MindByte Issue #79: What do Issues and PRs tell you about team dynamics

Preview Environments, GraphQL for GitHub Project Status Updates, Arazzo for API Workflow, API security, .NET Upgrade assistant and .NET Aspire

Author

Michiel van Oudheusden
July 02, 2024

Welcome back, and for all the new subscribers, welcome aboard!

To ensure you keep getting these updates seamlessly, please move this email to your primary inbox or mark it as important. A quick reply like "got it" also helps boost visibility. This edition covers exciting topics such as:

  • What do issues and pull requests tell about your team's efficiency?

  • Do you want to test Pull Requests before they get merged using Preview Environments?

  • Learn more about Arazzo, a spec to create workflow between different API endpoints.

  • What did Microsoft learn from dropping a data center into the ocean?

New here? Subscribe here to stay updated. Let's dive in.

GitHub Digest

Recently, GitHub Projects got some nice improvements in the form of Project Status Updates. Allowing you to add updates and describe the state of a project. Now, you can also use GraphQL to interact with Status Updates programmatically.

As polling for changes is ineffective, you can also use webhooks to be informed about updates.

GitHub Issues & Projects - GraphQL and webhook support for project status updates and more!

GitHub Issues & Projects - GraphQL and webhook support for project status updates and more!

github.blog/changelog/2024-06-27-github-issues-projects-graphql-and-webhook-support-for-project-status-updates-and-more

A group of researchers used 56 GitHub projects to analyze their issues and Pull Requests and their relationships to each other.

They found eight distinct workflow types describing different types of behavior.

Most of them were just a resolution to an issue, but they also found patterns like multiple PRs to fix the same issue (competing PRs) or duplicate issues, where the same work is reported twice.

These patterns tell something about the team's behavior; how they communicate and work together.

What GitHub Pull Requests Reveal about Your Team's Dev Habits

Does your team suffer from duplicate git Issues? How about competing or over-stuffed pull requests? A group of researchers have discovered all sorts of ways your dev team may be working with less-than-optimal efficiency.

thenewstack.io/what-github-pull-requests-reveal-about-your-teams-dev-habits

A common problem with Pull Requests is that you will only just look at the code, trying to deduce how it works. You might deploy a PR to an environment, but with the risk that somebody else is also using that environment.

A solution to this is to use Preview Environments, an isolated, throw away environment where you can validate your PR code as if it was already merged.

The below article shows how to set up such a system using GitHub Actions and Kubernetes.

How to Set Up Preview Environments for Pull Requests - Developer Friendly Blog

Learn the secrets to faster code reviews: How to deploy individual preview environments for each pull request using GitHub Actions and Kubernetes.

developer-friendly.blog/2024/06/24/how-to-set-up-preview-environments-for-pull-requests

Coding Corner

You might be familiar with OpenAPI to describe (REST) APIs, but how can you describe the workflow for connecting multiple different APIs together?

Like calling one API platform first to retrieve a record, and then use the data in a next call to another API platform. Well, there is a specification for that called Arazzo.

See three different use cases and find out if this is a suitable way to define workflows between API endpoints.

3 Example Use Cases for Arazzo Descriptions | Nordic APIs

OpenAPI Initiative's Arazzo specification is a standardized way to describe sequential API calls. Here are use cases for Arazzo in practice.

nordicapis.com/3-example-use-cases-for-arazzo-descriptions

If you are asked about security while building a web application, you hopefully think about OWASP. It is great guidance on how to secure your application.

But what about API endpoints? They might not have the same risks but expose some interesting other vulnerabilities. Read about those and how to protect against them:

Top 9 API Security Vulnerabilities: How to Defend Against Them

Understand the most common API vulnerabilities, how cybercriminals are targeting them and what you can do to prevent them.

thenewstack.io/top-9-api-security-vulnerabilities-how-to-defend-against-them

Every 17 minutes, a new vulnerability emerges, and 75% of those will be exploited within 19 days. This is shocking, as the average time to patch is around 100 days.

Looks like a lot of work still needs to be done…

75% of new vulnerabilities exploited within 19 days - Help Net Security

2023 witnessed a surge in vulnerabilities, with the National Vulnerability Database (NVD) recording a 17% year-over-year increase.

www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities

Azure Updates & Insights

Remember the big capsule that Microsoft dropped in the waters at the coast of Scotland? It was in 2018, as an attempt to see if using the constant temperature of sea water could protect the hardware more efficiently compared to a data center on land.

They recently reported the results of this research. Not only did it save on energy costs, but it also had fewer hardware failures.

Although they will not deploy another container into the sea, they are funding other projects to improve hosting, including their own nuclear power plants.

Microsoft shelves its underwater data center — Project Natick had fewer server failures compared to servers on land

“My team worked on it, and it worked,” says CO+I Head Noelle Walsh.

www.tomshardware.com/desktops/servers/microsoft-shelves-its-underwater-data-center

.NET Nook

Some while ago, Microsoft announced a new feature in .NET 9.0: an eventing framework. It was supposed to process messages and facilitate message handlers.

This received a lot of backlash from the community; there were already plenty of libraries doing this, so why make it a first-class citizen in the framework?

Although Microsoft took this feedback and will not include it in .NET 9, it might still come in a subsequent version.

Microsoft backtracks: eventing framework removed from .NET 9.0 following complaints • DEVCLASS

Microsoft no longer plans to include a new eventing framework in .NET 9.0 – expected late this year […]

devclass.com/2024/06/26/microsoft-backtracks-eventing-framework-removed-from-net-9-0-following-complaints

Need to upgrade your .NET Framework project to .NET Core? There is a code assessment tool that now also scans your source code and tells you about any potential issues.

One less excuss from not moving to .NET Core.

Microsoft adds code assessment to .NET Upgrade Assistant

Code assessment tool scans your source code and identifies potential issues to address when upgrading between versions of .NET or .NET Core.

www.infoworld.com/article/3715627/microsoft-adds-code-assessment-to-net-upgrade-assistant.html

I wrote about .NET Aspire before in earlier editions of this newsletter. I also used it in my own projects, and I still think it is a great tool for your local development flow.

But what exactly do you get when you add Aspire to your application? The post by Fiodar Sazanavets will tell you all about it.

The Anatomy of .NET Aspire Application

Getting familiar with the hottest orchestration technology in the .NET ecosystem

fiodar.substack.com/p/the-anatomy-of-net-aspire-application

Closing Thoughts

Thank you for reading this week’s edition!

Your feedback is invaluable, so if you have any thoughts, questions, or suggestions, please don't hesitate to reach out by simply replying to this mail.

If you enjoyed this update and want to continue receiving more, make sure to subscribe here.

I appreciate your time and look forward to hearing from you!

Did you like this edition?

Login or Subscribe to participate in polls.

Reply

or to participate.