Time commitment: 4.5 hours over 2 consecutive days
Format: pre-recorded video, no live interaction with presenters or attendees. Questions to moderators were accepted, I didn’t use or see evidence of use.
TL;DR: Microsoft are investing very heavily in GitHub becoming an end-to-end development infrastructure solution. They want you to move on from Azure DevOps, to push dev workloads into the (their) cloud, and exploit automations for improved security, quality and delivery.
- Git is an open Source Code Control system SCCS https://en.wikipedia.org/wiki/Source_Code_Control_System.
- GitHub is a service and functional layer over Git and is proprietary.
- I’ve used GitHub for many years for code management and backup, both personal and intra-team. I currently use Azure DevOps for some CI/CD.
- It’s easy to overlook that Microsoft have owned GitHub since 2018, it’s notably not visibly MSFT branded.
- MSFT appear to be very heavily investing in and promoting GitHub, in particular its added layers of DevOps and coder support functionality. Their message: this is the horse to bet on, there is much more here than SCCS.
- By contrast it appears MSFT’s competing Azure DevOps product is being gently sidelined.
- GitHub integration with Microsoft Teams was highlighted. (“Teams everywhere” seems also to be a MSFT priority).
- GitHub has some light project management functions built-in, I currently prefer Jira.
- Agile work practices (Sprints, Scrums, User Stories).
- CI/CD: continuous integration, continuous d(eployment | elivery)
- Quality First: zero compromise on code quality, accept implementations maybe partial. Software is never finished. Iterate fast.
- Push quality upstream. Shift security left (earliest possible in development workflow).
- GitHub Codespaces - cloud based containerised development environment for any GitHub repo. Presumably takes some time to set up and configure, then brings benefit of significantly streamlining dev. onboarding, standardising and encapsulating dev environment, coding from browser or an on-device IDE, removing dependency on device’s capabilities. Alternative, Windows based: Microsoft Dev Box. I sometimes engage freelancers on short term, task specific workloads, this could be very beneficial once the setup overhead is dealt with.
- Azure App Configuration https://azure.microsoft.com/en-us/products/app-configuration/ - store configuration params and settings in the cloud. Use for ‘feature flagging’ eg enabling/disabling product features for user cohorts, perhaps for A/B testing. NB not for passwords or secrets, see Azure key Vault.
- GitHub Dependabot - automated dependence vulnerability management.
- GitHub CodeQL - code analysis engine, automated code scanning for vulnerabilities. Bugs, errors.
- GitHub Secret scanning - scan source code for embedded secrets, alert on find.
- It then delved into Bicep vs ARM and some other deeper tech. Was too fast to follow code detail, mostly a capability overview.
Sorry my notes stop here, I didn't anticipate writing this up. I’ll update in comments with anything new.
Cover image is gen-ai, copy is all human!
Omitted to mention: GitHub Actions (as I already knew about them so didn't note).