Reading Notes #683

A lot of good stuff crossed my radar this week. From Aspire’s continued evolution and local AI workflows with Ollama, to smarter, more contextual help in GitHub Copilot, the theme is clear: better tools, used more intentionally. I also bookmarked a few thoughtful pieces on leadership and communication that are worth slowing down for. Plenty here to explore, whether you’re deep in code or thinking about how teams actually work.

Programming

• Distributed apps platform Aspire supports JavaScript, Python (Loraine Lawson) - This stack of news brings Aspire rebranding explanations, details on the last Rust update with its great network improvement, and a hackathon for useful apps

• Aspire 13.1 Brings MCP Integration, CLI Enhancements, and Azure Deployment Updates - InfoQ - Quick post about what is new in this release.

AI

• How to Run Claude Code With Local Models Using Ollama (Vladislav Guzey) - Interesting, curious to see more in detail how it works.

• Bringing work context to your code in GitHub Copilot - Microsoft for Developers (Kayla Cinnamon) - That looks really cool. Being able to connect non-code information to the contest. I need to watch those videos.

• Practical Ways AI Can Help You Today with Minimal Setup (James Sturtevant) - Nice post with real-life tips sharing what works and what doesn't. A good read.

Open Source

• The end of the curl bug-bounty (Daniel Stenberg) - I didn't know about this effort, and it's sad to learn about it too now, of course, but I'm glad those programs exist.

Miscellaneous

• Why I Still Write Code as an Engineering Manager (James Sturtevant) - There is still hope, everyone! But more seriously, an inspiring post that managers should read.

• The Art of the Oner (Golnaz) - Another great post from Golnaz talks about how to help the message to land. How and why one takes are helping when presenting and the effort it represents.

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #682

This week’s Reading Notes bring together programming tips, AI experiments, and cloud updates. Learn to build Python CLI tools. Untangle GitHub issue workflows. Try running AI models locally. Catch up on Azure news. And explore ideas around privacy and cloud architecture. Short reads. Useful takeaways.

Programming

• Make a CLI command from your Python package (vast cow) - Nice way to create a CLI. It looks very simple.

• Programmatically Setting GitHub Issue Types (Den Delimarsky) - This post shares a cool workaround to work with types in GitHub

• 5 Minimal API myths and the real truth (David Grace) - Nice post, I really like minimal API, and it's true that people are asking themselves a lot of questions. Here you will find many great answers.

• How does Aspire expose resource connection info to the Azure Functions runtime? (Safia Abdalla) - This post explains how to connect Azure resources.

AI

• Private AI Coding: OpenCode + Model Runner - A very interesting post about how we can use local models in open code, looking forward to trying that.

• All the Azure news you don’t want to miss from Microsoft Build 2025 | Microsoft Azure Blog (Alysa Taylor) - Well, it's all in the title, and yes, this post is packed with news because Build is one of the biggest Microsoft events.

Miscellaneous

• Who Decides Who Doesn’t Deserve Privacy? (Troy Hunt) - A very interesting post about privacy. We should also think about all that when designing systems and applications.

~frank

Reading Notes #681

This week’s reads blend cutting-edge tech with practical insights, like how Aspire elevates JavaScript to a first-class citizen in modern development, or why AI’s push toward typed languages might just be the future. From building a self-hosted model registry to uncovering AI’s surprising role in video

production (who knew Adobe had a sound AI gem?), there’s plenty to unpack. And if data-driven wardrobe experiments count as quirky, this week’s got you covered too.

Programming

• Aspire for JavaScript developers (David Pine) - JavaScript and all its frameworks are now first citizen in Aspire. This post explains what it means and what the benefits are for developers.

AI

• Why AI is pushing developers toward typed languages (Cassidy Williams) - This post shares the evolution of which AI uses languages. I would agree, as I noticed TypeScript was used in more and more blog posts and videos I was seeing online

• Self-hosting a MCP Registry for discovery using modelcontextprotocol.io registry (Dominique St-Amand) - Nice real-life story about how to build a full app to help manage all those MCP servers

• What AI Has (and Hasn't) Taken Over in Video Production (Golnaz Alibeigi) - As someone who creates a lot of video content, I agree with Golnaz and was surprised by the Adobe sound thing. I didn't know about that.

Miscellaneous

• I tracked everything I wore in 2025. Was it worth it? - I never thought about data related to my wardrobe, but playing with data and trying to understand what it means and how it can be used, that's always a fun thing. Thanks for sharing

~frank

Reading Notes #679

Exploring the intersection of AI and code this week, I stumbled on a treasure trove of practical insights, from building AI agents in n8n to Meta’s groundbreaking SAM Audio model. The blend of low-code tools, IDE integrations, and deep dives into .NET profiling shows how innovation is bridging creativity and technical rigor. Whether you’re automating workflows or decoding audio separation, there’s something here to spark curiosity and curiosity-driven coding.

AI

• 15 Practical AI Agent Examples to Scale Your Business in 2025 - This post contains many very good ideas of low-code agents that can really help you go through many different types of data

• Introducing SAM Audio: The First Unified Multimodal Model for Audio Separation - An insightful post about how AI could be used in audio

• How to Build an AI Agent in n8n for Beginners: Complete 2025 Guide (Snaplama) - I'm a fan of integration tools, and n8n is obviously part of those great tools. That AI node is very useful, and there are numerous ideas and applications you can explore with it. This post shares how you can do it as an agent, and I think a lot of people should try it

• When AI Amplifies Your Bad (and Good) Habits | The JetBrains AI Blog (Kris Kang) - Another post that helps us picture AI, giving us references to better understand how to use it to achieve the desired result.

• Bring your own AI agent to JetBrains IDEs (Sergey Ignatov) - This post shares many news, yes, you can bring your agent into writer, but also a collaboration with Zed and many new features related to those agents, looking forward to dig into those novelties

Programming

• Aspire 13.1 - Our holiday gift to you (David Fowler) - Nice update for Aspire!

• Creating a .NET CLR profiler using C# and NativeAOT with Silhouette (Andrew Lock) - A deep and very interesting post that plays with the unmanaged function.

• Aspire—Your Stack, Streamlined - Great release. There are breaking changes with Redis, so totally worth the 2 minutes of reading.

~frank

Reading Notes #678

In the ever-evolving tech landscape, this week’s reading notes blend cutting-edge tools with timeless insights. From Python’s growing role in .NET ecosystems to hands-on experiments with AI-powered data ingestion, there’s plenty to explore. Meanwhile, reflections on community, confidence, and finding our “second place” in a fast-paced world add a human touch. Jump into how developers are pushing boundaries, embracing new editors, and learning that growth starts with choosing courage, even when it’s scary.

Programming

• Python is First Class in Aspire 13 (Eric Erhardt) - As a .NET developer, I can totally see myself using that... In the near future

• .NET Conf 2025 Recap - Celebrating .NET 10, Visual Studio 2026, AI, Community, & More - .NET Blog (.NET Team) - The event is done, but the content is still there. I'm still going through myself, there's so much! All the slides, presentations, so much content available, everything about what and where to find

• Introducing Data Ingestion Building Blocks (Preview) - .NET Blog (Luis , Adam) - Pretty cool example using this new data block in C# file and AI to play with data.

• Trying out the Zed editor on Windows for .NET and Markdown (Andrew Lock) - I heard of Zed and was planning to try it, but this post saved me some time. The current unsupported razor pages is a show-stopper for me. But maybe later, if things changed.

Podcasts

• The 4 ways to rebuild your "second place" for belonging (Modern Mentor) - Did it all start because of a TV show?! Nevertheless, an interesting episode to help us find our spot and make those "first day work buddy" a better experience.

• Why you need to choose confidence (even when you're afraid), with Juan Bendaña (Modern Mentor) - Confidence isn't a character trait you're born with; it's a muscle you develop. I like the idea.

• World Leading Therapist: Why You Feel Stuck in Life & How to Get Unstuck (The Mel Robbins Podcast) - We talk to ourselves so much that what we say and how we say it can make a big difference. That's the topic of this very interesting episode.

Miscellaneous

• All good things must come to an end (Salma Alam Maylor) - I totally understand, but it is sad news to see her go out of the streaming business. She is amazing, I'm sure she's still rocks whatever she does.

~frank

Reading Notes #673

This week’s notes focus on where AI meets everyday development: Copilot and Azure for tighter, faster workflows, a thoughtful overhaul of Aspire’s deploy CLI, and a hands‑on look at building MCP servers in C#. Security threads through it all with practical DevSecOps and Shadow IT reminders plus podcast picks on teaching, acronyms, and tackling imposter syndrome.

AI

• Introducing the azd extension to configure GitHub Copilot coding agent integration with Azure (Kristen Womack) - That's a great idea! Getting Copilot in this deployment tool will help improve security and pass some blockers.

• Build & Leverage MCP Servers in C# for AI-Driven Development (Sam Basu) - This is a good post for learning the basics of the MCP server. And for C# dev, how to write one.

• How I used AI to redesign Aspire’s deploy CLI command (Safia Abdalla) - A very interesting post that shares the entire process of this refactoring.

Programming

• Cozy Aspire Dashboarding (Victor Frye) - Interesting usage of the properties to customize the dashboard, love it

Podcasts

• GitHub Spec Kit with Den Delimarsky (.NET Rocks!) - Happy to learn more about this Spec Kit, it looks very useful. Looking forward to trying it.

• Mind the Gaps: Teaching Devs, Taming Acronyms, and Surviving Imposter Syndrome with Tim Corey (Coding After Work Podcast) - I really enjoy Tim's content online, and it was nice learning more about him and his passion for helping others.

Miscellaneous

• Stop Shadow IT: Shared Responsibility for DevSecOps (Alison Gunnels) - Nothing new here, to be honest. When people work together, it's always better. And it's good to hear it from time to time.

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #672

Welcome to this week's reading notes! We're exploring topics that might seem refreshingly old-school at first, developer experience improvements, cross-platform packaging, logging strategies, and even podcast succession planning. You know, the kind of practical stuff that actually keeps our projects running. Though I should mention there's a conversation about local AI models tucked in there too, because apparently it's still 2025. Sometimes the best way forward is making sure our foundations are solid.

Programming

• How to Improve Developer Experience in Microservices Applications with .NET Aspire (Opaluwa Emidowojo) - Of course, there's a name for what the net aspire resolved. I never thought about it that way, but it makes total sense. By the way, Aspire is fantastic.

• Automating Away Cross-Platform Packaging Complexity for .NET Developers ( Uno Platform Team) - UNO platform can be packaged, for free, for all platforms. That's very convenient and easy to use it looks like.

• Define a default startup project in your slnx file - A simple fix for a painful problem when using slnx solution is now fixed.

Databases

• Add request logging to a database in an ASP.NET Core Web API (David Grace) - This is a nice tutorial showing step-by-step how to add and configure it

Podcasts

• 482: 1 Day Apps (Merge Conflict) - My first thought was 1 Day? yeah right! lol Cool episode sharing their journey with those building those types of apps.

• Local AI Models with Joe Finney (.NET Rocks!) - Nice episode chatting about local AI. Why would you do that, what are your options yadi yada.

• Rob Lowe Names Names: The Power of ‘Screw It’ (A Bit of Optimism) - Fun episode. Feels like a variation on how to not give it a sh!t theme, but it's always good to get reminded.

• Podcast Succession Planning: What Happens To Your Show When You're Dead? (Feed Your Brand) - This is a great episode! Yes things move fast from time to time, right ;)

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #668

This week covers Microsoft’s open-source Agent Framework for agentic AI, prompt-injection risks and mitigations, and the causes of language model hallucinations. It also highlights NuGet package security updates, Azure SQL Data API Builder improvements, Reka’s new Parallel Thinking feature, and the latest in AI benchmarking.

Cloud

• Announcing Aspire 9.5 - .NET Blog (Jeffrey Fritz) - I'm genuinely excited to try it. Aspire is such a great tool 🔥.

Programming

• Publishing NuGet packages from GitHub actions the easy way with Trusted Publishing (Andrew Lock) - Nice post that[explains the details of this new secured process on Nuget (.NET package library)

AI

• MCP Prompt-Injection: The Trust Paradox in AI (Saurabh Davala, Sundeep Gottipati) - This is a good post to learn to start learning about the real danger. To be aware of the potential risk and learning about what we can do.

• Why language models hallucinate - Very interesting post that explains the reason why we still have hallucinations and how it works

• Introducing Parallel Thinking for Reka Research (reka) - New feature released that improves the performance of our web research, fantastic!

• Measuring the performance of our models on real-world tasks - Interesting idea of benchmark looking forward to see how evolves

• Introducing Microsoft Agent Framework: The Open-Source Engine for Agentic AI Apps (Takuto , Shawn , Elijah) - Nice evolution of semantic kernel and AutoGen. It comes hot supporting .NET and Python.

Databases

• Data API builder 1.6: Advanced Behaviors with Special HTTP Headers (Jerry Nixon) - Nice quick post about more advanced features on the data API builder (aka DAB)

Miscellaneous

• We all have a choice (Salma Alam-Maylor) - It's all in the title
  

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #665

In this edition, we explore modern development's evolving landscape. From Microsoft's .NET Aspire simplifying distributed applications to AI security considerations, Git workflow optimizations, and backlog management strategies, there's something here to spark your next breakthrough.

The tech world never sleeps, and neither does innovation. Let's explore what caught my attention this week and might just spark your next big idea or solve that problem you've been wrestling with.

Programming

• .NET Aspire - Why We Should Consider It And How To Get Started (Barret Blake) - If you didn't try the .NET Aspire yet, just give it a try, create a new project and after the Ooh! and Aah! I'm sure you will want to use it everywhere.

• How to delete all squash-merged local git branches with one terminal command (Salma Alam-Naylor) - Nice tool. The best ones are often the ones you create yourself. But be careful when it deletes stuff.

• Identity and Access Management for .NET (Khalid Abuhakmeh) - This package looks very interesting to add multiple handlers to an HTTP client. The first question that pops in my mind is why this is not already in .NET, I think it should. I'll definitely give it a try.

AI

• Docker Acquires MCP Defender for Agentic AI Security (Andy Ramirez) - Security stays a priority, and Docker made a good move with this acquisition.

• AI Injection Attacks (ericlaw) - Great post that talks about the current risk when using AI and how we should try to do our best to protect the important information.

Open Source

• Prioritizing your backlog (Mark Downie) - So true! Sorting the backlog is not always that simple.

Podcast

• How to Get Things Done, Stay Focused, and Be More Productive (The Mel Robbins Podcast) - This compelling episode (available in audio and video) takes a fresh approach to productivity. Having read their books, I found the conversation particularly engaging and highly recommend it.

~frank

Reading Notes #660

This week’s notes cover GenAI vs agentic AI, fresh Docker and Aspire news, how to run WordPress in containers, and building apps with React and .NET. Plus a few podcasts worth a listen.

Enjoy!

AI

• GenAI vs. Agentic AI: What Developers Need to Know | Docker (Michael Irwin, Yiwen Xu) - Interesting post that compares the two recent AI types and how they can be used for development, and of course, with containers

Open Source

• Does it Make Sense to Run WordPress in Docker? (Lukas Mauser) - Looking at different options to run  WordPress? Check out this blog post. All the code to do it in a docker container is shared and also details the reasons why you should do it or not

Programming

• Building a Full-Stack App with React and Aspire: A Step-by-Step Guide - .NET Blog (Sayed Ibrahim Hashimi) - A great tutorial that goes into all the details, mixing .NET, React, and containers. It explains how to use Aspire to wrap this all in a simple solution

• Aspire 9.4 is here with a CLI and interactive dashboard features - .NET Blog (Maddy Montaquila) - You release of .NET aspire with many features (I love the externalURL), the great CLI is finally GA, and unfortunately it happens (the release) while David Fowler was in PTO 😉🤣

Podcasts

• Stop fixing wellness symptoms, fix the work (Modern Mentor) - Important wisdom, it's simple and impactful

• Is AI ready for DevOps? (Agentic DevOps) - Great new podcast about AI for DevOps, and it starts by asking if it's ready... What do you think? ;)

• My Favorite AI Terminal, Prompt Injection, and More (Agentic DevOps) - Interesting conversation about terminals and what it can become when AI is integrated. Nice evolution of Warp.

Miscellaneous

• Docker Unveils the Future of Agentic Apps at WeAreDevelopers (Michael Irwin) - Cool ideas and services that are now integrated with docker compose I'll have to try that

Reading Notes #659

This week's reading notes cover a variety of insightful topics, from enhancing your development environment with dev containers on Windows to prioritizing open-source bugs effectively. You'll also find helpful posts on integrating MFA into your login process, exploring RavenDB's vector search capabilities, and understanding the differences between Ask Mode and Agent Mode in Visual Studio.

Happy reading!

A wild turkey in my driveway!?

Suggestion of the week

• Supercharge Your Dev Containers on Windows (Mike Evans-Larah) - A great simple tip that can improve your experience while developing.

Databases

• Using Vector Search for Posts Recommendations (Oren Eini) - Cool demo using Raven DB

Programming

• Why You Should Incorporate MFA into Your Login Process (Suzanne Scacca) - You think the answer is simple, think again. Nice post that explains the difference between 2FA and MFA and why you should or should not implement one of those

• Aspire Dashboard (Joseph Guadagno) - Great deep dive about the Aspire dashboard, learn all the features packed inside it

Open Source

• How I Prioritize OSS Bugs (jeremydmiller) - A very instructive post on a real-life issue. It's harder than people think to prioritize. And it may help you write better bug reports...

AI

• Ask Mode vs Agent Mode - Choosing the Right Copilot Experience for .NET ( Wendy Breiding) - Still not sure what mode to pick in VSCode? Here is a quick post to clarify the options.

• MCP server integration in Visual Studio (Mark Downie) - Great update! That security stuff is very important and a good example using get up to store your tokens love it

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it! 

~frank

Why Your .NET Code Coverage Badge is 'Unknown' in GitLab (And How to Fix It)

In a recent post, I shared how to set up a CI/CD pipeline for a .NET Aspire project on GitLab. The pipeline includes unit tests, security scanning, and secret detection, and if any of those fail, the pipeline would fail. Great, but what about code coverage for the unit tests? The pipeline included code coverage commands, but the coverage was not visible in the GitLab interface. Let's fix that.

(blog post en français ici)

The Problem

One thing I initially thought was that the regex used to extract the coverage was incorrect. The regex used in the pipeline was:

coverage: '/Total\s*\|\s*(\d+(?:\.\d+)?)%/'

That regex came directly from the GitLab documentation, so I thought it should work correctly. However, coverage still wasn't visible in the GitLab interface.

So with the help of GitHub Copilot, we wrote a few commands to validate:

• That the coverage.cobertura.xml was in a consistent location (instead of being in a folder with a GUID name)
• That the coverage.cobertura.xml file was in a valid format
• What exactly the regex was looking for

Everything checked out fine, so why was the coverage not visible?

The Solution

It turns out that the coverage command with the regex expression is scanning the console output and not the coverage.cobertura.xml file. Aha! One solution was to install dotnet-tools to changing where the the test results was persisted; to the console instead of the XML file, but I preferred keeping the .NET environment unchanged.

The solution I ended up implementing was executing a grep command to extract the coverage from the coverage.cobertura.xml file and then echoing it to the console. Here's what it looks like:

- COVERAGE=$(grep -o 'line-rate="[0-9.]*"' TestResults/coverage.cobertura.xml | head -1 | grep -o '[0-9.]*' | awk '{printf "%.1f", $1*100}')
- echo "Total | ${COVERAGE}%"

Results

And now when the pipeline runs, the coverage is visible in the GitLab pipeline!

And the badge is updated to show the coverage percentage.

Complete Configuration

Here's the complete test job configuration. Of course, the full .gitlab-ci.yml file is available in the GitLab repository.

test:
  stage: test
  image: mcr.microsoft.com/dotnet/sdk:9.0
  <<: *dotnet_cache
  dependencies:
    - build
  script:
    - dotnet test $SOLUTION_FILE --configuration Release --logger "junit;LogFilePath=$CI_PROJECT_DIR/TestResults/test-results.xml" --logger "console;verbosity=detailed" --collect:"XPlat Code Coverage" --results-directory $CI_PROJECT_DIR/TestResults
    - find TestResults -name "coverage.cobertura.xml" -exec cp {} TestResults/coverage.cobertura.xml \;
    - COVERAGE=$(grep -o 'line-rate="[0-9.]*"' TestResults/coverage.cobertura.xml | head -1 | grep -o '[0-9.]*' | awk '{printf "%.1f", $1*100}')
    - echo "Total | ${COVERAGE}%"
  artifacts:
    when: always
    reports:
      junit: "TestResults/test-results.xml"
      coverage_report:
        coverage_format: cobertura
        path: "TestResults/coverage.cobertura.xml"
    paths:
      - TestResults/
    expire_in: 1 week
  coverage: '/Total\s*\|\s*(\d+(?:\.\d+)?)%/'

Conclusion

I hope this helps others save time when setting up code coverage for their .NET projects on GitLab. The key insight is that GitLab's coverage regex works on console output, not on the files (XML or other formats).

If you have any questions or suggestions, feel free to reach out!

~frank

How to Have GitLab CI/CD for a .NET Aspire Project

Getting a complete CI/CD pipeline for your .NET Aspire solution doesn't have to be complicated. I've created a template that gives you everything you need to get started in minutes.

(blog post en français ici)

Watch the Video

Part 1: The Ready-to-Use Template

I've built a .NET Aspire template that comes with everything configured and ready to go. Here's what you get:

What's Included

• A classic .NET Aspire Starter project (API and frontend)
• Unit tests using xUnit (easily adaptable to other testing frameworks)
• Complete .gitlab-ci.yml pipeline configuration
• Security scanning and secret detection
• All documentation you need

What the Pipeline Does

The pipeline runs two main jobs automatically:

1. Build: Compiles your code
2. Test: Runs all unit tests, scans for vulnerabilities, and checks for accidentally committed secrets (API keys, passwords, etc.)

You can see all test results directly in GitLab's interface, making it easy to track your project's health.

How to Get Started

It's simple:

1. Clone the template repository: cloud5mins/aspire-template
2. Replace the sample project with your own .NET Aspire code
3. Push to your GitLab repository
4. Watch your CI/CD pipeline run automatically

That's it! You immediately get automated builds, testing, and security scanning.

Pro Tip: The best time to set up CI/CD is when you're just starting your project because everything is still simple.

Part 2: Building the Template with GitLab Duo

Now let me share my experience creating this template using GitLab's AI assistant, GitLab Duo.

Starting Simple, Growing Smart

I didn't build this complex pipeline all at once. I started with something very basic and used GitLab Duo to gradually add features. The AI helped me:

• Add secret detection when I asked: "How can I scan for accidentally committed secrets?"
• Fix test execution issues when my unit tests weren't running properly
• Optimize the pipeline structure for better performance

Working with GitLab in VS Code

While you can edit .gitlab-ci.yml files directly in GitLab's web interface, I prefer VS Code. Here's my setup:

1. Install the official GitLab extension from the VS Code marketplace

Once you've signed in, this extension gives you:

• Direct access to GitLab issues and work items
• AI-powered chat with GitLab Duo

GitLab Duo in Action

GitLab Duo became my pair programming partner. Here's how I used it:

Understanding Code: I could type /explain and ask Duo to explain what any part of my pipeline configuration does by highlighting that section.

Solving Problems: When my solution didn't compile, I described the issue to Duo and got specific suggestions. For example, it helped me realize some projects weren't in .NET 9 because dotnet build required the Aspire workload. I could either keep my project in .NET 8 and add a before_script instruction to install the workload or upgrade to .NET 9; I picked the latest.

Adding Features: I started with just build and test, then incrementally asked Duo to help me add security scanning, secret detection, and better error handling.

Adding Context: Using /include to add the project file or the .gitlab-ci.yml file while asking questions helped Duo understand the context better.

Learn More with the Docs: During my journey, I knew Duo wasn't just making things up as it was referencing the documentation. I could continue my learning there and read more examples of how before_script is used in different contexts.

The AI-Assisted Development Experience

What impressed me most was how GitLab Duo helped me learn while building. Instead of just copying configurations from documentation, each conversation taught me something new about GitLab CI/CD best practices.

Conclusion

I think this template can be useful for anyone starting a .NET Aspire project. Ready to try it? Clone the template at cloud5mins/aspire-template and start building with confidence.

Whether you're new to .NET Aspire or CI/CD, this template gives you a good foundation. And if you want to customize it further, GitLab Duo is there to help you understand and modify the configuration.

If you think we should add more features or improve the template, feel free to open an issue in the repository. Your feedback is always welcome!

Thanks to ‪David Fowler‬ for his feedback!

Reading Notes #655

Welcome to the 655th Reading Notes. This edition explores embedding Python in .NET, working with stacked git branches, and an introduction to cloud-native. Plus, a quick tip for the Azure Portal and using local AI for code reviews. 

Open Source

• Embed Python in .NET applications to run models with transformers (Anthony Simmon) - Yes you read it right, we can now mix python in our .NET code.

Programming

• Working with stacked branches in git (Part 2) (Andrew Lock) - Second part of the series about using multiple branches when doing a feature very interesting

• Upgrade Your Application and Prepare for the Future with .NET Aspire (Mike Yeager) - Great story of a migration. Disposed share the tools used for that migration the reason why they were used very interesting story thank you for sharing your journey

Cloud

• Introduction to Cloud Native Computing (TNS Staff) - Very complete and interesting article that is the perfect point to get started with clout native application covering what it is the strategy the architecture everything

• Azure Tech Tip: Go to Azure Portal with Specific Credentials (Jani Nevalainen) - Nice and easy tip to ease the login

AI

• Local code review with Docker and smollm2 before pushing to git (Gerardo Lopez) - Great idea to validate our code before pushing using the brand new model feature of Docker.

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it!

~frank

Reading Notes #652

This week, we explore a variety of topics, from database containerization and AI security risks to the evolving landscape of gaming devices and cloud technologies. We also explore the shift towards security-first development and the integration of .NET Aspire with SQL Server for integration testing.

Let's dive in!

Suggestion of the week

• GitHub MCP Exploited: Accessing private repositories via MCP (Marco Milanta, Luca Beurer-Kellner) - AI tools are very powerful but also pretty new in our lives. It's important to stay up to date and understand the risks. Not scared, but to see the potential flaws and how to avoid them.

Cloud

• Azure Container Apps vs AKS: Which Is Right for Your Enterprise Application? (Chris Pietschmann) - This post answers a common question about those two services.

Programming

• Beyond DevSecOps: The Rise of Security-First Development (Industry Perspectives) - DevSecOps was a wake-up call, and we need to build our app security first. That seems to make sense, right? Have a read of this post to dig deeper into this idea and understand its foundation

• .NET Aspire dev-time orchestration for SQL Server integration tests (Ian Griffiths) - First post of a series about the spire and database, this one just set the initial setup. Stay tuned for more

Databases

• Running a MySQL database in a Docker Container (Mercy Bassey) - Running databases in a container is a real game changer for developers.

Miscellaneous

• SteamOS puts the pressure on Microsoft’s Xbox-branded handheld (Tom Warren) - Gaming devices are in a completely different world, and, normally, all OS need to adapt. A fascinating post about steamOS and the future of Windows in that scope

~frank

Reading Notes #651

Welcome to another edition of my reading notes! This week brings some fascinating insights into AI's real-world impact, exciting developments in .NET and containerization, plus practical tools for improving our development workflows. 

From local AI-powered code reviews to Docker security hardening and the upcoming .NET 10 features, there's plenty to explore.

 

AI

• The promise that wasn’t kept (Salma Alam Maylor) - Interesting thoughts about AI and its impact on our work but also on our life, and the planet.

• Local code review with Docker and smollm2 before pushing to git (Gerardo Lopez) - This is a really cool idea! I'll have to try it.

Programming

• Converting a docker-compose file to .NET Aspire (Andrew Lock) - Cool experiment. I must say I did the same thing, and I encourage you to do it too!

• Inside GitHub: How we hardened our SAML implementation (Greg Ose, Taylor Reis) - Very interesting post that pushes the curtain a little bit so we could see behind the scene how this very used but notification system works and has been updated

• Announcing dotnet run app.cs - A simpler way to start with C# and .NET 10 - .NET Blog (Damian Edwards) - That's a really cool new feature (that we can test in C# preview), It will be so useful in automation!

Cloud

• Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production (Michael Donovan, Nikhil Kaul) - Security is the concern of everyone. I like this idea of like more secure but still flexible container images. Have a look and see for yourself

• Podman vs. Docker: Containerization Tools Comparison (James Walker) - A nice post that explains the difference at a high level. This isn't a command-to-command comparison, but more scenarios and performance.

Miscellaneous

• Enhance productivity with AI + Remote Dev (Brigit Murtaugh, Christof Marti, Josh Spicer, Olivia Guzzardo McVicker) - I love the dev container environments, they are so useful! And I also use the remote one when I'm not on my dev device so easy. Happy to see that Copilot will be right there with me.

~frank

Reading Notes #650

It's time for another edition of Reading Notes! This week brings exciting developments in the open source world, with major announcements from Microsoft making WSL and VS Code's AI features open source. We've also got updates on Azure Container Apps, .NET Aspire, and some great insights on developer productivity tools.

 

Let's dive into these interesting reads that caught my attention this week.

Cloud

• Happy 5th Birthday Bicep! (Sam Cogan) - What?! Five years already! That's incredible, I remember all the discussion about how we make our business better and honestly, bicep is a big success. Congrats to the team

• Have I Been Pwned 2.0 is Now Live! (Troy Hunt) - New look, new merch, and confetti, all without API breaking changes! Learn all about this major update in this post.

• Announcing Workflow in Azure Container Apps with the Durable task scheduler – Now in Preview! (greenie) - Exciting news about a new service. It looks solid and perfect for integration scenarios. Looking forward to experimenting with it.

Programming

• Pushing a whole stack of branches with a single Git command (Andrew Lock) - I'm always amazed to learn how people use git. This post shares a very smart way to push clear feature in multiple branches

• What's new in .NET Aspire 9.3 (David Pine) - Wow! How so many great new features can be added in a single version?! Aspire is a must for all .NET developers.

• Accelerate Your .NET Upgrades with GitHub Copilot (McKenna Barlow) - That's the tool I've been waiting for ages! Adding a Copilot to the extension is the smartest move they could make. I'm going to update an app right away. I'll share more later

Open Source

• Edit is now open source (Christopher Nguyen) - That's a great news! I installed it half through the post and it great! Fast, simple, and tiny!! Love it!

• The Windows Subsystem for Linux is now open source (Pierre Boulay) - And another project that turns out to be open source, I love it, it's just fantasti,c read all the details and dispose

• VS Code: Open Source AI Editor (VS Code team) - I strongly believe in open source. Very happy to see this change!

AI

• Agent mode for every developer (Katie Savage) - Great new for everyone as the agent mode become available in so many different editor. This post also contains videos to shows some scenarios.

Podcasts

• Reimagining the Windows Terminal with Warp's Zach Lloyd (Scott Hanselman) - A very interesting talk with the CEO of Warp that answers so many questions I had about this very different terminal. Really interesting episode, and terminal too BTW)

• The power of empathy in leadership with Jerry Colonna (Macmillan Holdings, LLC) - This very interesting episode is about the power of empathy in leadership.

• 362. Maximal Fitness with Minimum Time with Ben Greenfield (Part 1) (Greg McKeown) - Interesting conversation with a triathlete about different ways to train and nutrition

Miscellaneous

• The experience is enough (Salma Alam-Naylor) - Whether we like it or not, we are people creature. We all need to stop hiding behind our screens and get out there!

~frank

Full-Stack Azure Deployment Made Easy: Containers, Databases, and More

Automating deployments is something I always enjoy. However, it's true that it often takes more time than a simple "right-click deploy." Plus, you may need to know different technologies and scripting languages.

(Version française ici)

But what if there was a tool that could help you write everything you need—Infrastructure as Code (IaC) files, scripts to copy files, and scripts to populate a database? In this post, we'll explore how the Azure Developer CLI (azd) can make deployments much easier.

What do we want to do?

Our goal: Deploy the 2D6 Dungeon App to Azure Container Apps.

This .NET Aspire solution includes:

• A frontend
• A data API
• A database

The Problem

In a previous post, we showed how azd up can easily deploy web apps to Azure.

If we try the same command for this solution, the deployment will be successful—but incomplete:

• The .NET Blazor frontend is deployed perfectly.
• However, the app fails when trying to access data.
• Looking at the logs, we see the database wasn't created or populated, and the API container fails to start.

Let's look more closely at these issues.

The Database

When running the solution locally, Aspire creates a MySQL container and executes SQL scripts to create and populate the tables. This is specified in the AppHost project:

var mysql = builder.AddMySql("sqlsvr2d6")
                   .WithLifetime(ContainerLifetime.Persistent);
                
var db2d6 = mysql.AddDatabase("db2d6");

mysql.WithInitBindMount(source: "../../database/scripts", isReadOnly: false);

When MySQL starts, it looks for SQL files in a specific folder and executes them. Locally, this works because the bind mount is mapped to a local folder with the files.

However, when deployed to Azure:

• The mounts are created in Azure Storage Files
• The files are missing!

The Data API

This project uses Data API Builder (dab). Based on a single config file, a full data API is built and hosted in a container.

Locally, Aspire creates a DAB container and reads the JSON config file to create the API. This is specified in the AppHost project:

var dab = builder.AddDataAPIBuilder("dab", ["../../database/dab-config.json"])
                .WithReference(db2d6)
                .WaitFor(db2d6);

But once again, when deployed to Azure, the file is missing. The DAB container starts but fails to find the config file.

The Solution

The solution is simple: the SQL scripts and DAB config file need to be uploaded into Azure Storage Files during deployment.

You can do this by adding a post-provision hook in the azure.yaml file to execute a script that uploads the files. See an example of a post-provision hook in this post.

Alternatively, you can leverage azd alpha features: azd.operations and infraSynth.

• azd.operations extends the provisioning providers and will upload the files for us.
• infraSynth generates the IaC files for the entire solution.

💡Note: These features are in alpha and subject to change.

Each azd alpha feature can be turned on individually. To see all features:

azd config list-alpha

To activate the features we need:

azd config set alpha.azd.operations on
azd config set alpha.infraSynth on

Let's Try It

Once the azd.operation feature is activated, any azd up will now upload the files into Azure. If you check the database, you'll see that the db2d6 database was created and populated. Yay!

However, the DAB API will still fail to start. Why? Because, currently, DAB looks for a file, not a folder, when it starts. This can be fixed by modifying the IaC files.

One Last Step: Synthesize the IaC Files

First, let's synthesize the IaC files. These Bicep files describe the required infrastructure for our solution.

With the infraSynth feature activated, run:

azd infra synth

You'll now see a new infra folder under the AppHost project, with YAML files matching the container names. Each file contains the details for creating a container.

Open the dab.tmpl.yaml file to see the DAB API configuration. Look for the volumeMounts section. To help DAB find its config file, add subPath: dab-config.json to make the binding more specific:

containers:
    - image: {{ .Image }}
      name: dab
      env:
        - name: AZURE_CLIENT_ID
          value: {{ .Env.MANAGED_IDENTITY_CLIENT_ID }}
        - name: ConnectionStrings__db2d6
          secretRef: connectionstrings--db2d6
      volumeMounts:
        - volumeName: dab-bm0
          mountPath: /App/dab-config.json
          subPath: dab-config.json
scale:
    minReplicas: 1
    maxReplicas: 1

You can also specify the scaling minimum and maximum number of replicas if you wish.

Now that the IaC files are created, azd will use them. If you run azd up again, the execution time will be much faster—azd deployment is incremental and only does "what changed."

The Final Result

The solution is now fully deployed:

• The database is there with the data
• The API works as expected
• You can use your application!

Bonus: Deploying with CI/CD

Want to deploy with CI/CD? First, generate the GitHub Action (or Azure DevOps) workflow with:

azd pipeline config

Then, add a step to activate the alpha feature before the provisioning step in the azure-dev.yml file generated by the previous command.

- name: Extends provisioning providers with azd operations
  run: azd config set alpha.azd.operations on     

With these changes, and assuming the infra files are included in the repo, the deployment will work on the first try.

Conclusion

It's exciting to see how tools like azd are shaping the future of development and deployment. Not only do they make the developer's life easier today by automating complex tasks, but they also ensure you're ready for production with all the necessary Infrastructure as Code (IaC) files in place. The journey from code to cloud has never been smoother!

If you have any questions or feedback, I'm always happy to help—just reach out on your favorite social media platform.

In Video

Here the video version of this blog post.

References

• 2D6 Dungeon App GitHub Repository
• Azure Developer CLI (azd)
• Data API Builder (dab)

Reading Notes #646

Welcome to this week's collection of fascinating reads across cloud computing, AI, and programming! As technology continues to evolve at breakneck speed, I've gathered some of the most insightful articles that caught my attention. From securing MCP servers to exploring Rust, there's something here for every tech enthusiast. 

Dive in and discover what's new in our rapidly changing digital landscape.

Cloud

• Azure API Management Your Auth Gateway For MCP Servers | Microsoft Community Hub (PranamiJ) - Why all the fuss about MCP, we must not forget security. This post suggests a simple solution.

AI

• How Azure Copilot Helped Me Quickly Troubleshoot a Demo (David Giard) - That's a good example of how AI can help you not do the job for yourself but avoid mistakes and do it faster.

• Secure Remote MCP Servers With Entra ID And Azure API Management (Den Delimarsky) - Nice solution in Python to secure your MCP servers

Programming

• When ASP.NET Core Identity Is No Longer Enough (Andrea Chiarelli) - Authentication and authorization have an important place in our Apps. This post shares details about how things work and the different processes.

• New Docker Extension for Visual Studio Code (Remy Suen) - This extension was already a must, they made it better, it's a must must! But seriously give it a try and try it by yourself.

• From C# to Rust: A 42-Day Developer Challenge (Chris Woodruff) - Cool tease of an experiment that promises a lot of learning.

• How to Programmatically Create MS Word DOCX Documents with .NET C# on Linux (Bjoern Meyer) - Cool package that helps create Word documents. Perfect when running in a Linux container.

• Preview 2 of the .NET AI Template Now Available (Jordan Matthiesen) - New templates with AI, Qadran and Aspire, oh boy life is good!

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it!

~Frank

Reading Notes #645

Welcome to this week's reading notes! I've found some great articles that caught my eye - from security tips for MCP servers to exciting updates in Rust and AI. Whether you're into cloud services, programming tools, or wondering about the future of coding with AI, there's something here for you.

Let's dive in!

 

Programming

• The Aspire Compiler (David Fowler) - I really appreciate Aspire. It's one of the tools that completely changed my experience as a developer. Learning more about it is, without a doubt, interesting.

• Verifying tricky git rebases with git range-diff (Andrew Lock) - Is it possible to really master Git? There is always something new to learn. Nice post going deep.

• Azure SDK for Rust Goes Beta (Nikos Vaggalis ) - Great news for the Rust developer, this is an important milestone.

AI

• Calling MCP Servers in C# with Microsoft.Extensions.AI (Mark Heath) - Many options, new tools, fresh possibilities, it's only missing our ideas.

• If LLMs Can Code, Why Are We Building More IDEs? (Mark Downie) - That's an excellent question, and I agree with Mark.

• Understanding and mitigating security risks in MCP implementations (Sarah Young) - The MCP servers are opening many opportunities, and it's important to know the risk. This post is a must.

• Build MCP Remote Servers with Azure Functions (Matt Soucoup) - A quick post that shows how a serverless MCP server can be hosted Azure and be secure; all code included.

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it!

~Frank