Today I shared my story on why and how we can protect ourselves against supply chain attacks. This talk was part of the DevCon Romania 2024 conference on the DevOps track. I find it important to share with folks how to think about our supply chains in the software we deliver, from dependencies we deploy to production, to everything that touches the code before it gets into the production environment....  
View post
This year I got to share my story on how I think you can successfully scale GitHub Copilot to thousands of developers. This talk was part of the GitHub Universe 2024 conference in San Francisco, one of my favorite conferences to go to every year. The vibe of the GitHub community is always so welcoming and inspiring! Every one is very open and approachable, and you never know who you...  
View post
Need to use the Azure Inference AI SDK in Python against Azure OpenAI? Then this tip is for you! I ran into an issue converting the default examples to not run against GitHub’s Model endpoint but against an Azure OpenAI endpoint. The code example below says it all: configure your credential the correct way to get this to work. import os from azure.ai.inference import ChatCompletionsClient from azure.ai.inference.models import SystemMessage, UserMessage...  
View post
GitHub Copilot is a great tool to help you write code. The next phase is starting now by enabling you to write your own extensions for Copilot! This is a great way to extend the capabilities of Copilot to your own needs. You can for example look in your own knowledge store for information, or even call into an API to get the information you need. All from within GitHub...  
View post
Learn how I use GitHub Copilot Chat to my benefit and see the end to end flow on creating a script to call into the GitHub API. I’m showing my prompts and the results, as well where Copilot failed to help me in one go. With spening more time on my propmt up front, I managed to get a much better result that with the first attempt! Video In this...  
View post
I’ve recorded a video series on the lessons I learned to get the most out of GitHub Copilot. This series is called “Levels of Enlightenment” and can be found in this YouTube Playlist. An overview of these level of enlightenment can be seen in this image: Overview Learn about my journey using GitHub Copilot over the last year and a half. Each video in this series shows one of my...  
View post
Learn how I use GitHub Copilot to my benefit and see the end to end flow on a code refactoring example where I extract a script from a yaml pipeline (GitHub Actions) into a separate file. I’m showing my prompts and the results, as well where Copilot failed to help me in one go. With a follow up question and call, I still managed to get the result that I...  
View post
GitHub Advanced security has gotten quite a big update in public beta at the moment that helps with the rollout of Advanced Security features across your organization. It is called “Code security configurations” and it allows you to set up a default configuration for some or all repositories in your organization. Previous situation Up to now there where only three options during the rollout: Enable features for new repos only...  
View post
When you start running CodeQL scans on your Azure DevOps environment on self-hosted runners, you’ll learn that you have to do one extra step and that is install (and keep up to date!) the CodeQL bundle on your self-hosted runners. If you don’t do this, you’ll get an error like this: Following the url in the error will bring you to the docs where you might notice the following three...  
View post
It’s that time of the year again! Time to look back at the most viewed blogposts of the year. I’m always amazed at the number of views some of these posts get. I’m also amazed at the number of people that find my blogposts useful. I’m glad I can help out! Here is the overview: # Title Published Description Views 1. 2022 GitHub workflows not starting 🙀The most viewed for...  
View post
GitHub Advanced Security for Azure DevOps My newest LinkedInLearning Course is available now! This course is all about GitHub Advanced Security for Azure DevOps. It’s a great way to learn how to use the GitHub Advanced Security features in your Azure DevOps pipelines, with practical examples. There is even an example repository that you can use to follow along with the course. You can find the course on LinkedIn Learning:...  
View post
The GitHub UI displays a couple of helpful tips to use in triaging your Dependabot alerts which are super helpful. Unfortunately the User Interface does not show these filters in the filter bar yet, so I wanted to have a better overview of the filters I could use. I’ve listed them below: Only show alerts where your code is using the vulnerable calls of the dependency This is very helpful...  
View post
GitHub Advanced Security for Azure DevOps (GHAzDo) builds on top of the functionality for GitHub Advanced Security and is giving you extra security tools to embed into your developer way of working. It’s a great way to get started with security in your Azure Pipelines and Azure repos and I’ve written about it before in this blogpost. Loading the alerts from the API’s Before starting with the Advanced Security API’s...  
View post
I had the pleasure of speaking at Developer Week ‘23 in Nuremberg, Germany (link) this year. Below you can find the slides that go with my sessions that have all the links you’ve seen in the session. GitHub Actions: Beyond CI/CD With GitHub Actions you can do so much more then just CI/CD! I’ve validated the links on my blogposts, automated my issue management and provided easy configuration of my...  
View post
A common issue we see with self-hosted runners is that they can leave behind files that were created or modified by the action. This is because the action runs in a container and the container is using a root user to do its work. The GitHub documentation says to run the the runner service as root as well, to have the most compatibility with most runners. This is not a...  
View post
Every time I need to write to the GITHUB_STEP_SUMMARY in GitHub Actions from the actions/github-script action (or from Typescript), I need to search for the blogpost that announced it’s existence. So I’m writing this blogpost to make it easier for myself to find it a lot easier, including some working examples. Photo by Markus Winkler on Unsplash The code for the summaries lives in the actions/core package on npm, but...  
View post
I will be speaking at GOTO; Aarhus link this year. Below you can find the slides that go with my sessions that have all the links you’ve seen in the session. Protect your Code with GitHub Security Features Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That...  
View post
Microsoft is bringing some of the GitHub Advanced Security tools to Azure DevOps. I have been playing with it for a while and they have presented the latest state at Microsoft Build 2023, which includes a Public Preview!. That means you can try it out yourself, and I can finally share my experiences with you! Since I teach a lot people on how to use this on GitHub, you can...  
View post
I had the pleasure of speaking at VS LIVE! in Nashville link this year. Below you can find the slides that go with my sessions that have all the links you’ve seen in the session. W19 GitHub Actions: Beyond CI/CD With GitHub Actions you can do so much more then just CI/CD! I’ve validated the links on my blogposts, automated my issue management and provided easy configuration of my trainings...  
View post
During an innovation day at work, I needed to generate extra code and a new application. I wanted to check out the newly released Deployment Protection Rules that can help you with protecting when a job in GitHub Actions can roll out your application to an environment. Deployment protection rules need a new GitHub App that can be triggered when an environment is targeted. That App can then run its...  
View post
To enable CodeQL on GitHub Enterprise Server you need to make sure you have GitHub Actions setup and running, including your own set of self-hosted runners. You can read more about that in my previous post here. From that point you can get started to enable CodeQL. Of course, you’ll need to have it enabled in your license, and upload that license file to your server as well. Enabling starts...  
View post
After scanning the GitHub Actions Marketplace for the security of those actions (read that post here) I was curious to see what happens if I’d enable Secret Scanning on the forked repositories. I regularly teach classes on using GitHub Advanced Security (where secret scanning is part of) and I always tell my students that they should enable secret scanning on their repositories. I even have a course on LinkedIn Learning...  
View post
Recently I’ve started to add the OSSF scorecard action to my (action) repositories. This is a GitHub action that will run the OSSF scorecard checks against your repository to see if you are following best practices, like having a security policy, using a code scanning tool, etc. Using this badge can give your users a quick overview of the security of your repository. OSSF stands for ‘Open Source Security Foundation’...  
View post
Recently we had to call the GitHub GraphQL API for creating a new GitHub Project (with V2). Since this can only be done with the GraphQL API, we had to figure out how to do this. We found little bits and pieces of information, but no complete example. So we decided to write one ourselves. I hope this helps you as well. ProjectsV2 GitHub GraphQL API The new GitHub Projects...  
View post
I was giving a training today on GitHub Actions and learned something new! One of the attendees asked about being able to read and write to Repository Secrets without having admin rights. I had never tried this before, but it turns out it is possible! The premise: To be able to create actions on the repository you need to have Admin access to the repository: otherwise the UI will not...  
View post
My LinkedIn Learning course on GitHub Advanced Security (GHAS) has been released! In this course I teach you all about the features of Advanced Security: Dependabot Code scanning Secret scanning You can watch it with a LinkedIn Learning account (30 day trial is available) with this link: GHAS on LinkedIn Learning. Teaser for the training:  
View post
TL;DR The runner just downloads what you specified, by getting it from the tag The runner does not do SemVer at all. It’s up to the maintainer Even GitHub does not update (or create) all SemVer versions, so @v3 is not necessarily the latest thing for v3! The marketplace shows releases, not tags. If the maintainer does not actually release, it’s not visible It’s more secure to use a SHA...  
View post
When customers start using GitHub Enterprise with Actions and private runners, there are some common gotcha’s you can run into. In this post I’m sharing the ones I have encountered so far. Even Dependabot comes along, since that runs on Actions as well for GitHub Enterprise Server. List of topics: First of all: Don’t use self signed certificates on GitHub Enterprise The default actions in will download the binaries from...  
View post
Placeholder for sharing the slide deck for Techorama: session link Abstract: Attacks against your pipelines are more and more common these days. We’ll go over the attack vectors you need to be aware of and how someone could potentially misuse a simple setting to hijack your environment, with very large consequences. From breaking out of your shell scripts in the CI/CD pipeline, misusing typo’s in third party packages or even...  
View post
I have the pleasure of virtually speaking at dotnetsheff and these are the slides for it: Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well! In this session you’ll learn what possible attack vectors you need to...  
View post
I have been a fan of GitHub Actions since the beta in the end of 2019. And the more I use them and create my own, the more I have this growing itch to see how these actions are made, how active the community is, and what we can do to improve this ecosystem. So I decided to do some research and see what I could find out. I already...  
View post
Check the GitHub status! Every once in a while there is an outage on e.g. GitHub Actions, and I see a lot of influx of users on this blogpost. So before you start reading this, check the GitHub status page to see if there is an outage. If there is, you can wait until it is resolved. If there is not, you can continue reading this post to see if...  
View post
I wanted to describe how my flow usually works for creating a GitHub Actions. People often struggle to think of something to build because they start with an empty canvas: the action itself. That is not how I build up the action. For me the process is as follows: Have a need for something straightforward: like calling the GitHub API in a certain way. Create a small github-script for it...  
View post
I have the pleasure of speaking at Code Europe and these are the slides for it: Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well! In this session you’ll learn what possible attack vectors you need to...  
View post
I had the pleasure of giving 3 sessions at NDC Security in Oslo on April 6th and 7th. After 2,5 years of not being at a conference in real person, this was the first time speaking in front of an audience and sitting in on sessions in real life! Super weird to do in this time of turmoil in the world, but when you sign up to speak, the conference...  
View post
I notice a lot of people getting lost in their GitHub notifications. Here is what you can do to get some control back! The default settings send you emails for everything. A lot of people then create an email rule to move all those emails to a specific folder, which means they will never look at those emails again! With some tweaking you can make the notifications work for you....  
View post
I am slowly diving into ‘Configuration as code’ for the GitHub Platform: all the things you want to automate with as few steps as possible, making big impact. Some of these things also fall under ‘GitOps’ in my opinion: if you store it into a repo and on changes you make, the automation will make it happen. The plan is to have this post as a central starting point for...  
View post
This one took me some time to figure out, so I wanted to have something for the next time I need it :-). I needed to create repos for a team and then create a codespace for them. I already was using the GitHub CLI for my automation, so I wanted to use it as well to create the codespace. The documentation states that you can call gh codespace create...  
View post
I have a nice working from home setup that allows me to use a great camera, lights and microphone. I have so many stuff, that I wanted to automate some of it to detect if I am working or not and then toggle them all on or of. I already use Home Assistant to remotely toggle loads of stuff in the house, so why not integrate everything? Home Assistant Scenes...  
View post
There is a lot of confusion of what GitHub (access) tokens are and how you should use them for automating things inside of GitHub. There are three main types of tokens: Personal Access Tokens (PATs) The GITHUB_TOKEN environment variable (explainer here) An access token created from a GitHub App (explainer here) You can use these tokens to authenticate to GitHub and perform actions with it, like cloning repositories, making API...  
View post
At my customer we have the need to create a lot of GitHub Apps. In this specific case we use GitHub Apps as an integration point between GitHub and Jenkins: the code is moving to GitHub, and we still want to trigger our existing Jenkins jobs on code changes. We have over a 100 teams in Jenkins, all with their own pipelines. We have a security requirement that teams that...  
View post
I’ve been discussing using GitHub Actions in a secure way for a while now (see here, and I got a question on how to improve your usage of actions. I wanted to capture that info in an easy to follow set of steps, so here we go: Default demo examples: version pinning or by branch Review the source code and trust the publisher / action SHA hashes Dependabot for actions...  
View post
This post is for sharing my dev.to entry for the 2021 GitHub Actions Hackathon. This entry shows how I have setup the workflow(s) for the GitHub Actions Marketplace. I wanted to have a long form post detailing the steps and reasoning behind each the setup as an entry point for people building these automations. Workflow: The starting workflow for this setup can be found here. This workflow goes through all...  
View post
I keep coming across files in GitHub that have some mystic magic feeling to them. There’s always a small incantation to come with them: the have to have the right name, the right extension and have to be stored in the right directory. I wanted to have an overview of all these spells for myself, so here we are 😉. Photo by Artem Maltsev on Unsplash Overview A list of...  
View post
My session on GitHub Universe is now available here. You can watch it for free! Follow up questions Let me know if there are any follow up questions. You can tag me on the discussions created for the event by using my GitHub handle: rajbos or comment on the YouTube video. I’ll add them below for future reference! Setting up an internal marketplace A blogpost on the topic to setup...  
View post
One of the best practices of using GitHub Actions is to fork all actions that you want to use to your internal actions organization. If often use organizationname-actions for that, just like I am doing for my own personal setup here: rajbos-actions. After forking the repositories I always get the question: What now? How do we handle internal discovery? How can we have a process that gives our engineers control...  
View post
I am an avid PowerShell user and have been using it for a while now. Together with C# it is my main development experience these days. That is why I created my first GitHub Actions in PowerShell. Using PowerShell in you actions is possible by running the scripts in a container with PowerShell installed. I wanted to create the same workflow in Typescript but am not that versed in the...  
View post
You can create GitHub Actions running in a container, which allows you to execute ‘anything’ in an action that can be run inside a container, including PowerShell, my favorite scripting language. To get started, you can use the available template repo to create a new repository filled with the contents of the template. The moving parts of the template are as follows: action.yml Dockerfile entrypoint.sh action.yml The action.yml contains the...  
View post
If you need to host your own GitHub Actions runners that will execute your workflow, you have multiple options: you can go the traditional route and host them on your own VM’s. You can even host multiple runners on the same VM, if you want to increase the density and reuse your CPU or RAM capacity on your VM. The first downside of this is that VM’s are harder to...  
View post
Sometimes you spot interesting things online that you have to figure out 😎. This time it was a tweet from Martin Ehrnst: @AzureDevOps i'm using your API to create new projects. However, I would like to provision these without services like boards. I cannot find any way to to do this. Doesn't the API support this?— Martin Ehrnst ☁️ (@ehrnst) May 21, 2021 In Azure DevOps you can enable or...  
View post
Today I got to deliver my session “Using GitHub Actions Securely” at the Solidify show, hosted by our friends at Solidify. A nice virtual community session during lunch in my time zone (CEST) with people joining in, even from Kuala Lumpur! I got a couple of questions during the session that I wanted to dive deeper into and address them here, as well as sharing the slides and the recording...  
View post
This one took me way to many trials and searches to figure out, so I wanted to store it here in case I need it later on. Maybe someone else will find this useful as well 😄. The premise We have a pipeline for GDBC from June 2019 that uses Pester tests written in PowerShell to verify the outcome of our pipeline: we create (a lot of) resources in Azure...  
View post
Today I got to deliver my session “Using GitHub Actions Securely” at Techorama, my favorite conference. I could feel the pressure at the start of the session: this is Techorama, so you need to deliver this one top notch! I think I had some viewers (wasn’t visible to me) and I got a couple of questions during the session that I wanted to dive deeper into and address them here....  
View post
Often you come across an organization that has a policy to use self signed certificates on internal services: as long as you control the workstations used to connect to them, that is a solution that might work. Sometime you still run into issues from them and they usually have a workaround available. Maybe IT-services likes to be in control who can create and hand out certificates that way. In a...  
View post
I got some questions recently on my office setup at home, so it might be helpful to share it here as well. I am lucky to have the means to invest in my setup, even with a supporting employer who helps out with some of the financials since we all need to work from home these days instead of being at the customer’s office. Some time ago I figured we’d...  
View post
Ever since Microsoft acquired GitHub we have been looking at how this will play out in the long run with their Azure DevOps offering. We’ve seen a lot of people move from the Azure DevOps team to GitHub by looking at their LinkedIn or other social network updates, so it only makes sense to wonder about the future. We know that several very large teams inside Microsoft are using Azure...  
View post
Coming from years of Windows dev experience to using a Bash shell took a while to know some of the differences between the two. Since I often still run into these things, I thought it would help me and perhaps other people as well if I wrote some of it down. I suspect this will be a work in progress, so this page will receive some updates over time 😁....  
View post
I was building a new GitHub Action today with a Dockerfile and got a strange error… `unable to prepare context: path “/action” not found. I was using a Dockerfile in a sub directory, but the documentation indicates this is supported. So, what gives? Is it a mix-up of the file path? I’m testing it on Windows and can build the Dockerfile itself just fine 🤔. Tested with a backslash instead...  
View post
One important best practice for any Continuous Integration / Continuous Deployment setup is thinking about attack vectors for your setup. One of those vectors is the way you download your third party dependencies. Whether you are using Docker containers or libraries to build your code upon, these dependencies are external to your system. Usually these are pulled in either through a Container Registry (for Docker images) or through a Package...  
View post
Small tidbit so I could potentially find this later on: If you are running SonarQube yourself with the Community Edition (for a POC for example, otherwise invest in yourself by getting a higher edition!) then you might find this useful. Default Branch name in Community Edition The default branch in SonarQube Community Edition is still locked to master. If you want to change that in SonarQube then there is no...  
View post
In this post I want to look into Private Runners for your GitHub Workflows and show you some best practices for them. GitHub Workflows can run on either a GitHub Hosted runner or on your own private runner. For the private runner you can install it on a machine of your choice and you maintain everything on that machine: the tools that you pre-install, the network stack the runner has...  
View post
I’ve been diving into the security aspects of using GitHub Actions and wanted to share some best practices in one place. If you like to get an overview through a presentation setting instead of a blog, you can also find one of my conference sessions on it here. Photo by Jon Moore on Unsplash Setting up an internal marketplace for GitHub Actions All posts eventually lead up to setting up...  
View post
I’ve been diving into the security aspects of using GitHub Actions and wanted to share some best practices in one place. If you want to have an overview how and why you need this, you check checkout a session I have on this topic from a user group recording here. From the beginning, GitHub always indicated that the best way to use GitHub Actions is to fork the repository containing...  
View post
Today I delivered my GitHub Actions & Security session at NDC London for the first time (both for the session and NDC London 😁). NDC London was a lot of fun! The organizers really went out of their way to enable speakers to even see the attendees, welcome you into the room and guide you through things. Presentation You can find the presentation on SlideShare. Keep note of this page,...  
View post
I wanted to use the GitHub Container Registry to host an image for me and had some issues setting things up. To save me some time the next time I need this, and hopefully for someone else as well, I wanted to document how this process works. Photo by Evgeni Tcherkasski on Unsplash Beta period During the beta, the container registry will be free to use. Open-source and public repositories...  
View post
If you have a good Continuous Integration process in place, you can start using the generated artefact to deploy that to an environment as the next state of enlightenment in your DevOps way of working. Check that link for posts on the other topics. Note: in this case I specifically mention an environment: any place you can roll out your artefact is part of your Continuous Deployment strategy. Where specifically...  
View post
One of the first things to get in order when improving your DevOps way of working is having proper version control of your source code. Source code in this case means anything: from application source code that you can build and deploy, to scripts you use to do the deployment. In my opinion: anything around your team that can be saved as text, should end up in source control. Source...  
View post
I was thinking about the teams I’ve been helping out in my professional work life and suddenly noticed that there seem to be different stages that each team goes through in an effort to improve something in their day-to-day work. Usually I start at a new assignment with a specific question and together we evolve my assignment from there. The entry point often is something specific, like for example: Migrate...  
View post
If you have proper source control in place, you have a central location that holds the source code. From that location you can start with Continuous Integration as a next state of enlightenment in your DevOps way of working. Check that link for posts on the other topics. Continuous Integration (CI) With continuous integration we mean doing something with each incoming change to the central source code location that verifies...  
View post
Alt. title: approval to an environment blocks the whole pipeline Sometimes you find out about something and feel rather stupid. This one is one of the reasons YAML pipelines often feel like you need a magic incantation to get things working the correct way. Since this took me way to long to figure out, I’m writing about it here to hopefully safe someone else a lot of time (probably my...  
View post
Recently I got asked if you could use GitHub Actions to deploy to an IIS web application which of course I had to test :grin:. TL;DR It runs the same as you would with a PowerShell script Example For testing this I used an example application in this repo (you can find the actions there as well). It’s based on the following dotnet command: dotnet new webapp Flow Since this...  
View post
Sometimes you have these weird things you run into, and I’m sure I will not be able to find this one if I don’t store it here. Photo by Hakan Aldrin Configuring Git with a PAT token with Azure DevOps Usually in Windows I use the Windows Credential Manager for storing authentication against remote Git repositories. You can also use the SSH setup that Azure DevOps supports as a widely...  
View post
While building up a scheduled pipeline for updating our NuGet dependencies I found NuKeeper to help with automatically updating the packages we use. If you don’t know NuKeeper, it is an open source project that will go through your .NET solution and check with the configured NuGet sources to see if there are any packages that have available updates. If there are updates, it can update your project (or solution)...  
View post
Today I ran into an issue that I tried to clone a Git repository with large filenames/folder paths in it. fatal: cannot create directory at 'src/Modules/<long path here>': Filename too long warning: Clone succeeded, but checkout failed. The folder path display was only 195 characters long, but adding my root folder with 38 characters got awfully close to the known 260 characters limit in Windows. Fixing the issue To fix...  
View post
I had an issue running an EntityFramework command after updating the NuGet packages to the latest version and searching got me to multiple steps and sites to get things fixed. Grouping them here for future reference. If it helps you as well, please let me know! Always nice to see these posts helping someone else as well. The trigger message This was the initial message that got me on this...  
View post
Today I encountered an issue while interacting with the Azure DevOps API. In the end this is not an issue with the API but with the user authentication and verification of tokens. Since it took me a while to figure out what was happening, I’m documenting it here. Error message ‘Failed to obtain an access token of identity …, The refresh token has expired due to inactivity’ It matched the...  
View post
Today I got asked how you could register a Startup and/or Shutdown script on Windows through PowerShell. My colleague already had a setup for creating a VM, but wanted this extra step as well. Searching the web revealed some bits and pieces, so I’m logging it here for future reference. Photo by Daniel Öberg Gist I’ve created this gist with the registration script and an example file with a script...  
View post
Today someone in the Azure DevOps Club slack asked a question about finding the repo from the default wiki in Azure DevOps. This used to be available if you knew what to do, so you could clone the repo and add pages programmatically for example. Weirdly enough, we couldn’t find how to get the repo to be visual so we could use it. In this case, the person asking the...  
View post
I want to target .NET Standard so I can always use my libraries in any project later on, independently of its target framework (as long as it supports the .NET Standard version I’m targeting). unsplash-logoPhoto by Hans Vivek Today I had an issue with using the Entity Framework Core tools in a .NET Standard Library: the EF Core tools don’t support the .NET Standard framework: they can only target .NET...  
View post
Today I faced an issue with Azure Active Directory authentication that was interesting enough to not this down for later reference 😁. AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application I’ve got this issue in our (new) web application: With the help from this blogpost from Antti I’ve learned that the url you’ve entered to redirect to after the authentication...  
View post
In Azure DevOps I needed to determine a variable in one deployment stage, and use it in another. I remember finding and implementing this solution before but couldn’t figure out how I did things, so this post is for me to find it easier next time 😉. For example, in a stage I want to set a variable with the name ReleaseVariableName to a value. Searching online points you to...  
View post
Sometimes you need to run the Azure DevOps Agent behind a proxy. If you search around you can find a lot of posts regarding this, and I wanted to have my own overview of all the things you need to keep in mind. At least I’ve tested this list myself 😁. To run the Azure DevOps agent behind a proxy, the proxy must be updated with the url’s below in...  
View post
Sometimes you want to log information during the startup of the web application. In our case we wanted to log some generic information about the server to see where we are in the process. Doing so proved a little more complicated than expected, so I needed to document this in case I need this in the future 😉. Usually you can only find out the incoming URLs if you have...  
View post
I was working on a new .NET Core Unit/Integration Test project in a solution using Visual Studio and need to load some setting from the configuration. Naturally I wanted to use the same setup for retrieving those settings as in the real project, so I added a new file appsettings.json. Next up I wanted to add appsettings.Development.json just like we use in normal projects. Somehow I expected it to be...  
View post
Sometimes you need to deploy an application on a machine, but there is no option to use PowerShell remoting from the outside. In that case, you can deploy an Azure DevOps agent on that machine and use that for local deployments. These are the steps to deploy an application with Azure DevOps on the localhost of the agent. As an example I’m using IIS to deploy a web application to...  
View post
We’ve all been there, what happens when you commit changes to the master branch and during the sync to the remote you get an error. Starting point: you didn’t check the branch you where committing to: So during the sync you get an error: In the output window this message is shown: Pushing to https://**********.visualstudio.com/DefaultCollection/CICD/_git/DemoRepo To https://**********.visualstudio.com/DefaultCollection/CICD/_git/DemoRepo Error: failed to push some refs to 'https://**********.visualstudio.com/DefaultCollection/CICD/_git/DemoRepo' Error encountered while pushing to...  
View post
Did you know you have more than one option to set the SQL firewall settings on an Azure SQL Database? Most people know you can set firewall rules on the server level: Example settings Do note that toggling the setting for Allow Azure services and resources to access this server opens up connection from anywhere inside of the Azure Cloud: this is not limited to your own subscription! Firewall settings...  
View post
Recently I found an IIS hosted web application that we couldn’t instrument with Application Insights. As it is running in IIS, it is possible to start monitoring it with Application Insights through the Web platform Installer. You can find how to do that for example here. Installation and configuration is rather straightforward. unsplash-logo Photo by Dominik Schröder What this post is about, is the files you need to take care...  
View post
I ran into an issue where I could not change Azure Repositories Policy settings, even while my account was in the the Project Administrator group. Somehow I could set the policy, but not change it later on! This posts explains how I got here and how I finally found out why this happened. In the end it was a simple fix, only rather difficult to find the reason behind this...  
View post
After getting a message that a command I wanted to use was not available in my local installation, I needed to update an Azure CLI extension. Finding that information was scattered around the internet, and took me to long to find. So for future reference, I’ll document it here 😄. Should be way easier to find next time 🙈. If you know the name of the extension, you can find...  
View post
I wanted to try out using GitHub Actions to deploy a .NET Core web application to Azure. Microsoft already has some actions available to accomplish this, so this should be rather straightforward 😄. I haven’t really played with GitHub Actions yet, so this should be rather informative 😁. Usually I do this using Azure DevOps, so this will be a nice way to check the other side of the fence....  
View post
Ever needed to deploy a Windows Service onto a machine with Azure DevOps? It turns out this is really easy (some caveat’s apply 😄, see section at the bottom)! There is an extension on the Azure DevOps Marketplace that is a wrapper around the SC tool from Windows: Add the extension and perform the tasks that you need: In this case, I use these tasks: delete the existing service (will...  
View post
I’ve been working on a Stryker run for a larger .NET solution (115 projects and counting) and wanted to document on the final setup in Azure DevOps. You can find more information on what Stryker is and how this can be used on a .NET project with an example on this previous blog post. In this post you can find how I got to this point: link. unsplash-logoPhoto by Dallas...  
View post
Today I was configuring a SonarQube Analysis in Azure DevOps on a Java project. Following the documentation I still got this error: [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project 'prefix-project' Project was never analyzed. A regular analysis is required before a branch analysis -> [Help 1] Given the error message says it is an error for the project prefix-project I guessed that the plugin wanted to link everything...  
View post
TL;DR Stryker cannot run for an entire solution with multiple test projects (YET), so we need to help it a little and run each project by itself and then join the results. Finding a way to do so started by checking in with the Stryker team on GitHub. I ❤️ OSS! They are working at making this part easier, so I checked out their code to see if I could...  
View post
I ran into a weird thing in .NET Core Global tools: If you try to install the tools while they are already installed on that system, .NET Core will throw an error and exit with a non-zero exit code. This is not helpful in a Continuous Integration (CI) scenario! Expected installation Normally you expect that you run an install command like this: dotnet tool install dotnet-stryker -g And the tool...  
View post
Recently I was at a customer where they where testing running test mutation with Stryker. Mutation testing is a concept where you change the code in your System Under Test (SUT) to see if your unit test would actually fail. If they don’t, your unit tests aren’t specific enough for the SUT and should be re-evaluated. Since Stryker changes your code, they call it mutations and they check if they...  
View post
Last week I was testing some .NET tooling and wanted to install a tool locally instead of globally. To do so you run this command: dotnet tool install dotnet-stryker While running (either locally or in an Azure DevOps task) I got this error message: [command]"C:\Program Files\dotnet\dotnet.exe" tool install dotnet-stryker Cannot find any manifests file. Searched: C:\Apps\TFSAgent\_work\7\s\StrykerDemo.UnitTests\.config\dotnet-tools.json C:\Apps\TFSAgent\_work\7\s\StrykerDemo.UnitTests\dotnet-tools.json C:\Apps\TFSAgent\_work\7\s\.config\dotnet-tools.json C:\Apps\TFSAgent\_work\7\s\dotnet-tools.json C:\Apps\TFSAgent\_work\7\.config\dotnet-tools.json C:\Apps\TFSAgent\_work\7\dotnet-tools.json C:\Apps\TFSAgent\_work\.config\dotnet-tools.json C:\Apps\TFSAgent\_work\dotnet-tools.json C:\Apps\TFSAgent\.config\dotnet-tools.json C:\Apps\TFSAgent\dotnet-tools.json C:\Apps\.config\dotnet-tools.json C:\Apps\dotnet-tools.json C:\.config\dotnet-tools.json C:\dotnet-tools.json Searching...  
View post
I wanted to run .NET Core tools in Azure DevOps and ran into some installation issues. I tried installing the tool I needed globally, yet the agent could not find it. Local tools to the rescue In the latest versions of .NET Core 3.0 (currently still in preview), you can install tools locally. This means that you can install the tool in the current folder, with its own version and...  
View post
Recently I had to refresh a Let’s Encrypt certificate for an Azure App Service after the first certificate had expired. Of course, refreshing a certificate should be done by some tooling, either in a CI/CD pipeline or another service. I tried setting up the Lets Encrypt Extension on the App Service, but could not get it to work. Eventually I even ran into the Let’s Encrypt rule that you can...  
View post
Recently I wanted to build and run a .NET core console application in Azure DevOps and found out you cannot do that with the default .NET core tasks. unsplash-logoPhoto by Sam Truong Dan The default tasks in Azure DevOps and tutorials are more geared towards web-development and publishing a zip file that can be used with a WebDeploy command. For an application,I would have thought that you could run the...  
View post
I’ve been developing software for over 16 years now and every now and then I come across someone who thinks developers do something magic that they can never learn to do. Maybe they are even afraid to ask us something because they don’t understand something. As a consultant my role has often meant that I could take the time and explain to someone more functional oriented the reasoning behind some...  
View post
As a consultant, I get to work at a lot of different settings and environments. For most of my customers these days, that means working on my own laptop and in the cloud with SaaS application. Logging in to all those customers can be a messy thing: I’ve seen people having a identity picker in Azure (or any other Azure Active Directory backed system) that they have to scroll through...  
View post
Today I noticed that my syntax highlighting was not working on this blog. Here is how I fixed it! I am using Jekyll on GitHub pages as I wrote before. unsplash-logoPhoto by Zach Reiner Looking at the generated HTML indicated that there was some parsing done during the build of the page, but there were no CSS classes available to them: I tried searching for documentation about this issue and...  
View post
I found myself searching the internet again on how to use the Azure CLI from PowerShell so that I can use it in Azure Pipelines to create new Azure resources. The reason I want to do this with PowerShell is twofold: Azure Pipelines has a task for using the Azure CLI, but this only has the options to use the command line (.cmd or .com files), or from bash (.sh)....  
View post
I have started recording a series of video’s explaining some of the principles and sayings I use when I talk about DevOps. There are teams that I meet that have no idea what DevOps is and why we are doing some of these things for it. I’ve found myself referencing something like ‘Shift Left’ and then having to explain it to the teams and their management that I am helping...  
View post
Read more on why I created short video’s wherein I explain some of the DevOps principles and practices here. Creating these video’s helps me getting a little more comfortable speaking to an audience, even if it is through a camera lens and with the ability to stop and do it again 😄. It also helps that I have some time to think through the message I’m trying to explain to...  
View post
Last month we got the opportunity to organize the Global DevOps Bootcamp (link) and it was a blast! I wanted to create an overview of all blogposts that I could find about the event, so here it is. Links Pre-event registration Jasper Gilhuis wrote down how he handled the pre-event registration of venues and enable them to register the attendees. Read about it here. Azure Learnings A post by myself...  
View post
On the 15th of June we got the opportunity to organize the Global DevOps Bootcamp edition of 2019 (see link) and we had a blast! For the 2018 edition we created challenges for the attendees to setup their CI/CD pipelines to push a web application into Azure. You can read up on the setup for that edition here. Next level Since we need to create something next level for each...  
View post
When I am working on something, usually software, I know from experience that a simple tool to test something out (e.g. a POC, Proof of Concept), can be in production in no-time. That is when I start to focus on everything we start to ignore: don’t write unit tests, it is only a POC; we don’t need to make this resilient, it is only to proof this will work; just...  
View post
Last weekend we got the opportunity to organize the Global DevOps Bootcamp (link) and it was a blast! Thanks to René van Osnabrugge, Marcel de Vries and Mathias Olausson for coming up with the idea to create GDBC and sticking with the team to get this idea of the ground! Without them and our sponsors (Xpirit, Solidify, Microsoft) we could not have started with the event! Team work! To set...  
View post
As noted in a previous post, you can host a SonarQube on an Azure App Service, thanks to Nathan Vanderby, a Premier Field Engineer from Microsoft. He created an ARM template to run the SonarQube installation behind an Azure App Service with a Java host. This saves you a lot of steps mentioned above! You can find the scripts for it on GitHub or deploy it from the big deploy...  
View post
I recently found that I had a web service plan running for my Machine Learning Studio (MLS) workspace in Azure. I was hosting some test webservices on it from a research session earlier on. The web service plan was not doing anything for me, but I did incur some costs running it. Since the default tier it picks during is already an S1, this can build up if you are...  
View post
I ran into an issue with a new Azure Function I created: when I tried to run it, I got an error message about a RunResolvePublishAssemblies setting. The target “RunResolvePublishAssemblies” does not exist in the project Digging around the internet did not give an indication where to look. Most examples pointed to years old issues that indicated this message for dotnet core version 1.0. I am running a preview version...  
View post
I wanted to trigger an Azure Function based on changes in the Azure Subscription(s) we where monitoring. The incoming data can than be used to do interesting things with: keeping track of who does what, see new resources being deployed or old ones being deleted, etc. Back when I started working on this, there was no Event Grid option to use in Azure Functions, so I started with linking it...  
View post
After installing Docker for Windows (recently renamed to Docker Desktop) I could not get the basic command docker run hello-world working. I checked my install, read more docs, got confused if it was in my Hyper-V setup, the networking stack in it, or something else. Finally a light bulb went off and I found the solution! The issue After installation Docker present you with a login screen. Since that login...  
View post
I was testing with our Azure Function and had set the cron expression on the timer trigger to "0 0 */2 * * *", based on the example from the Microsoft documentation. When I went to the logs a day later, I noticed that some of the runs weren’t there! unsplash-logoPhoto by Emily Morter Missing logs ?? I added a red line were I noticed some of the logs missing....  
View post
Last week I noticed our Azure Function wasn’t running anymore and I got a pop-up in the Azure Portal indicating that we reached the limit on our open connections. The popup message contains something like Azure Host thresholds exceeded: [Connections] and links to this documentation page. The documentation already hints at the usual suspects: HttpClient holds on to the connections longer then you’ll usually need. Since the whole Azure Functions...  
View post
During installation and setting up a SonarQube server for usage in an Azure DevOps Build I found some things that I didn’t remember from previous installation and wanted to log that in this post, so the next time I have somewhere to find these things in one place. Updated 5-1-2019 Read the last section of this post if you want to use an even easier way of setting up and...  
View post
Microsoft announced today that they have a ‘new’ product: Azure DevOps! With that announcement came another one: Azure DevOps pipelines for GitHub open source projects with unlimited minutes! I wanted to see what the integration with GitHub would look like, so I tried it out. Note: of course, you could already create pipelines for GitHub repo’s, but only inside of a VSTS account and not with unlimited build/release minutes! If...  
View post
While working to setup an export from Activity Log to an Event Hub I got no response on a save action. This took some time to figure out why this happened, so I thought it could be helpful for someone else. Photo by Adam Solomon on Unsplash Issue when saving When saving the export setting via this blade: I got this error: After scratching my head a little I checked...  
View post
Global DevOps BootCamp In June 2018 I was part of the team behind Global DevOps BootCamp (or GDBC in short). The goal of the boot camp is to create a world wide event where everyone could get a taste of DevOps on the Microsoft Stack. It is an amazing combination between getting your hands dirty and sharing experience and knowledge around VSTS, Azure, DevOps with other community members. This years...  
View post
I am using the Azure Fluent SDK to retrieve information about the Azure setup and I wanted to retrieve the AppSettings from an App Service (or function app, or logic app). The simple solution didn’t work and searching around didn’t reveal any information about it. Finding something that did work (initial testing with a different service principle didn’t change the results), so here we are… Photo by Osman Rana on...  
View post
Recently I got a customer request to help them with provisioning a SonarQube server hosted in Azure. Fortunately there is an ARM template available for it: link. I ran into some issues with the ARM template at first and then tried to use the new SonarQube server within VSTS. TL;DR I didn’t manage to get the SonarQube VSTS Tasks working with the self-signed certificate. I think it’s probably possible, but...  
View post
Today I was listening to RadioTFS episode 163 on my commute, with guests Wouter de Kort and Henry Been. During the show Wouter mentioned that he always revoked his VSTS Personal Access Token after using it, especially when used for a Build Agent. Apparently the PAT is only used for the initial authentication to VSTS/TFS and after that it isn’t needed anymore! That indeed means that you can revoke the...  
View post
Recently I wanted to demo an example of how you can rollout Chocolatey packages via your own choco server. Sometimes we cannot save every binary in VSTS to use it in a pipeline as an artifact and therefor I needed a different artifact server. Chocolatey provides a NuGet wrapper around binaries that you can easily track different versions with. Since that worked out an I now have a local document...  
View post
Global DevOps Bootcamp On the 16th of June 2018, Xpirit and Solidify organized a global event around the topic of DevOps and improving your release cadence. It is an ‘out of the box’ event with a lot of self organization where people around the global gathered on their free Saturdays to learn something new about DevOps. People interested in hosting a local venue went to the site https://globaldevopsbootcamp.com/ and started...  
View post
Note This is part 3 in a series of posts about DevOps and the role of telemetry in it. In part one I described the reasoning behind the series and explained how I started with logging (usage) telemetry for a SaaS application. You can read part 1 in the series here. In this post I want to explain about the next step: logging information about the systems that support the...  
View post
Note This is part 2 in a series of posts about DevOps and the role of telemetry in it. In part one I described the reasoning behind the series and explained how I started with logging (usage) telemetry for a SaaS application. You can read part 1 in the series here. In this post I want to explain about the next step: logging information about the systems that support the...  
View post
I like to make work and performance visible for teams by giving them the necessary information to gauge the performance of a system, both on a daily basis as well as over time. This will help them to find less performant parts of the system, or checking engagement statistics. Sometimes I feel this part of the process is forgotten when talking about DevOps these days. People will focus on bringing...  
View post
Update process templates Recently I had a customer request to update their process definition in Visual Studio Team Services (VSTS). They had 30+ different processes migrated from TFS (Team Foundation Server), so they were all Hosted XML processes. Somehow they had the process setup like this: Epic –> Product Backlog Item Which they requested me to convert to this: Epic –> Feature –> Product Backlog Item In TFS you would...  
View post
I wanted to include at least some more information in the index page of my blog instead of just the publish date and title, so I searched around for some help to include an excerpt in Jekyll and found some help on this blog. The solution was very straightforward, but I’ll include it here for future reference. Index page In the index page, you can search the content of a...  
View post
Trying out Jekyll on top of GitHub pages as a new blogging platform. For know, I just needed a simple way to create posts, but add some stuff I am missing on my current method (WithKnown), like RSS and Google Analytics. So far I like the easy setup (like: no installation whatsoever!) and the fact that it uses Jekyll to generate static pages. I started with the excelent guide of...  
View post
After searching for the third time on how to do this, I thought it would be time to write about this here 😬. If you have an Azure App Service that for some reason should just display a message to the user, indicating that it isn’t available, you can do this. I have had several reasons to do this: single app service host, without a deployment slot and a big...  
View post
I wanted to use https in my dotnetcore application (v. 1.0.0-rc2-final) and had to dig around the web quite a bit to find the most recent and working method to accomplish this. Eventually a link in the MVC github site lead to an example how to fix this (link). First, the most easy way I've found to do this, is to add some custom middleware for redirecting all http requests...  
View post
Some links to important Visual Studio extensions for later reference: Open Bin folder Visual Studio Extension: Visual Studio Gallery Wakatime: wakatime.com SlowCheetah Visual Studio Gallery SonarLint sonarlint.org T4MVC github.io  
View post
If you previously had a new Windows 10 preview build installed in your computer and then you reverted back to an older build, you could lose access to the new build where the new build is no longer offered as an upgrade option. If you want to install that build again, deleting that build number from the list in the Registry Editor will restore the ability to upgrade. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability\RecoveredFrom Source...  
View post
While migrating CI stuff from Jenkins into TFS 2015 SP1 I ran into this blog post from Microsoft explaining how to include SonarQube runs information in the TFS Build Tasks. We have been running SonarQube on our projects for about a year now to gain some insights into Code Coverage and basic code smells. I sure don’t want to lose the information Sonar gives us. The problem was that we...  
View post
I’m not the only one who is annoyed by the new Windows 10 way to connect to VPN connections. The new route takes a lot of new clicks, just to connect to a VPN! The old Windows 8 style was a lot faster. Since I frequently change connections at work, It’s a recurring annoyance everyday :-(. Today, I’ve found out that there is a simple registry setting to revert the...  
View post
Just putting this out here for future reference: there is a service update for VS2015 update 1 to fix some issues. I needed this update to fix an error in VS with T4MVC. Knowledge base article: Link  
View post
https://wakatime.com/dashboard Plugin for Visual Studio (and other editors) to log hours spend in the editor. Free account only retains the information for a couple of weeks and gives you an overview of time per project/solution and per language. Really neat to see those stats. Currently I have this extension installed on both my laptop, pc and in a VM designated for SharePoint development.  
View post
Tonight, I had the idea of starting a new project to test and demo new area’s and features of ASP.NET. Initially it will be a project to test ASP.NET MVC 6 from Visual Studio 2015. I’ll set the project on GitHub for future reference and to get more familiar with git. GitHub: https://github.com/rajbos/dotnetcore-webapp.  
View post
Mastodon