Book Image

Accelerate DevOps with GitHub

By : Michael Kaufmann
Book Image

Accelerate DevOps with GitHub

By: Michael Kaufmann

Overview of this book

This practical guide to DevOps uses GitHub as the DevOps platform and shows how you can leverage the power of GitHub for collaboration, lean management, and secure and fast software delivery. The chapters provide simple solutions to common problems, thereby helping teams that are already on their DevOps journey to further advance into DevOps and speed up their software delivery performance. From finding the right metrics to measure your success to learning from other teams’ success stories without merely copying what they’ve done, this book has it all in one place. As you advance, you’ll find out how you can leverage the power of GitHub to accelerate your value delivery – by making work visible with GitHub Projects, measuring the right metrics with GitHub Insights, using solid and proven engineering practices with GitHub Actions and Advanced Security, and moving to event-based and loosely coupled software architecture. By the end of this GitHub book, you'll have understood what factors influence software delivery performance and how you can measure your capabilities, thus realizing where you stand in your journey and how you can move forward.

Related Content you might be interested in

Current Title:

Small book image
Accelerate DevOps with GitHub
Michael Kaufmann
Sep, 2022 | 540 pages
Small book image
Automating Workflows with GitHub Actions
Priscila Heller
Nov, 2021 | 216 pages
Small book image
Mastering GitHub Actions
Eric Chapman
Mar, 2024 | 490 pages
Small book image
SAFe® for DevOps Practitioners
Robert Wen
Dec, 2022 | 330 pages
Table of Contents (31 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Part 1: Lean Management and Collaboration
Part 1: Lean Management and Collaboration
Free Chapter
2
Chapter 1: Metrics That Matter
Chapter 1: Metrics That Matter
Why accelerate?
Engineering velocity
High-performance companies
Measuring metrics that matter
The SPACE framework for developer productivity
Objectives and key results
Summary
Case study
Further reading
3
Chapter 2: Plan, Track, and Visualize Your Work
Chapter 2: Plan, Track, and Visualize Your Work
Work is work
Unplanned work and rework
Visualizing your work
Limiting WIP
GitHub issues, labels, and milestones
GitHub Projects
Third-party integration
Case study
Summary
Further readings and references
4
Chapter 3: Teamwork and Collaborative Development
Chapter 3: Teamwork and Collaborative Development
Software development is a team sport
The heart of collaboration – the pull request
Hands-on – Creating a pull request
Proposing changes
Pull request reviews
Best practices for code reviews
Summary
Further readings and references
5
Chapter 4: Asynchronous Work: Collaborate from Anywhere
Chapter 4: Asynchronous Work: Collaborate from Anywhere
Comparing synchronous and asynchronous work
Distributed teams
Cross-team collaboration
Shift to asynchronous workflows
Teams and Slack integration
GitHub Discussions
Pages and wikis
Working from everywhere with GitHub Mobile
Case study
Summary
Further readings and references
6
Chapter 5: The Influence of Open and Inner Source on Software Delivery Performance
Chapter 5: The Influence of Open and Inner Source on Software Delivery Performance
History of free and open source software
The difference between open source and open development
Benefits of embracing open source for companies
Implementing an open source strategy
Open and inner source
The importance of insourcing
GitHub Sponsors
Summary
Further reading and references
7
Part 2: Engineering DevOps Practices
Part 2: Engineering DevOps Practices
8
Chapter 6: Automation with GitHub Actions
Chapter 6: Automation with GitHub Actions
Overview of GitHub Actions
Workflows, pipelines, and actions
YAML basics
The workflow syntax
Working with secrets
Hands-on – your first workflow
Hands-on – your first action
The GitHub marketplace
Summary
Further reading
9
Chapter 7: Running Your Workflows
Chapter 7: Running Your Workflows
Hosted runners
Self-hosted runners
Managing access with runner groups
Using labels
Scaling your self-hosted runners
Monitoring and troubleshooting
Case study
Summary
Further reading
10
Chapter 8: Managing Dependencies Using GitHub Packages
Chapter 8: Managing Dependencies Using GitHub Packages
GitHub Packages
Using npm packages with Actions
Using Docker with Packages
Apache Maven, Gradle, NuGet, and RubyGems packages
Summary
Further reading
11
Chapter 9: Deploying to Any Platform
Chapter 9: Deploying to Any Platform
Staged deployments
Automating your deployments
How to deploy to Azure App Service
How to deploy to AWS ECS
How to deploy to GKE
Infrastructure as code
Measuring success
Case study
Summary
Further reading
12
Chapter 10: Feature Flags and the Feature Lifecycle
Chapter 10: Feature Flags and the Feature Lifecycle
What are Feature Flags?
The lifecycle of features
The benefits of Feature Flags
Getting started with Feature Flags
Feature Flags and technical debt
Frameworks and products
Experimentation with Feature Flags
Summary
Further reading
13
Chapter 11: Trunk-Based Development
Chapter 11: Trunk-Based Development
Trunk-based development
Why you should avoid complex branching
Other git workflows
Accelerating with MyFlow
Case study
Summary
Further reading
14
Part 3: Release with Confidence
Part 3: Release with Confidence
15
Chapter 12: Shift Left Testing for Increased Quality
Chapter 12: Shift Left Testing for Increased Quality
Shift left testing with test automation
Eradicating flaky tests
Code coverage
Shift right – testing in production
Fault injection and chaos engineering
Tests and compliance
Test management in GitHub
Case study
Summary
Further reading
16
Chapter 13: Shift-Left Security and DevSecOps
Chapter 13: Shift-Left Security and DevSecOps
Shift-left security
Assume-breach, zero-trust, and security-first mindset
Attack simulations
Red team-blue team exercises
Attack scenarios
GitHub Codespaces
Summary
Further reading
17
Chapter 14: Securing Your Code
Chapter 14: Securing Your Code
Dependency management and Dependabot
Secret scanning
Code scanning
Writing your own CodeQL queries
Summary
Further reading
18
Chapter 15: Securing Your Deployments
Chapter 15: Securing Your Deployments
Container and infrastructure security scanning
Automate the infrastructure change process
Source code and infrastructure integrity
Dynamic application security testing
Security hardening your release pipeline
Case study
Summary
Further reading
19
Part 4: Software Architecture
Part 4: Software Architecture
20
Chapter 16: Loosely Coupled Architecture and Microservices
Chapter 16: Loosely Coupled Architecture and Microservices
Loosely coupled systems
Microservices
Evolutionary design
Event-driven architecture
Summary
Further reading
21
Chapter 17: Empower Your Teams
Chapter 17: Empower Your Teams
Conway's law
The two-pizza team
Inverse Conway Maneuver
Delivery cadence
A mono- or multi-repo strategy
Case study
Summary
Further reading
22
Part 5: Lean Product Management
Part 5: Lean Product Management
23
Chapter 18: Lean Product Development and Lean Startup
Chapter 18: Lean Product Development and Lean Startup
Lean product development
Incorporating customer feedback
The MVP
Enterprise portfolio management
Improving your product management skills
Business Model Canvas
Summary
Further reading
24
Chapter 19: Experimentation and A|B Testing
Chapter 19: Experimentation and A|B Testing
Conducting experiments with the scientific method
Effective A|B testing with GrowthBook and Flagger
Experimentation and OKR
Summary
Further reading
25
Part 6: GitHub for your Enterprise
Part 6: GitHub for your Enterprise
26
Chapter 20: GitHub – The Home for All Developers
Chapter 20: GitHub – The Home for All Developers
Hosting options and pricing
Hands-on – create your account on GitHub.com
Enterprise security
GitHub Learning Lab
Summary
Further reading
27
Chapter 21: Migrating to GitHub
Chapter 21: Migrating to GitHub
Picking the right migration strategy
Achieving compliance with low-fidelity migrations
Synchronizing requirements for a smooth transition
Migrating your code
Migrating from Azure DevOps or GitHub
Migrating your pipelines
Summary
Further reading
28
Chapter 22: Organizing Your Teams
Chapter 22: Organizing Your Teams
GitHub scopes and namespaces
Structuring GitHub teams
Role-based access
Custom roles
Outside collaborators
Summary
Further reading
29
Chapter 23: Transform Your Enterprise
Chapter 23: Transform Your Enterprise
Why many transformations fail
Starting with WHY?
Data-driven transformation
Summary
Further reading
Why subscribe?
30
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Dynamic application security testing

To harden your application security, you can integrate dynamic application security testing (DAST) into your release workflow. DAST is black-box testing that simulates a real-world attack on the running application.

There are many commercial tools and SaaS solutions (such as Burp Suit from PortSwigger or WhiteHat Sentinel) but it's outside the scope of this book to analyze them.

There are also some open source solutions. One example is the Zed Attack Proxy (ZAP) (https://www.zaproxy.org/) from OWASP. It's a stand-alone application that runs on Windows, macOS, and Linux (see https://www.zaproxy.org/download/) and can be used to attack web applications. The application allows you to analyze a web application, intercept and modify traffic, and run an attack using the ZAP Spider against the website or parts of it (see Figure 15.7):

Figure 15.7 – The OWASP ZAP application

OWASP ZAP launches a browser and...

Previous Section
End of Section 5
Next Section