Category Archives: Conferences

[kcdc 2022] building rugged devops pipelines with github

Posted on by
Reply

Speaker: Brian Gorman @blgorman

Repo: https://github.com/blgorman/codemash-rugged-devops

For more, see the table of contents

DevOps

  • Process, not product
  • Can’t buy tool (but can buy an existing team)
  • Goal: reduce cycle time form idea to production with minimal error
  • Automated testing
  • Gates – automated and human, quality, release
  • Avoid 2am support calls. Or at least only have to push a button to recover

Shift left

  • Less cost if find bug early
  • Reusable processes
  • Push quality upstream
  • Dev machine is as far left as can go
  • Build scanning tools into process
  • Sell the vision

Prereq

  • Cloud env exists
  • Templates

Actions

  • .github/workflows – folder
  • Actions tab to see result

YAML

  • on: the triggers (ex: push, pull_request)
  • env: (ex: branch)
  • jobs: want you want to do
  • with: trigger another job

Infrastructure as Code

  • Declarative
  • Repeatable Results
  • Ensures no configuration drift
  • Azure has imperative and complete options for ARM templates – complete is destructive and dangerous. Anything added outside code deleted.
  • Tools – ARM templates (Bicep) , Terraform, Ansible, Puppet/Chef, Pulumi

Security

  • App registration so github actions get access to Azure and add credential
  • Setup github token

SonarCloud Scanner

  • Most popular
  • Not free
  • Can choose whether to require fixing of warnings

Dependabot

  • Brining in dependencies without knowing
  • Alerts on insecure package
  • Options for security updates

OWASP

  • Zap Scan
  • Baseline (lightweight) scan for pull requests
  • Full scan overnight
  • For penetration test, provide valid URL so can try to hit it
  • WhiteSource – GP Security Scan

Q&A

  • Azure DevOps pipelines easier if new team
  • Azure DevOps has better gating
  • GitHub getting better.

My take

The room was full. When I walked in, Brian was talking. I was worried he started early, but did not. He was just talking to the audience who arrived early separate from the session. It was a good intro to github actions. Also if it has been a while (more features now.) I’m glad the code was in a repo so I could read it on my screen. I’m sitting in the back (because my talk is right after this and I need to leave early) and can’t read the code from here. It’s also nice to have as a reference. I also like that he covered integrations like Sonar.

KCDC 2022 Table of Contents

Posted on by
Reply

KCDC is back and “normal” at full strength. This page is for the table of contents of blog posts.

Monday

Tuesday

Wednesday

[devnexus 2022] pattern matching for Java

Posted on by
Reply

Speaker: Neha Sardana

Twitter: @nehasardana09

Link to table of contents

———————

Records

<missed this part; I was late>

Sealed class

  • Want to control children
  • More declarative than access modifiers
  • Can make widely accessible interface without widely extensible
  • Sets stage for pattern matching.

Pattern Matching

  • Pattern matching created in 1960s
  • Helps with clean code, avoiding repetition/bugs

Instanceof

  • matches target object to type pattern
  • sets binding variable – special case of local variables, can be assigned, can shadow field declarations
  • flow scoping – places in program where variable definitely assigned

Switch expressions

  • Limitations on switch/case are accidents of history.
  • Java 17 preview allows pattern matching in case
  • Java 19 – write ”when” instead of && in case
  • Can assign result if all cases covered. (enums and sealed classes can be listed exhaustively

Future

  • Record patterns (deconstrution patterns). ex if (r instanceof Rectangle (Point ul, Point lr))
  • Can also deconstruct arrays

My take

I thought this topic woud be fully review, but I still learned something (“when”). It was great to see Neha’s first public in person presentation! Good job!