects. npm is command line tool which you can use to install, search, remove packages from your projects. npm audit allows you to scan project's dependencies for security vulnerabilities. GitHub Advisory Database stores all the security vulnerabilities and it is maintained by GitHub. With this new update npm audit feature will utilize GitHub Advisory database behind the scenes. Dependabot also uses this database. 



Reuse your workflows across multiple projects using composite actions


In GitHub Actions, you execute different actions to build/release/test your project. When you are working projects that use the same steps over and over again, you may want to build something that is reusable across multiple projects. Just like we extract repeatable code into its own function so it can be reused in multiple places. Composite actions accomplish exactly this but for actions. This post explains how you can create a composite action in one master repository and then use that composite action in multiple projects. It is cool. 


As part of your DevSecOps practices, you want to scan your code assets for known vulnerabilities. That includes your code, internal as well as external dependencies such as libraries, packages, and container images. In this post, I learned of so many things. tfsec is tool to do static analysis of your terraform code (post).  Trivy is tool you can use to scan vulnerabilities in your docker container. Another great post. You can check out the repository for more information.

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps

Thursday, September 30, 2021

DevOps Links for 30/9/2021

GitHub CLI

Do you know that you can work with GitHub through the command line? But isn't it already the case when I do git commit? No that is Git CLI. GitHub - the website where you host repos and collaborate with developers to create pull requests and issues, also has a CLI. This post explains on how to get started with GitHub CLI. You can download the CLI from cli.github.com.

 Using scope with ARM templates to deploy across subscriptions.

Do you know ARM templates? Well ARM templates allow you to deploy your Azure resources using a JSON template. You can define resources using JSON and build templates that can be reused. This post explains how you can use scope with ARM templates to deploy resources across subscriptions. Normally when you learn about ARM, you deploy a template into a resource group. Well what if you want to deploy something across subscriptions? That's when you use scope. Go check out the article in more detail.

GitHub Codespaces

My first encounter with GitHub Codespaces was when I delivered a Microsoft Cloud Immersion workshop. Getting started with Codespaces was a breeze. Onboarding developers is fun and fast. Just point them to the repo and off they go. Codespaces are like a dev vm with everything setup for you to get developing.

DevOps Periodic Table

Lots of tools in the DevOps space and this one is a creative way to visualize them.

Getting started with Bicep

Bicep is the new language that you can use to deploy your resources into Azure. It has a CLI and during the deployment stage, the Bicep CLI converts the bicep file into an ARM template. It makes writing IAAC code little bit easier. 

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps

Thursday, September 23, 2021

DevOps Links for 23/9/2021

DevOps Exercises

Everything that you can imagine related to DevOps can be found in this GitHub Repository. Most comprehensive list of DevOps exercises, questions and answers on DevOps. Enjoy.


State of the DevOps Report 2021


I created a twitter thread if you want to read more. Vast majority of the organizations are stuck in the middle of their DevOps journey. They haven't been able to bridge the gap between their organizational silos and achieve meaningful organizational change.


Mix of blockers for low-evolution DevOps teams include resistance to change, legacy architecture, shortage of skills, limited or lack of automation, and unclear goals or objectives.


Teams that are good at DevOps have strong identities, clear responsibilities with a high degree of autonomy over their own function and have well-defined interaction paradigms and communication channels with other teams. I think this is true of any high performing team.


High performing teams use Automation and Cloud to their advantage better than others.


Introduction to DevOps Dojo.


My favorite piece of information in the above Dojo article is the quote from Satya Nadella. 


"I want our best engineers to work on our engineering systems, so that we can later on come back and build all the new concepts we want." - Satya Nadella


As an engineer, when you recommend making improvements to your internal systems, then very few managers understand the importance of prioritizing that work. These improvements are either brushed off as - not enough time, not billable work, it doesn’t add any value, and it is not a high priority.  


GitHub Actions Tip: Create ACTIONS_STEP_DEBUG secret and set it to true to view debug logs when your action runs.


Ever wonder what's installed on your GitHub Action Runner?


GitHub Actions Runner is a virtual machine that runs your different actions in the pipeline. These actions typically depend upon some software to be installed on this machine. Out of the box it comes with a long list of pre-installed software. It has CLIs for major cloud providers, package managers, build tools, and more. When your GitHub Action executes, in the log you can find a link that points to a GitHub page that lists all the software that is installed on that particular VM. For a sample, you can check the Ubuntu 20.04.3 LTS list here.


Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps. 

Thursday, September 16, 2021

DevOps Links for 16/9/2021

Many people don't know the difference between Git and GitHub and it is a constant source of confusion for first timers. This post is a simple getting started post on Git and GitHub. 

 How to get started with GitHub and Git

SQL Injection is still there in the top 10 OWASP list. Broken Access Control is at the top of OWASP 2021 list which you can find below. 

Here is the OWASP Top 10 for 2021


A different take on branching strategy. In my opinion, you need a high degree of trust and keep changes small and adopt a strategy that works for your team.

Branching Strategy - Ship / Show / Ask


All the Azure DevOps features visualized using Mind Map.

Azure DevOps In a Nutshell Mind Map


I am trying to find interesting questions on GitHub Actions on Stackoverflow. This is one of the highly voted questions on GitHub Actions.

How to get current branch within GitHub actions


This post lists four key metrics - Deployment Frequency, Lead Time for Changes, Change Failure Rate, Time to Restore Service, that you need to track to measure your DevOps performance in your organization.

Use Four Keys metrics like change failure rate to measure your DevOps performance | Google Cloud Blog


Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps. 


Thursday, September 9, 2021

DevOps Links for 9/9/2021

If you are learning GitHub Actions, then this is a good place to start.

Introduction to GitHub Actions 


Currently, I am deploying different kinds of .NET application to Azure using GitHub Actions. You can find more information on how to deploy to Azure App Service below. 

An interesting post on GitHub Actions Limitations and Gotchas. The workflow_dispatch feature needs major improvements. If you don't know what that is, then you will keep guessing what this feature is and how to discover it. This feature is to manually trigger the GitHub Actions.

GitHub Actions Limitations and Gotchas 

Tip: You can follow me on twitter to get instant updates whenever I tweet about DevOps.