MindByte Issue #79: What do Issues and PRs tell you about team dynamics

Preview Environments, GraphQL for GitHub Project Status Updates, Arazzo for API Workflow, API security, .NET Upgrade assistant and .NET Aspire

Welcome back, and for all the new subscribers, welcome aboard!

To ensure you keep getting these updates seamlessly, please move this email to your primary inbox or mark it as important. A quick reply like "got it" also helps boost visibility. This edition covers exciting topics such as:

  • What do issues and pull requests tell about your team's efficiency?

  • Do you want to test Pull Requests before they get merged using Preview Environments?

  • Learn more about Arazzo, a spec to create workflow between different API endpoints.

  • What did Microsoft learn from dropping a data center into the ocean?

New here? Subscribe here to stay updated. Let's dive in.

GitHub Digest

Recently, GitHub Projects got some nice improvements in the form of Project Status Updates. Allowing you to add updates and describe the state of a project. Now, you can also use GraphQL to interact with Status Updates programmatically.

As polling for changes is ineffective, you can also use webhooks to be informed about updates.

A group of researchers used 56 GitHub projects to analyze their issues and Pull Requests and their relationships to each other.

They found eight distinct workflow types describing different types of behavior.

Most of them were just a resolution to an issue, but they also found patterns like multiple PRs to fix the same issue (competing PRs) or duplicate issues, where the same work is reported twice.

These patterns tell something about the team's behavior; how they communicate and work together.

A common problem with Pull Requests is that you will only just look at the code, trying to deduce how it works. You might deploy a PR to an environment, but with the risk that somebody else is also using that environment.

A solution to this is to use Preview Environments, an isolated, throw away environment where you can validate your PR code as if it was already merged.

The below article shows how to set up such a system using GitHub Actions and Kubernetes.

Coding Corner

You might be familiar with OpenAPI to describe (REST) APIs, but how can you describe the workflow for connecting multiple different APIs together?

Like calling one API platform first to retrieve a record, and then use the data in a next call to another API platform. Well, there is a specification for that called Arazzo.

See three different use cases and find out if this is a suitable way to define workflows between API endpoints.

If you are asked about security while building a web application, you hopefully think about OWASP. It is great guidance on how to secure your application.

But what about API endpoints? They might not have the same risks but expose some interesting other vulnerabilities. Read about those and how to protect against them:

Every 17 minutes, a new vulnerability emerges, and 75% of those will be exploited within 19 days. This is shocking, as the average time to patch is around 100 days.

Looks like a lot of work still needs to be done…

Azure Updates & Insights

Remember the big capsule that Microsoft dropped in the waters at the coast of Scotland? It was in 2018, as an attempt to see if using the constant temperature of sea water could protect the hardware more efficiently compared to a data center on land.

They recently reported the results of this research. Not only did it save on energy costs, but it also had fewer hardware failures.

Although they will not deploy another container into the sea, they are funding other projects to improve hosting, including their own nuclear power plants.

.NET Nook

Some while ago, Microsoft announced a new feature in .NET 9.0: an eventing framework. It was supposed to process messages and facilitate message handlers.

This received a lot of backlash from the community; there were already plenty of libraries doing this, so why make it a first-class citizen in the framework?

Although Microsoft took this feedback and will not include it in .NET 9, it might still come in a subsequent version.

Need to upgrade your .NET Framework project to .NET Core? There is a code assessment tool that now also scans your source code and tells you about any potential issues.

One less excuss from not moving to .NET Core.

I wrote about .NET Aspire before in earlier editions of this newsletter. I also used it in my own projects, and I still think it is a great tool for your local development flow.

But what exactly do you get when you add Aspire to your application? The post by Fiodar Sazanavets will tell you all about it.

Closing Thoughts

Thank you for reading this week’s edition!

Your feedback is invaluable, so if you have any thoughts, questions, or suggestions, please don't hesitate to reach out by simply replying to this mail.

If you enjoyed this update and want to continue receiving more, make sure to subscribe here.

I appreciate your time and look forward to hearing from you!

Did you like this edition?

Login or Subscribe to participate in polls.


or to participate.