GitHub Featured Investigating az-cli performance on the hosted Azure Pipelines and GitHub Runners I've been building a few more workflows and pipelines over the past few days and had been experimenting with the az-cli. And I've been running into all kinds of performance issues.
Azure DevOps Pipelines VSBuild task fails on self-hosted Azure Pipelines Agent Today I got this baffling error while trying to run one of the few pipelines I own that requires a self-hosted agent. 2023-09-18T13:24:55.1897667Z ##[section]Starting: VSBuild 2023-09-18T13:24:55.2042232Z ============================================================================== 2023-09-18T13:24:55.2042611Z Task : Visual Studio build 2023-09-18T13:24:55.2042705Z Description : Build with MSBuild and
GitHub Actions Featured Protect the repository hosting your GitHub Action It comes as no surprise that the tags and branches solution to version GitHub Actions is weak at best. There have been rumors of Actions moving to a different model (GitHub Container Registry), but that is yet to see the light.
Azure DevOps Featured Publish Azure DevOps Extensions using Azure Workload Identity As you may know, I maintain several Azure DevOps Extensions. To publish them I use the Azure DevOps extension tasks. And to authenticate you must provide a Personal Access Token.
git Tips & tricks: Git under WSL and windows Since the introduction of WSL I've started to rely on it more and more, but there are still a few quirks when dealing with multiple environments that access the same repo on disk.
Azure DevOps Pipelines Hey! You broke our pipeline! One of the advantages of Azure Pipelines is that it automatically updates your tasks to the latest minor version. That way you don't have anything to stay up-to-date. But this also has disadvantages. Both Microsoft and Extension Authors can accidentally break your pipelines.
GitHub Featured Enable RenovateBot for Azure Pipelines In my report on the Security state of the Azure DevOps Marketplace I came to the unfortunate conclusion that about 40% of the extensions contain vulnerabilities. One of the recommendations for both Azure DevOps administrators and pipeline authors was to keep the Azure Pipelines Tasks up-to-date.
Azure DevOps Pipelines Speeding up the Azure DevOps Extension tasks I've been maintaining and using the Azure DevOps Extension tasks for years now and I've always been frustrated by the slowness of some steps.
Azure DevOps Featured Security state of the Azure DevOps Marketplace This report focusses on the Azure Pipelines extensions in the Marketplace. At the time of compiling the report there are 1460 extensions in the "Azure Pipelines" category. More than 500 have one or more vulnerabilities or vulnerable dependencies.
Azure DevOps Server 2022 Definitive solution for log4shell in Azure DevOps Server Search Last year around this time the log4shell bug in log4j was made public. Older versions of Team Foundation Server and Azure DevOps Server ship with Elastic Search to power its advanced search features. The version that ships with these versions is quite old and was never truly fixed, only patched.
GitHub What's GitHub's new require approval of the most recent push policy all about? The "require approval of the most recent push" protection rule was recently introduced (oct 2022).
GitHub Actions Issuing workflow commands from the Windows shell in GitHub Actions I don't think you should, I'm not sure you want to... But in case you need to... Here's how to correctly issue a GitHub Actions workflow command from the windows shell.
Ghost Update Ghost blogs and pages with PowerShell In order to remove a bit of repetitive manual work from my schedule I wrote a little sync between my Scrum.org class schedule to this blog.
GitHub Actions Upgrade Hosted Agent / GitHub Runner PowerShell I had recently fixed a bug in one of my build scripts by upgrading to the latest PowerShell Preview version. Of course, that version isn't yet available on the hosted agent for Azure Pipelines and GitHub Actions.
GitHub Be Secure and Compliant with GitHub How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant? Unfortunately, many of these questions arise after the fact. After the application has been built, or even
git Installing git-filter-repo on windows I've been trying to get git-filter-repo to work on Windows and WSL today and it's been quite a struggle. The docs are pretty limited and call out I may have to update some values in the script itself to make things work. But doesn't spell out what to fix and
GitHub Customizing Codespaces You’ve probably had this situation at least once on your career: you join a new team and it takes you at least 10 days to finally get the build to succeed on your local machine, the tests to pass, the application to launch without issues, and for the debugger
Scrum Ask a Professional Scrum Trainer - Scaling Scrum with Nexus - Part 2 Scrum itself is a simple framework for effective team collaboration on complex products. While it is lightweight and simple to understand, challenges do arise.
Security Log4J – A 10 step mitigation plan There is already a lot of attention on the #Log4J vulnerability. It is all over the news while we write this blog. Many customers have asked us what to do. In this blog we give some advice on how to deal with the Log4j vulnerability and similar vulnerabilities in the future.
Azure DevOps Featured Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability Azure DevOps can be configured with advanced Code Search. That feature relies on Elastic Search. Depending on the age of your server, JVM version and Elastic Search version this may result in your setup being vulnerable to CVE-2021-44228.
Visual Studio 2022 Adding Visual Studio 2022 to Azure DevOps Server 2020 Visual Studio 2022 is out! But Azure DevOps Server hasn't had a release to support it yet. This means that in Azure Pipelines it won't detect your freshly installed copy of Visual Studio 2022.
git Use Visual Studio 2022 as merge tool in Tower Tower recently released a major upgrade of it's already outstanding Git Client. Microsoft shipped Visual Studio 2022 not too long ago either. This is how you integrate the two.
Azure DevOps "Fixing" massive parallel builds on Azure Pipelines with TFVC Last weekend I helped migrate a client from Team Foundation Server 2017 to Azure DevOps in the cloud. One of the many reasons to migrate was the ability to leverage the hosted pool to do builds and not having to maintain build servers.
Azure DevOps Pipelines Renaming an Azure Pipeline task in an existing Azure DevOps extension I have many Azure DevOps Extensions. Some recent, but also tasks dating back to 2015 when the extensibility model for build tasks forst appeared. Over time much has changed in Azure Pipeline Land...
Azure DevOps Accessing Azure DevOps APIs with large volumes of data Most REST APIs exposed by Azure DevOps are limited in the amount of data they will return. You can choose to override the default number by passing a $top=### query string parameter. Azure DevOps will try to honor this request, but I've seen it refuse and return a lower number anyway.