CI/CD on Chris Reddington

Rubber Duck Thursdays - Let's build with custom agents (again!)

Thu, 04 Dec 2025 00:00:00 +0000

Chris continues building custom agents for the SDLC, exploring the awesome-copilot repository for inspiration and live-building a GitHub Actions workflow agent with plan mode.

Topics Covered

GitHub Changelog Roundup — Blocking repo admins from installing GitHub Apps now GA, Copilot Spaces with public spaces and code view support, secret scanning updates for November 2025, GitHub Enterprise Server 3.19 RC, assigning issues to Copilot via GraphQL and REST APIs, and Claude Opus 4.5 availability across more IDEs.
Agent Inspiration from awesome-copilot — Reviewing partner-built agents and the awesome-copilot repository for ideas including test writers, security reviewers, tech debt analyzers, documentation generators, PR review assistants, and onboarding guides.
Agent Consolidation — Discussing whether to keep agents separate or consolidate them based on shared tool access, output formats, and domain overlap.
Building a GitHub Actions Agent — Using plan mode to design a custom agent for authoring and updating GitHub Actions workflows, including monorepo build order awareness and minimal permissions guidance.
GitHub Actions Instructions File — Creating a companion instructions file with repository-specific CI/CD conventions, build order, environment variables, and recommended practices for workflow definitions.
Plan Mode Workflow — Demonstrating the iterative plan-then-implement workflow where Copilot asks clarifying questions before generating code, and switching between plan and agent modes.

Rubber Duck Thursdays - Let's keep building!

Thu, 28 Aug 2025 00:00:00 +0000

Join us for Rubber Duck Thursdays! A lighthearted and informal stream where we live code on some projects.

In this stream, we recap the turn-based game MCP server and demo the elicitation feature for gathering user preferences, then shift gears into a deep dive on GitHub Actions. Starting from an empty repository, we build workflows from scratch — covering YAML structure, event triggers (issues, issue_comment, push, pull_request, workflow_dispatch), jobs running in parallel, job dependencies using the needs property, conditional steps with if, and matrix strategies for cross-platform builds across multiple OS and Node.js versions.

Assign issues to GitHub Copilot from the GitHub mobile app

Tue, 27 May 2025 00:00:00 +0000

The GitHub Copilot coding agent isn’t just a desktop experience—you can assign issues and track Copilot’s progress directly from the GitHub Mobile app or a mobile browser, making it useful during a commute or whenever you’re away from your laptop.

The video demonstrates the following mobile-first workflow using the ‘Copilot Airways’ demo repository:

Navigating the issues backlog and assigning a GitHub Pages deployment task to Copilot directly from the GitHub Mobile app
Copilot acknowledging the assignment with the 👀 emoji reaction and immediately creating a pull request
Switching to github.com in a mobile browser to open the pull request and tap ‘View session’
Reviewing how Copilot explored existing CI workflow files, formed a plan, updated configuration files, and modified the existing workflow to add the GitHub Pages deployment step
Copilot running linters, builds, and tests as quality checks during the agentic loop to ensure the CI pipeline remains healthy
Using the ‘Approve and Run’ button on mobile to authorize GitHub Actions execution against the AI-generated changes
Marking the pull request as ready for review and merging once checks pass—all without touching a laptop

The GitHub Copilot coding agent NEW

Mon, 19 May 2025 00:00:00 +0000

GitHub Copilot coding agent lets you assign GitHub Issues to Copilot, which works asynchronously in the background while you continue with other tasks. This overview video uses the ‘Copilot Airways’ flight booking app to demonstrate the full workflow from issue assignment to merged pull request.

The video covers:

Assigning a GitHub Issue (adding form input validation) to Copilot with a single click
How Copilot acknowledges the assignment, creates a pull request, and keeps the PR description updated as it progresses
Viewing the Copilot session to understand how it explored the repository, formed a plan, and created a new GitHub Actions workflow file
How Copilot runs tools such as linters, builds, and tests to self-verify code quality during the agentic loop
The ‘Approve and Run’ safety gate, which requires explicit human approval before any GitHub Actions workflow executes against AI-generated code
Adding review comments to the PR (requesting a CI workflow) and watching Copilot acknowledge and act on the feedback
The final result: a form updated with real-time validation and an improved user experience, ready to merge

Rubber Duck Thursdays - Lizard, Spock

Thu, 27 Feb 2025 00:00:00 +0000

In this episode, the team extends the Rock Paper Scissors game to include Lizard and Spock using GitHub Copilot Vision — feeding an image of the game’s relationship diagram directly into Copilot, which interprets it and generates the extended game logic without explicitly naming the game. The stream also adds a hidden flag for the extended mode, demonstrating prompt engineering with Copilot’s multimodal capabilities.

The GitHub changelog review covers Copilot autofix expansion for CodeQL alerts, Claude 3.7 Sonnet availability in Copilot, Docker Compose support in Dependabot, Copilot code review in public preview, and Copilot in Windows Terminal Canary. The latter portion demonstrates Dependabot version updates configured for Go modules and GitHub Actions ecosystems, with a live review of a dependency update pull request. A GitHub Codespaces session is used to verify the gh-skyline CLI extension still works after a dependency bump, and repository settings for auto-deleting branches and auto-merging pull requests are configured.

Rubber Duck Thursdays - Rock, Paper, Scissors

Thu, 20 Feb 2025 00:00:00 +0000

In this episode, I add a Rock Paper Scissors game to the gh-game GitHub CLI extension. The stream begins with a comprehensive GitHub changelog review covering the new GPT-4o Copilot code completion model, Copilot availability in Eclipse and Xcode, repository ruleset enhancements, secret scanning improvements, Copilot Workspace updates, and GitHub Issues and Projects feature updates.

The coding session uses GitHub Copilot Agent Mode to build the Rock Paper Scissors game in Go, taking advantage of Next Edit Suggestions and the new GPT-4o code completion model. A significant portion of the stream focuses on improving test coverage using Copilot’s inline chat in the terminal, progressing from 42.6% to 100% statement coverage by generating targeted test cases for uncovered functions. The episode also covers merging the Tic Tac Toe pull request from the previous week and shipping a new release of the CLI extension.

Rubber Duck Thursdays - Tic, Tac, Toe

Thu, 13 Feb 2025 00:00:00 +0000

In this episode, the team continues building the gh-game GitHub CLI extension by adding a Tic Tac Toe game written in Go. The stream kicks off with a demo of GitHub Spark, a GitHub Next experiment for creating micro apps from natural language prompts, followed by a walkthrough of the latest GitHub changelog updates including Gemini 2.0 Flash availability, Copilot Vision, and Agent Mode in VS Code Insiders.

The main coding session uses GitHub Copilot Agent Mode, Copilot Chat, and Copilot Edits to scaffold and iterate on the Tic Tac Toe implementation. Along the way, CodeQL code scanning is enabled on the repository, catching issues with missing workflow permissions and unpinned GitHub Actions versions. The episode also covers the CI/CD pipeline setup with build and test steps in GitHub Actions, and improving code readability through Copilot-assisted refactoring.

Rubber Duck Thursdays - Actions, Codespaces and Coin Toss

Thu, 06 Feb 2025 00:00:00 +0000

Continuing the gh-game CLI extension project, this episode covers setting up a complete development workflow. Chris creates a GitHub Codespace with a dev container configuration, installs Go and the GitHub CLI as features, and demonstrates how Codespaces provide a consistent environment for contributors.

The stream then covers creating a CI workflow using GitHub Actions with build and test steps, followed by writing Go tests for the coin toss game. A key segment focuses on refactoring the coin toss input from manual text entry to interactive selection menus using the go-gh prompter package, demonstrating how context and accurate prompting is essential when working with GitHub Copilot. Chris uses multiple Copilot models including Gemini 2.0 Flash and O3 Mini throughout the session.

Rubber Duck Thursdays - Creating gh-game CLI extension

Thu, 30 Jan 2025 00:00:00 +0000

This episode dives into GitHub Actions, starting with a walkthrough of the build, linter, and release workflows configured for the GitHub Skyline CLI extension. Chris explains workflow triggers, permissions, and demonstrates cutting a live release using semantic versioning and the cli/gh-extension-precompile action to generate cross-platform binaries.

The second half focuses on creating a brand new GitHub CLI extension from scratch. Using gh extension create, Chris bootstraps the gh-game project and builds a coin toss game in Go with the Cobra package. GitHub Copilot assists with scaffolding the command structure, applying code changes, and generating commit messages. The stream also covers publishing the repository using gh repo create.

Govern your repositories with push rulesets

Sat, 14 Dec 2024 00:00:00 +0000

This is a demo video showcasing repository push rulesets. The video covers the following specific topics:

Use cases for push rulesets: protecting sensitive files like GitHub Actions workflow YAML files, and enforcing code hygiene by blocking large or unwanted file types
Configuring push rules based on file path patterns, file extensions, and file sizes
How a blocked push appears to the developer (clear rejection message in the terminal)
Adding bypass rules to allow specific individuals or roles to override the rule when authorised
Viewing the push insights dashboard to audit blocked push attempts and any bypass activity
Scope of push rulesets: rules apply to the entire fork network of a repository, protecting all entry points

ClickOps over GitOps

Thu, 27 Oct 2022 00:00:00 +0000

The gap between raw Kubernetes and a developer-friendly PaaS is where the most interesting tooling is being built today. GitOps gives teams a declarative, version-controlled way to manage their clusters — but the infrastructure expertise required can be a steep barrier. ClickOps offers a different angle: let developers click a dashboard, and let the platform handle the YAML.

In this episode, Chris is joined by Laszlo Folgas, founder of Gimlet.io, to explore how you can combine the accessibility of a UI with the reliability of a GitOps-driven workflow.

Policy as [versioned] code - you're doing it wrong

Thu, 15 Sep 2022 00:00:00 +0000

Chris Nesbitt-Smith presents the case for treating governance policy the same way we treat source code — versioned, iterable, peer-reviewed, and continuously improved. Drawing on his experience advocating modern engineering practices within UK government, Chris explains why policies fail and what it takes to make them work.

Key Topics Covered

Why policies fail: Policies are usually written once, emotionally, as a reaction to a specific incident. They quickly become outdated, overcomplicated, and disconnected from real risk — leading developers to work around them rather than with them.
The lift pitch: Using a story of a CIO, Product Manager, developer, and cleaner sharing a lift, Chris illustrates the different stakeholder perspectives on policy — risk ownership, delivery velocity, and day-to-day practicality — and how good policy serves all of them simultaneously.
Policy as code: Storing policy in version control (Git/GitHub), enforcing it through automated CI/CD pipelines, and treating compliance as a test suite lets teams iterate on policy as fast as the threat landscape changes.
Kubernetes admission control: The specific technical context — using Kubernetes policy engines (such as OPA/Gatekeeper or Kyverno) to enforce rules at deployment time, giving developers fast and understandable feedback in their existing workflow.
Iterative, not waterfall: Attempting to write perfect policy upfront causes the same failures as waterfall software delivery. Small, incremental improvements with clear rationale are more effective and more trusted by the teams subject to them.
Culture over tooling: Tooling is the easy part. The real challenge is helping people understand why a policy exists. When developers understand the consequence, they follow the spirit of the policy — not just its letter.

From this talk you’ll learn how to use a software development pattern and product ways of thinking towards how your organization can manage policy; achieve continual updates to policy allowing the risk mitigations to move as fast as the risk does, not get in the way and be easy to measure compliance.

ToolUp Day #10

Tue, 26 Jul 2022 00:00:00 +0000

In this episode, Chris and Matt implement federated identity credentials (OIDC) to enable passwordless authentication from GitHub Actions to Azure — eliminating the need for stored secrets. They configure the two-way trust between an Azure App Registration and GitHub, set up OIDC token permissions in their workflow, and successfully deploy Bicep infrastructure as code through their CI/CD pipeline. The pair also plan the transition from deploying infrastructure manually to a fully automated pipeline. The episode ends with a discussion about rebranding the series from “ToolUp Tuesday” to accommodate flexible scheduling.

ToolUp Tuesday - #7

Tue, 17 May 2022 00:00:00 +0000

In this episode of ToolUp Tuesday, Chris and Matt take their Go-based microservices and package them as Docker container images for the first time. They walk through creating Dockerfiles, setting up GitHub Actions workflows to build and push images, and publishing to GitHub Packages container registry using the built-in GITHUB_TOKEN for authentication. Along the way they discuss container fundamentals — the difference between images and containers, why containers solve the “works on my machine” problem, and how to use environment variables in workflows for clean, maintainable CI/CD pipelines. The episode also covers managing container image versions and permissions within a GitHub organization.

Using GitHub Actions to summarise your Go tests

Mon, 16 May 2022 00:00:00 +0000

GitHub recently posted about a new GitHub Action that can be used to summarise your test results. The action is called test-summary/action, available at github.com/test-summary/action. There are several examples on how to use the action at github.com/test-summary/examples. However, there were no examples on how to use this with Go. I contributed a pull request which showed how to achieve this. In this post, I will show how to use the action with Go.

ToolUp Tuesday #2

Tue, 22 Feb 2022 00:00:00 +0000

Chris and Matt move from planning to coding, creating the Player State API as a .NET Web API project. They define data models representing player state for the SpaceBar management sim, debating how deep and detailed the models should go. The episode covers practical .NET development decisions, including the trade-offs between minimal API patterns and traditional controller-based approaches, with a preference for controllers for better logical grouping.

The pair also set up their first GitHub Actions CI workflow, walking through YAML syntax for building the .NET project on push to main. They troubleshoot the workflow live — discovering they forgot the checkout step — and iterate until the build succeeds. GitHub Copilot makes a brief appearance as a code suggestion tool during API scaffolding.

Feature Flags - The Art of the IF and Deployment

Thu, 17 Feb 2022 00:00:00 +0000

Feature flags (also called feature toggles) are one of the most powerful — and most misunderstood — practices in modern software delivery. This session explores them from first principles through to production implementation.

What are feature flags?

A mechanism to decouple deployment (pushing code to production) from release (enabling that code for users). Once separated, teams can deploy continuously, roll out incrementally, experiment in production, and roll back instantly — without touching infrastructure.

Using Azure DevOps and Azure Virtual Machine Scale Set Agents to deploy your private workloads

Fri, 08 Oct 2021 00:00:00 +0000

A little while ago, I wrote a blog post on Using the GitHub self-hosted runner and Azure Virtual Machines to login with a System Assigned Managed Identity, which seems to get a good amount of views week on week. Reflecting on some questions that have popped up this week (and regularly received over my time in the DevOps space), I thought that it makes sense to write a post on how to use Azure DevOps self-hosted agents to deploy to private resources. So, that’s what we’ll be covering in this post!

Tales from the Real World - Shift Left your Performance Tests

Fri, 01 Oct 2021 00:00:00 +0000

Performance testing has traditionally been a late-stage activity — run against a near-production environment, by a dedicated team, after the code is already fully integrated. The problem is that by the time a performance issue surfaces at that stage, fixing it requires environment time-sharing, promotional deployments, and coordination across multiple teams. The cost compounds quickly.

In this episode, Chris is joined by HariKrishnan, Cloud Transformation Consultant, who has spent years guiding teams through cloud migrations and modernisation — and noticed that performance testing practices have barely evolved even as everything else moved forward. Hari walks through a practical framework for shifting bulk performance issue detection left, onto developer machines and CI pipelines, using lightweight containerised load-testing tools like Gatling and Docker.

DevOps Trends

Fri, 24 Sep 2021 00:00:00 +0000

Ten years is a long time in technology. What started as a cultural movement to break down the wall between development and operations has evolved into a sprawling ecosystem of practices, tools, and philosophies. Daniela Fontani — CTO and early open source contributor since 2006 — explores the key trends defining modern DevOps and how to keep up without chasing every new buzzword.

The Dev/Ops Chasm — Still Unsolved

Even with a decade of investment, many organisations still struggle with siloed teams and disconnected toolchains. The tooling problem is relatively straightforward — write a tool that integrates across layers. But the cultural and organisational shifts required are significantly harder and remain the primary blocker for most enterprises.

Tales from the Real World on DevOps

Fri, 17 Sep 2021 00:00:00 +0000

In this episode Chris is joined by Thomas Thornton, a DevOps specialist at Kainos in Belfast, for a grounded, real-world discussion on what DevOps actually looks like at scale.

What’s covered

DevOps as culture — why DevOps is far more than a buzzword, and how to bring stakeholders beyond dev and ops into the conversation
Version control fundamentals — why getting Git right is the prerequisite to everything else in a CI/CD workflow
Branching strategies — trunk-based development vs. feature branches, managing environment drift, and when fewer branches is better
CI/CD pipeline design — starting simple, avoiding over-engineering, and incrementally adding checks and quality gates
Infrastructure as Code — using Terraform modules vs. copy-paste resources, and the long-term payoff of DRY pipelines
Kubernetes and GitOps — how pull-based GitOps (e.g. Flux/ArgoCD) enables scalable, consistent deployments across 120+ applications and multiple clusters
Practical advice for all levels — tips for those just starting out, those mid-journey, and those looking to take a mature DevOps practice further

Thomas brings examples from a real environment spanning 83 Azure subscriptions, making this one of the most grounded DevOps conversations on the channel.

Find vulns in your code before they find you

Wed, 18 Aug 2021 00:00:00 +0000

Security vulnerabilities don’t wait for you to find them — and as developers we are often unknowingly introducing them through the open source packages we depend on. In this episode, Chris is joined by DeveloperSteve Coochin, Developer Advocate at Snyk, to explore the real-world scale of the problem and what developers can do about it without slowing down.

Steve shares findings from his research into vulnerabilities in the PHP ecosystem — some of the results are genuinely surprising — and explains the core challenge: developers are not introducing vulnerabilities maliciously or carelessly, they are simply unaware of what is hiding inside their transitive dependencies. The solution is not to stop using open source (that ship has sailed), but to automate detection and remediation as close to the developer as possible.

Cloud Drops - What is Continuous Integration (CI)?

Tue, 20 Jul 2021 00:01:00 +0000

Modern software teams use version control branches so engineers can develop independently without blocking each other. Continuous Integration formalises the step of merging those branches back into the main codebase by requiring every change to pass an automated build and test suite before it can be accepted. Tools like GitHub Actions and Azure Pipelines automate compilation, unit tests, integration tests, and other quality checks triggered on every pull request, providing rapid feedback — if a build breaks or tests fail, the engineer knows immediately rather than discovering hard-to-trace bugs later in production.

41 - DevOps on Azure

Fri, 02 Jul 2021 00:00:00 +0000

In this episode, Chris is joined by Mert Yeter — software architect, Azure MVP, and Traefik Ambassador — for a live-demo-driven tour of the key DevOps building blocks on Azure.

Key topics covered:

Azure DevOps Starter: Spinning up a complete CI/CD pipeline for a containerized .NET application in minutes — including a Git repository, build pipeline, release pipeline, and Azure Container Registry — without writing YAML from scratch
Azure Container Registry (ACR): Storing and managing container images within the Azure ecosystem
Azure Container Instances (ACI) and Azure Kubernetes Service (AKS): Deploying containers at different scales, from quick single-container workloads to fully orchestrated production clusters
Traefik: A cloud-native reverse proxy and load balancer that integrates natively with Kubernetes, featuring dynamic service discovery, pluggable middleware, and a built-in dashboard for monitoring cluster ingresses and service health
Traefik Pilot and Traefik Mesh: An introduction to the broader Traefik ecosystem, including service mesh capabilities and the difference from sidecar-based approaches

Mert also highlights the value of the open-source community around projects like Traefik and encourages viewers to explore contributing via GitHub. If you want to see how quickly you can go from zero to a production-ready containerized deployment pipeline on Azure, this session is a great starting point.

Discussing the Cloud with Chris GitHub Actions Usage

Mon, 07 Jun 2021 20:00:00 +0000

Chris is joined by Karl Cooke (IrishTechie) for a live deep-dive into the GitHub Actions workflows powering CloudWithChris.com. They explore why GitHub was chosen over Azure DevOps, walk through a real-world CI/CD pipeline for a Hugo static site deployed to Azure Blob Storage with CDN purging, and examine how to manage secrets and approvals using GitHub Environments. The session also covers linting Markdown with GitHub Super Linter, early thinking on Playwright-based UI tests, the security considerations around third-party actions from the marketplace, and building a custom .NET GitHub Action for content cross-posting.

V020 - Weekly Technology Vlog #20

Sun, 16 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #20 — a celebration episode! Chris hits his 2021 goal of 500 YouTube subscribers way ahead of schedule (now at 506), then recaps one of the most content-rich weeks on the channel to date before diving into a bumper set of Azure and GitHub updates.

Cloud with Chris — A Record Week of Content

Azure Pipelines as Code: A detailed blog post and companion Cloud Drop walking through YAML pipeline best practices — branch policies, test stage separation, and the tangible benefits of treating CI/CD configuration as versioned code.
Azure in a Nutshell (devriel.io): A live session covering core Azure concepts aligned to the AZ-900 fundamentals syllabus.
Event-Driven Architecture with Azure Event Grid: A blog post and Cloud Drop exploring how to chain Azure Event Grid, Blob Storage, Storage Queues, and Azure Functions to build a reliable, event-driven file processing workflow — including a discussion on the difference between messages and events.
Cloud Lunch and Learn Marathon: Three pre-recorded sessions: Requirements, Design Patterns & Cloud Architecture Oh My, GitHub Actions for Static Sites, and Hugo + Azure Storage + Azure CDN for a cheap and performant site.
Mental Health Live Stream with Andrew Nathan and Will Owen: A candid, non-clinical conversation sharing personal experiences to encourage open dialogue around mental health in the tech community.
Cloud Drop with Jamie McGuire: Social Opinion — a SaaS platform for social media analytics and tweet scheduling — and Jamie’s journey from data science research into building a production service.

Azure Highlights

Azure Static Web Apps is now GA: The headline announcement of the week. Features include globally distributed CDN, built-in CI/CD workflows from GitHub, serverless API integration via Azure Functions, custom domains with free SSL certificates, OAuth authentication providers, role-based routing, and a VS Code extension for local development.
Azure Health Bot: Extended to additional regions and languages for pandemic response symptom checking.
Azure IoT Central GA: API improvements, dashboard updates, IoT Edge enhancements, and device connectivity events.
Azure API Management GA: New certificate validation policy, VS Code extension support for self-hosted gateway debugging, Dapr and validation policy support, and availability zone configuration in the portal.

GitHub Highlights

Security Keys for SSH Git Operations: Hardware security keys (e.g. YubiKey) can now authenticate SSH-based git operations on GitHub, extending the platform’s strong authentication story.
Video Uploads on GitHub: Attach MP4 or GIF videos directly to issues, pull requests, and comments from both desktop and mobile — a practical quality-of-life improvement for bug reproduction and open source collaboration.

Cloud Drops - Pipelines as Code

Tue, 11 May 2021 00:00:00 +0000

You may have heard about Software Code or Infrastructure as Code. Well, in this video, we’ll be talking about pipelines as code. If you’re familiar with tools like Azure DevOps, Circle CI, GitHub, GitLab and Jenkins, you may notice a trend where these platforms are allowing you to define your pipelines as code. Throughout this video, we’ll be defining a multi-stage pipeline in Azure DevOps, and picking up some tips along the way.

Azure Pipelines Tips

Mon, 10 May 2021 08:00:00 +0000

Recently on Twitter, I was asked by @thegraycat on whether I knew of any resources to manage pipelines in version control. I sent across several top of mind thoughts over Twitter, but it got me thinking that there may be others with the same question and it could make a good blog post. So here we are, as I talk through some of my considerations for pipelines as code.

Hey, Chris. You might be able to point me in the right direction - are there any good resources on how manage your #azuredevops pipelines in git for versioning etc? Cheers.

GitHub Actions and Azure - Using Environments with GitHub Actions

Fri, 07 May 2021 00:00:00 +0000

Once you have a working GitHub Actions workflow, the next challenge is safely deploying across dev, staging, and production with the right secrets in the right places. This episode deep-dives into GitHub Actions Environments: how to scope secrets per environment to enforce the principle of least privilege, configure required reviewers and wait timers as production gates, and assign service principals with minimal Azure RBAC permissions. A live demo deploys the cloudwithchris.com Hugo site to Azure Storage, making every concept concrete.

Discussing the Cloud with Chris GitHub Architecture and GitHub setup

Tue, 20 Apr 2021 00:00:00 +0000

Karl Cooke (Implementation Specialist at Action Point Technology Group, blogger at irishtechie.com) turns the tables on Chris Reddington, interviewing him about the architecture and GitHub workflow behind CloudWithChris.com.

Platform Architecture

The site is a three-layer stack:

Azure DNS — public DNS zone with an apex domain redirect to www, plus separate subdomains for preview, staging, and the podcast feed (podcasts.cloudwithchris.com)
Azure CDN — global edge caching with a rules engine for HTTP→HTTPS redirects and security header injection
Azure Storage — static website hosting for all HTML, CSS, JS, and media assets; chosen for its low cost, simplicity, and natural fit with static content

Security Hardening

32 - Accelerate .NET to Azure with GitHub Actions

Fri, 26 Mar 2021 15:30:00 +0000

GitHub Actions makes it easy to automate your entire .NET software delivery pipeline — from build and test through to deployment on Azure. In this episode, Chris Reddington is joined by Isaac Levin, Senior Product Marketing Manager at Microsoft and a lifelong .NET developer, to walk through how GitHub Actions YAML workflows streamline deploying .NET and ASP.NET Core applications to Azure App Service, Azure Functions, and Azure Static Web Apps (including Blazor WebAssembly). Isaac traces the evolution of CI/CD tooling from FTP and CruiseControl.NET through to modern GitHub Actions, demonstrates how Azure and Visual Studio integrate to auto-generate workflows, and shares practical tips for getting started quickly.

31 - Deploying to Azure through Terraform Cloud

Fri, 19 Mar 2021 00:00:00 +0000

You may have heard of Terraform, but are you aware of Terraform Cloud or Terraform Enterprise? In this session, Chris gives a practical walkthrough of how he uses Terraform Cloud as the underlying engine to deploy some of his own projects onto Azure.

What is Terraform?

Terraform is an open-source Infrastructure as Code (IaC) framework from HashiCorp that uses HCL (HashiCorp Configuration Language) to define cloud resources declaratively. Unlike ARM templates, Terraform is cloud-agnostic and has a rich provider ecosystem — including the Azure RM provider used throughout this session.

V006 - Weekly Technology Vlog #6 (Recap, Coming Up and NEWS!)

Mon, 08 Feb 2021 00:00:00 +0000

This episode goes live for the first time, capturing a more spontaneous format that Chris considers making permanent. He reflects on two significant releases from the prior week: the Cloud Gaming Notes debut with Lee Williams exploring game server hosting trends and Azure’s role in the gaming industry, and the mental health episode with Andrew Nathan — an honest, personal conversation about their own experiences that proved one of the most challenging but meaningful episodes to produce.

V004 - Weekly Technology Vlog #4 (JamStack + Cloud, Upcoming Talks and Tech News)

Mon, 25 Jan 2021 00:00:00 +0000

Azure Thames Valley is gaining momentum with a website, Meetup page, Twitter account, and LinkedIn group, with the first meetup scheduled for February 16 (subsequently revised to the 17th). The committee agreed on a format of monthly virtual sessions on the third Tuesday of each month, open to speakers and attendees regardless of location.

On the Azure side, the AKS Secret Store CSI driver enters public preview, enabling Kubernetes workloads to inject secrets, keys, and certificates from Azure Key Vault without storing sensitive material in etcd. The new automatic cluster upgrade channels — patch, stable, and rapid — simplify AKS operations but require careful attention to Kubernetes API version deprecations between minor releases. Azure DevOps Delivery Plans 2.0 gains the uses statement for cleaner job resource declarations and a new manual validation task for pausing mid-stage YAML pipelines to verify configuration before continuing. Pulumi is introduced as an infrastructure-as-code tool that lets developers use Python, TypeScript, JavaScript, Go, and .NET instead of domain-specific languages, supporting AWS, Azure, GCP, and Kubernetes with native GitHub and Azure DevOps integrations. GitHub’s comprehensive 2020 year-in-review covers the CLI, mobile app, Actions improvements (self-hosted runners, environments, environment secrets, manual approvals), dark mode, GitHub Discussions, Sponsors, and pull request draft conversions.

GitHub Actions and Azure - Deploying .NET Core code to Azure App Service

Wed, 02 Dec 2020 00:00:00 +0000

You have your .NET Core application code and your Azure App Service infrastructure is ready. Now it’s time to wire them together with a fully automated GitHub Actions deployment pipeline.

What You’ll Learn

How to structure a multi-job GitHub Actions workflow that separates infrastructure deployment from application deployment
Setting up the Azure Web App Deploy action for .NET Core applications
Using GitHub Secrets to securely store Azure publish profiles
Configuring dotnet build and dotnet publish steps within a workflow job
Troubleshooting common YAML indentation and path errors in GitHub Actions pipelines
How ARM template idempotency means the infrastructure job runs safely on every commit with no unintended changes

Workflow Structure

The pipeline demonstrated here follows a two-stage pattern:

GitHub Actions and Azure - Deploying ARM templates with GitHub Actions

Wed, 02 Dec 2020 00:00:00 +0000

Before deploying application code, you need cloud infrastructure in place. This episode demonstrates automating Azure infrastructure provisioning using ARM templates and GitHub Actions.

What You’ll Learn

What ARM templates (Azure Resource Manager templates) are and why they’re declarative, deterministic, and idempotent
How ARM templates differ from imperative approaches like Azure CLI or PowerShell scripts
ARM template structure: schema, contentVersion, parameters, variables, resources, and outputs
Using the azure/arm-deploy GitHub Action to deploy ARM templates from a workflow
Repository organisation: separating source/ (application code) from templates/ (ARM templates)
Adding the actions/checkout step—and why forgetting it causes cryptic “file not found” workflow failures
Using secureString parameter types to protect secrets in ARM template inputs and outputs
Browsing the Azure Quickstart Templates gallery for production-ready ARM template samples

Series Context

This is the second episode in the GitHub Actions and Azure series. The infrastructure deployment workflow built here becomes the first job in the multi-job pipeline extended in the next episode to also compile and deploy application code.

GitHub Actions and Azure - Getting started with GitHub Actions and Azure Login

Sun, 29 Nov 2020 00:00:00 +0000

New to GitHub Actions? This episode is your starting point for automating Azure deployments with GitHub’s built-in CI/CD platform.

What You’ll Learn

The difference between Git and GitHub, and how GitHub Actions fits into your development workflow alongside alternatives like Azure DevOps, GitLab, and Bitbucket
GitHub Actions workflow YAML structure: on triggers, jobs, steps, runs-on
How GitHub-hosted runners (Ubuntu, Windows, macOS) work and when to use self-hosted alternatives
Using the Azure Login action to authenticate against Azure from a workflow
Creating an Azure Service Principal with the az ad sp create-for-rbac command and storing credentials as GitHub Secrets
Running Azure CLI commands as workflow steps after authentication
Pinning GitHub Actions to specific versions (e.g., azure/login@v1) for reproducible, auditable pipelines

Key Concept: Actions as Repositories

GitHub Actions are themselves open-source repositories. When you reference azure/login@v1, you’re pinning to a specific release tag of the azure/login GitHub repository. This makes the GitHub Actions ecosystem composable, auditable, and extensible—anyone can submit a pull request to add new capabilities.

Deploying Azure Functions and Static Sites with GitHub Actions | Cloud with Chris

Fri, 02 Oct 2020 00:00:00 +0000

Chris uses a real side-project — a multi-tenant card inventory app — to demonstrate GitHub Actions from first principles through to a working CI/CD pipeline.

GitHub Actions Fundamentals

The session opens with a clear explanation of what GitHub Actions are and why they are called workflows rather than pipelines: Actions are not limited to CI/CD and can respond to any GitHub event, including issue comments, new contributors, and dependency alerts. Core concepts covered include:

3 - DevOps in a Cloud World

Sun, 29 Mar 2020 00:00:00 +0000

In this first-guest episode of Cloud with Chris, Abel Wang — Principal Developer Advocate and DevOps Lead at Microsoft — joins Chris Reddington for a wide-ranging conversation on what DevOps really means and how to put it into practice in a cloud-first world.

Key topics covered in this episode:

Defining DevOps — Microsoft’s framing of DevOps as the union of people, process, and products focused on continuously delivering value to end users, not just shipping features
Telemetry and data-driven decisions — how telemetry revealed that only one-third of features built at Microsoft actually delivered the value users wanted (one-third were neutral and one-third were actively unwanted), and how measuring actual usage changed the team’s development approach
Feature flags — separating deployment from release, enabling safe experimentation with subsets of users, supporting rapid rollback, and keeping flag debt under control
Database DevOps — storing database schemas in source control, automating schema migrations, and breaking the traditional DBA bottleneck to support high-frequency deployments
Site Reliability Engineering (SRE) — embedding on-call responsibility directly in cross-functional product teams, using live-site incidents as the fastest way to ramp up new engineers
Shifting left — moving quality, security, and reliability considerations earlier in the delivery pipeline to reduce the cost of fixing defects in production

If you are earlier in your DevOps journey or looking to level up specific practices like CI/CD pipelines, feature flags, or database automation, this episode is packed with practical insights drawn from real experience inside Microsoft engineering teams.

CI/CD on Chris Reddington

Rubber Duck Thursdays - Let's build with custom agents (again!)

Topics Covered

Rubber Duck Thursdays - Let's keep building!

Assign issues to GitHub Copilot from the GitHub mobile app

The GitHub Copilot coding agent *NEW*

Rubber Duck Thursdays - Lizard, Spock

Rubber Duck Thursdays - Rock, Paper, Scissors

Rubber Duck Thursdays - Tic, Tac, Toe

Rubber Duck Thursdays - Actions, Codespaces and Coin Toss

Rubber Duck Thursdays - Creating gh-game CLI extension

Govern your repositories with push rulesets

ClickOps over GitOps

Policy as [versioned] code - you're doing it wrong

Key Topics Covered

ToolUp Day #10

ToolUp Tuesday - #7

Using GitHub Actions to summarise your Go tests

ToolUp Tuesday #2

Feature Flags - The Art of the IF and Deployment

What are feature flags?

Using Azure DevOps and Azure Virtual Machine Scale Set Agents to deploy your private workloads

Tales from the Real World - Shift Left your Performance Tests

DevOps Trends

The Dev/Ops Chasm — Still Unsolved

Tales from the Real World on DevOps

What’s covered

Find vulns in your code before they find you

Cloud Drops - What is Continuous Integration (CI)?

41 - DevOps on Azure

Discussing the Cloud with Chris GitHub Actions Usage

V020 - Weekly Technology Vlog #20

Cloud with Chris — A Record Week of Content

Azure Highlights

GitHub Highlights

Cloud Drops - Pipelines as Code

Azure Pipelines Tips

GitHub Actions and Azure - Using Environments with GitHub Actions

Discussing the Cloud with Chris GitHub Architecture and GitHub setup

32 - Accelerate .NET to Azure with GitHub Actions

31 - Deploying to Azure through Terraform Cloud

V006 - Weekly Technology Vlog #6 (Recap, Coming Up and NEWS!)

V004 - Weekly Technology Vlog #4 (JamStack + Cloud, Upcoming Talks and Tech News)

GitHub Actions and Azure - Deploying .NET Core code to Azure App Service

What You’ll Learn

Workflow Structure

GitHub Actions and Azure - Deploying ARM templates with GitHub Actions

What You’ll Learn

Series Context

GitHub Actions and Azure - Getting started with GitHub Actions and Azure Login

What You’ll Learn

Key Concept: Actions as Repositories

Deploying Azure Functions and Static Sites with GitHub Actions | Cloud with Chris

3 - DevOps in a Cloud World

The GitHub Copilot coding agent NEW