Authenticating to Azure in GitHub Actions requires a secret for a Service Principal. However, at Universe, GitHub released a new OIDC-based authentication mechanism that eliminates the need for secrets in secure deployments.
Reusable workflows are great, but how do you ensure that teams are using your reusable workflows? In this post I show how you can structure repos, teams and environments to ensure standardization for your workflows.
Code security is becoming more important for modern software development. What about code quality metrics? How do code quality metrics and code security compare and contrast? I’ll discuss some thoughts in this post.
Do you need to deploy to private VNets using GitHub Actions, but don’t want to have to keep self-hosted runners running all the time? In this post I show you how you can use Ephemeral Runners to create on-demand self-hosted runners.
Newly released Reusable Workflows allows you to reuse workflows in your GitHub workflows. While this still has some limitations, it’s still better than copy/paste!
If you’re managing backlogs in Azure Boards but using GitHub Actions for CI/CD, you may have scenarios where you want to create Work Items from an Action.
Composite Actions now allow you to run other Actions, not just script steps. This is great for composability and maintainability, but there are some limitations that you should be aware of.
CodeQL is a powerful code scanning tool that can be integrated into your pipelines. In this post I show you some basics, as well as how to develop and integrate custom queries into your pipelines.
GitHub Actions can be used for Continuous Deployment (CD) - but there are some rough edges. In this post I take you through a deep dive and lift the kimono on Actions.
Generally limiting WIP is discussed in the context of work item tracking - but too much WIP has detrimental effects on branching, testing, architecture and technical debt too!
