Welcome to this week’s reading notes! In this post, you’ll find a curated selection of insightful articles and tutorials covering various topics in technology and programming. Whether you’re looking to enhance your testing skills with .NET Aspire, improve your code comprehension with GitHub Copilot, or explore the world of Docker for DevOps, there’s something here for everyone. Dive in and enjoy these valuable resources!
If you have interesting content, share it!
Suggestion of the week
Getting started with testing and .NET Aspire (Aaron Powell) - This is a great tutorial, with a video version if you prefer, to get us started with test when .NET Aspire is part obor solution.
Hosting a (DevOpsDays) Tech Conference (Dewan Ahmed) - I went to this even and you could feel it was prepared with patio and care. It very interesting to learn about the behind the scene and all the work put both before and after.DevOpsDay Halifax you won my heart.
It's Reading Notes time and this week we learn how to improve our experience and security while using AI and containers
a zip line spider?
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Avoid These 5 Common AI Project Mistakes for Success (Narcosa Admin) - AI is a great tool and with it's new easy accessibility more are integrating it into there services, This post shares tips to give you more chance of success.
7 Best Practices for Using GitHub Copilot (Visual Studio Code team) - AI is a great tool, but to enjoy it as much as possible there are a few things we can do, This post shares those tips that could make the differences.
Less posts and articles this week, I was devouring books! I guess a special "book edition" of the Reading Notes should be coming soon...
If you are new on this blog, welcome! The reading notes post is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Debug Containers with Mintoolkit (DevOps and Docker Talk: Cloud Native Interviews and Tooling) - Great episode about the intricacy of debugging containers and a tool mintoolkit,before knows as DockerSlim, that could really simplify things for us.
Fine tuning Products with Stanza System's Stacie Frederick (Hanselminutes with Scott Hanselman) - Do we really need to have that automatic build and deployment x time by week, or day? Are far should we go? Are we trying to solve a real problem or just find a solution we think we need. Great episode that will help you answering those questions.
Better ways to have tricky conversations at work (Modern Mentor) - It's been many stories I heard from people who quit their job before even talking to their manager... This short episode will provides you a few tips to get more prepare and try different alternative.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Easier to fix async exceptions (Mark Downie) - Debugging Asynchronous code as been always more complicated, looking forward to seeing (and using) that new capability in .NET 9.
How to make your web page faster before it even loads (Salma Alam-Naylor) - To make sure our users have he best experience possible it important to fine-tune some little details. This post goes deep and explains them very well.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Back from a two weeks time off it was nice to get back into tech read.
Adding .NET Aspire to your existing .NET apps (Jon Galloway) - This great post explains step by step how to add .NET Aspire to your existing app, saying what you gain and how it's helping you to be faster at buildinba better application.
Combining multiple docker images into a multi-arch image (Andrew Lock) - Another great article from Andrew that explains very clearly a Docker feature: generate multiple image under the same ta to target different OS and infrastructure (ex: x64,arm32)
Logging in Banana Cake Pop (Pascal Senn) - What a amazing new feature! This will greatly improve development and debugging productivity!
The ultimate guide to developer happiness (Jeimy Ruiz) - Many great tools and solution within GitHub "circle". This post provides best practices to improve developers productivity and announces when the next GitHub Universe is coming up.
Good Monday! This week Reading Notes are more listening notes 😅 and we go from .NET Aspire and containers, passing by communication with AI to camping!
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Introducing .NET Aspire with Damian Edwards (Hanselminutes with Scott Hanselman) - Nice episode where .NET Aspire is really well explained, but yes it's kind of hard to say in a few words what it is.
CosmosDB and AI with Mark Brown (.NET Rocks!) - AI and data! AI and data! AI and data! It's not a typo, I wrote it 3 times... It's everywhere, evolving fast and you must look at it.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
You also read something you liked? Share it!
Cloud
It's Finally Possible To Hibernate Azure VMs (Sam Cogan) - This new feature must be such a relief for all the VM users. Make sure to read this post to know the requirements of the VM tone able to hibernate it.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Making C# Simple with Fluent Techniques (Niraj Ranasinghe) - Nice post. I didn't realise that Fluent path was used in so many places. It makes it so cleaner when we can use it.
AI
Visual Studio Code AI Toolkit: Run LLMs locally (Shreyan Fernandes) - It goes so fast! It used to be complicated to get AI and now we can get one locally directly from vs code... Quick post to get us started.
Episode 1900 with Scott Hanselman! (.NET Rocks!) - Three of my favorite people in the word in a single episode! It was such a pleasure to listen pleasure to listen talk about all those little stories. Long live to .NET Rocks (and HanselMinutes)
8 Learning Paths for Beginners on GitHub (Cynthia Zanoni) - Wow! so many very cool learning Path to get started with anything you can think about it. I may do one or two just to refresh my knowledge.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Bringing the Aspire dashboard to ACA (Mark Downie) - One of the great tool that was released with Aspire is its dashboard as it shows traces across services. This post shares how to enable this amazing tool in Azure.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
You also read something you liked? Share it!
Cloud
Azure Developer CLI (azd) – Build 2024 Recap (Grace Kulin) - All developers should look at how it can really speedup and simplify your Azure deployment and ease the creation of your infrastructure as code file (bicep and terraform).
Announcing the AI Toolkit for Visual Studio Code (John Lam) - Nice! The favorite editor of so many now have an AI extension! I missed the Microsoft Build sessions with the demos. Lucky me they are available on demand!
I used to hardcode my password in my demos and code samples. I know it's not a good practice, but it's just for demo purposes, it cannot be that dramatic, right? I know there are proper ways to manage sensitive information, but this is only temporary! And it must be complicated to remove all the passwords from a deployment... It turns out, IT IS NOT difficult at all, and that will prevent serious threats.
In this post, I will share how to remove all passwords from a docker-compose file using environment variables. It's quick to setup and easy to remember. For production deployment, it's better to use secrets, because environment variables will be visible in logs. That said, for demos and debugging and testing, it's nice to see those values. The code will be available on GitHub. This deployment was used for my talks during Azure Developers .NET Days: Auto-Generate and Host Data API Builder on Azure Static Web Apps and The most minimal API code of all... none
The Before Picture
For this deployment, I used a docker-compose file to deploy an SQL Server in a first container and Data API Builder (DAB) in a second one. When the database container starts, I run a script to create the database tables and populate them.
As we can see, the password is in clear text twice, in the configuration of the database container and in the parameter for sqlcmd when populating the database. Same thing for the DAB configuration file. Here the data-source node where the password is in clear text in the connection string.
The easiest password instance to remove was in the sqlcmd command. When defining the container, an environment variable was used... Why not use it! To refer to an environment variable in a docker-compose file, you use the syntax $$VAR_NAME. I used the name of the environment variable MSSQL_SA_PASSWORD to replace the hardcoded password.
/opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql
Second Pass: .env File
That's great but the value is still hardcoded when we assign the environment variable. Here comes the environment file. They are text files that holds the values in key-value paired style. The file is not committed to the repository, and it's used to store sensitive information. The file is read by the docker-compose and the values are injected. Here is the final docker-compose file:
Note the env_file directive in the services definition. The file .env is the name of the file used. The ${SA_PWD} tells docker compose to look for SA_PWD in the .env file. Here is what the file looks like:
SA_PWD=This!s@very$trongP@ssw0rd
Conclusion
Simple and quick. There are no reasons to still have the password in clear text in the docker compose files anymore. Even for a quick demo! Of course for a production deployment there are stronger ways to manage sensitive information, but for a demo it's perfect and it's secure.
During Microsoft Build Keynote on day 2, Julia Liuson and John Lambert talked about how trade actors are not only looking for the big fishes, but also looking at simple demos and old pieces of code, looking for passwords, keys and sensitive information.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.
Docker Compose Profiles, one the most useful and underrated features (Oskar Dudycz) - Woah! For now on, I shall have a profile in all my docker compose file. We'll probably not all, but I'm definitely using them. This post is the perfect place to get started and understand what are profile and how to use it.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
An introduction to primary constructors in C#12 (Andrew Lock) - Wow! This post dig into what can and cannot do the new constructors in C#. Example by example trying more complex scenarios, fascinating!
DevOps
Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.
Miscellaneous
Introducing Plans on Microsoft Learn (Kaberi Bell) - Would it be to be a data engineer, AI specialist, app builder there's a plan for you and that's a very cool new feature on learn have a look this blog post explain all of it
How Do You Measure Developer Experience? (Jennifer Riggins) - An interesting article about what and how measure performance. I didn't know so many system and details concepts were that detailed.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Think Faster, Talk Smarter with Matt Abrahams (Modern Mentor) - Interesting episode about how to become a better communicators in both formal and informal situations. Matt is the author a book on that topic.
DevOps Adoption for IT Managers (Chris Pietschmann) - Interesting post that shares the benefits of DevOps for your enterprise and how to approach it as a manager.
Cascadia Code 2404.23 (Christopher Nguyen) - I used to do ASCII art back on my C=64... Now that all those new fonts and symbols are added should I start again? Nice to have all the options available to be able to display everything we need|the console.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Having interesting content? Share it!
Suggestion of the week
Announcing: Azure Developers (Mehul Harry) - Looking forward to this event. I have the pleasure to present a session with Jerry Nixon about Data API Builder. Join us!
Cloud
Demystifying Azure CLI pagnination (Jeremy Li) - That's great! It's so sad when all the information is "throw" on us without any control and it's on us to find our "needle" we are looking for in those screens full of line. This will definitely helps.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
What is an RDP Browser? (And How To Get One) (Peter) - A great alternative when you want to test on different browser or version of a browser, for gaming, And also for cyber security when investigating.
In this post, I will share a few things that we need our attention when deploying a .NET isolated Azure Function from GitHub to Azure using the Zip Deploy method. This method is great for fast deployment and when your artefacts are zipped in a package.
Note The complete code for this post is available on GitHub
Understanding Zip Push/Zip Deploy
Zip Push allows us to deploy a compressed package, such as a zip file, directly to Azure. It could be part of a continuous integration and continuous deployment (CI-CD) or like in this example it could replace it. This approach is particularly useful when you want to ensure your artifacts remain unchanged across different environments or when aiming for the fastest deployment experience for users.
While CI-CD is excellent for keeping your code up-to-date, zip deployment offers the advantage of speed and consistency. It eliminates the need for compilation, leading to quicker uploads and deployments.
Preparing Your Package
It’s crucial to package with all necessary dependencies the code required. There is no operation to fetch any external packages during the deployment, the zip file will be decompressed and that's it. The best way to ensure you have everything you need is to publish your code, to a folder and then go in that folder and zip all the files.
dotnet publish -c Release -o ./out
Don't zip the folder, it won't work as expected.
You need to go inside the folder and select all the files and zip them to create your deployment artefact.
The next step is to make your artefact available online. There are many ways, but for this post we are using GitHub Realease. From the GitHub repository, create a new release, upload the zipped file created earlier and publish it. Note the URL of zipped files from the release.
Preparing The ARM Template
For this one-click deployment, we need an Azure Resource Manager (ARM) template. This is a document that describes the resources that we want to deploy to Azure. To deploy the zipped file into the Azure Function there are two particularities that required our attention.
Here we define an Windows Azure Function and the WEBSITE_RUN_FROM_PACKAGE needs to be set to 1. The WEBSITE_RUN_FROM_PACKAGE is the key that tells Azure to use the zip file as the deployment artefact.
Then to specify where the zip file is located we need to add an extension to the Azure Function.
The packageUri property is the URL of the zipped file from the GitHub release. Note the dependsOn property that ensures the Azure Function is created before the extension is added. The complete ARM template is available in the GitHub repository.
One-click Deployment
When you have your artefact and the ARM template uploaded to your GitHub repository, you can create a one-click deployment button. This button will take the user to the Azure portal and pre-fill the deployment form with the information from the ARM template. Here is an example of the button for markdown.
[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FFBoucher%2FZipDeploy-AzFunc%2Fmain%2Fdeployment%2Fazuredeploy.json)
The has three parts, the first is the image that will be displayed on the button, the second is the link to the Azure portal and the third is the URL of the ARM template. The URL of the ARM template is the raw URL of the file in the GitHub repository, and it needs to be URL encoded. The URL encoding can be done using a tool like URL Encode/Decode.
Final Thoughts
Zip deployment is a powerful tool in your Azure arsenal by itself of part of a more complex CI-CD pipeline. It's a great way to make it easier for people to deploy your solution in their Azure subscription without having to clone/ fork the repository.
Video version
If you prefer, there is also have a video version of this post.
It's reading notes time! It is a habit I started a long time ago, close to 600 weeks ago in fact, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Is Your Container Image Really Distroless? (Laurent Goderre) - Nice post that explains a new way to improve security and more while building our container by going distroless.
Azure PowerShell Tips and Tricks (Paul Harrison) - PowerShell is a very interesting and useful script language.All those tips are pure wisdom!
DevOps
Beautiful .NET Test Reports Using GitHub Actions (Sean Killeen) - It's true that the unit test result in Azure DevOps looks amazing. Pretty nice adaptation in GitHub Action, could/ should it be native?
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Blazor WebAssembly Virtual File System Access (Michael Washington) - A nice tutorial the show us how to keep file (aka data) in the browser of the visitor. All the code is available.