Git on Chris Reddington

Rubber Duck Thursdays - Sshh, let's talk about secrets.

Thu, 03 Apr 2025 00:00:00 +0000

This episode focuses on why secrets should never exist in source code and how GitHub’s newly unbundled security products help prevent and detect secret leaks.

After the weekly GitHub Changelog review — covering the new GPT-4o Copilot completions model, repository ownership limits, GitHub Desktop updates, Copilot mobile multi-model support, and GitHub Issues dashboard improvements — Chris dives into the headline topic: GitHub Advanced Security splitting into two standalone products, Secret Protection ($19/month) and Code Security ($30/month), now available for GitHub Team plans without requiring Enterprise.

ClickOps over GitOps

Thu, 27 Oct 2022 00:00:00 +0000

The gap between raw Kubernetes and a developer-friendly PaaS is where the most interesting tooling is being built today. GitOps gives teams a declarative, version-controlled way to manage their clusters — but the infrastructure expertise required can be a steep barrier. ClickOps offers a different angle: let developers click a dashboard, and let the platform handle the YAML.

In this episode, Chris is joined by Laszlo Folgas, founder of Gimlet.io, to explore how you can combine the accessibility of a UI with the reliability of a GitOps-driven workflow.

Policy as [versioned] code - you're doing it wrong

Thu, 15 Sep 2022 00:00:00 +0000

Chris Nesbitt-Smith presents the case for treating governance policy the same way we treat source code — versioned, iterable, peer-reviewed, and continuously improved. Drawing on his experience advocating modern engineering practices within UK government, Chris explains why policies fail and what it takes to make them work.

Key Topics Covered

Why policies fail: Policies are usually written once, emotionally, as a reaction to a specific incident. They quickly become outdated, overcomplicated, and disconnected from real risk — leading developers to work around them rather than with them.
The lift pitch: Using a story of a CIO, Product Manager, developer, and cleaner sharing a lift, Chris illustrates the different stakeholder perspectives on policy — risk ownership, delivery velocity, and day-to-day practicality — and how good policy serves all of them simultaneously.
Policy as code: Storing policy in version control (Git/GitHub), enforcing it through automated CI/CD pipelines, and treating compliance as a test suite lets teams iterate on policy as fast as the threat landscape changes.
Kubernetes admission control: The specific technical context — using Kubernetes policy engines (such as OPA/Gatekeeper or Kyverno) to enforce rules at deployment time, giving developers fast and understandable feedback in their existing workflow.
Iterative, not waterfall: Attempting to write perfect policy upfront causes the same failures as waterfall software delivery. Small, incremental improvements with clear rationale are more effective and more trusted by the teams subject to them.
Culture over tooling: Tooling is the easy part. The real challenge is helping people understand why a policy exists. When developers understand the consequence, they follow the spirit of the policy — not just its letter.

From this talk you’ll learn how to use a software development pattern and product ways of thinking towards how your organization can manage policy; achieve continual updates to policy allowing the risk mitigations to move as fast as the risk does, not get in the way and be easy to measure compliance.

Tales from the Real World on DevOps

Fri, 17 Sep 2021 00:00:00 +0000

In this episode Chris is joined by Thomas Thornton, a DevOps specialist at Kainos in Belfast, for a grounded, real-world discussion on what DevOps actually looks like at scale.

What’s covered

DevOps as culture — why DevOps is far more than a buzzword, and how to bring stakeholders beyond dev and ops into the conversation
Version control fundamentals — why getting Git right is the prerequisite to everything else in a CI/CD workflow
Branching strategies — trunk-based development vs. feature branches, managing environment drift, and when fewer branches is better
CI/CD pipeline design — starting simple, avoiding over-engineering, and incrementally adding checks and quality gates
Infrastructure as Code — using Terraform modules vs. copy-paste resources, and the long-term payoff of DRY pipelines
Kubernetes and GitOps — how pull-based GitOps (e.g. Flux/ArgoCD) enables scalable, consistent deployments across 120+ applications and multiple clusters
Practical advice for all levels — tips for those just starting out, those mid-journey, and those looking to take a mature DevOps practice further

Thomas brings examples from a real environment spanning 83 Azure subscriptions, making this one of the most grounded DevOps conversations on the channel.

Cloud Drops - What is Continuous Integration (CI)?

Tue, 20 Jul 2021 00:01:00 +0000

Modern software teams use version control branches so engineers can develop independently without blocking each other. Continuous Integration formalises the step of merging those branches back into the main codebase by requiring every change to pass an automated build and test suite before it can be accepted. Tools like GitHub Actions and Azure Pipelines automate compilation, unit tests, integration tests, and other quality checks triggered on every pull request, providing rapid feedback — if a build breaks or tests fail, the engineer knows immediately rather than discovering hard-to-trace bugs later in production.

Discussing the Cloud with Chris GitHub Architecture and GitHub setup

Tue, 20 Apr 2021 00:00:00 +0000

Karl Cooke (Implementation Specialist at Action Point Technology Group, blogger at irishtechie.com) turns the tables on Chris Reddington, interviewing him about the architecture and GitHub workflow behind CloudWithChris.com.

Platform Architecture

The site is a three-layer stack:

Azure DNS — public DNS zone with an apex domain redirect to www, plus separate subdomains for preview, staging, and the podcast feed (podcasts.cloudwithchris.com)
Azure CDN — global edge caching with a rules engine for HTTP→HTTPS redirects and security header injection
Azure Storage — static website hosting for all HTML, CSS, JS, and media assets; chosen for its low cost, simplicity, and natural fit with static content

Security Hardening

V014 - Tech Roundup #14 Azure, DevOps & GitHub Blogs, Azure Updates & New CloudWithChris content

Sun, 04 Apr 2021 00:00:00 +0000

In this Easter Sunday livestream, Chris rounds up a bumper week of tech news. Azure highlights include Microsoft being named a Forrester Wave leader in Function-as-a-Service platforms — validating the Azure Functions investment — a Cost Management recap for March, and enterprise-scale landing zone guidance from Sarah Lean. A rapid-fire Azure update pass-through covers the new AKS run command feature (enabling ad-hoc commands through the Azure API plane on private clusters while respecting RBAC), AKS node image auto-upgrade, Open Service Mesh add-on for AKS, GA of Kubernetes 1.20 in AKS, and Azure Static Web Apps deployment without a DevOps pipeline.

Why use Git, How it Works and what's going on behind the scenes?

Thu, 01 Apr 2021 00:00:00 +0000

Introduction

I’ve recently released a few Cloud Drops episodes on Git related content. The ‘Git Behind the Scenes’ video was incredibly well received. I’m also aware from my day-to-day discussions that there’s a mix of experiences with Git, so also made a Git 101 Video. In this Cloud World that we live in, version control is an important concept beyond the ’traditional’ developers. Infrastructure Engineers can now version control their Infrastructure as Code, or maintenance scripts. Data Scientists can version control their experiments and tests. And of course, developers can version control the code for their software.

Cloud Drops - Git 101 - Why use Git, and how to get started

Tue, 30 Mar 2021 00:00:00 +0000

Git is a distributed version control system — unlike centralised tools, every developer clones the full repository and history to their own machine, enabling productive offline work and independent branching without locking files.

The core workflow starts with git init to create a new repository in any folder, then git add to stage changes and git commit -m "message" to record them. git status shows which files are staged, modified, or untracked, while git log displays the full commit history. Once you create a remote repository on GitHub (or Azure DevOps, GitLab, Bitbucket), git remote add origin <url> links it to your local repo, and git push sends your commits up. Use git pull to receive changes others have pushed, or git clone <url> to bring down an entirely new repository. VS Code’s built-in Source Control panel provides a visual interface for all these operations, and the Git Credential Manager handles credential storage for private repositories across platforms.

V013 - Weekly Technology Vlog #13 (Lots of Azure, DevOps & GitHub) Blogs, Quick-fire Azure Updates

Sun, 28 Mar 2021 00:00:00 +0000

Weekly Vlog #13 covers an action-packed Azure week, with standout blog posts including Mark Russinovich’s Ignite session on Azure innovation, enterprise landing zones with modular designs, zonal disaster recovery enhancements via Azure Site Recovery, Security Center compliance updates, and Azure Databricks on Azure. On the Azure DevOps side, Chris highlights “DevOps-ing everything as code” and community stories touching on Terraform, Bicep, and policy-gated release pipelines.

The GitHub roundup digs into the GitHub Actions capture-the-flag writeup — revealing how an overly permissive workflow can expose repository secrets — and a fascinating multi-stage exploit chain from the GitHub Security Lab, both underscoring the growing importance of DevSecOps practices with GitHub Advanced Security.

Cloud Drops - How does Git work behind the scenes?

Wed, 24 Mar 2021 00:00:00 +0000

After git init, Git creates a .git folder containing HEAD, config, description, and sub-directories including branches, objects, and refs. The HEAD file holds a symbolic ref pointing to the current branch — for example ref: refs/heads/master — and that ref only materialises as a file under .git/refs/heads/ after the first commit is made. Objects (commits, trees, blobs) are stored compressed in two-character subdirectories under .git/objects/ matching the first two hex characters of their SHA-1 hash. Use git cat-file -p <hash> to inspect any object: a commit points to a tree, a tree lists blobs and sub-trees, and a blob holds the raw file content. Git deduplicates unchanged files across commits by reusing the same blob hash, saving space. After adding a GitHub remote and pushing, a new refs/remotes/origin/main file appears, confirming that local and remote tip hashes match.

Using Git LFS to version Podcast Audio files and trigger releases to production with GitHub Actions

Wed, 24 Mar 2021 00:00:00 +0000

For some time, I’ve been using GitHub actions to update the content of my site (i.e. pages, descriptions, metadata, etc.). Through Hugo, these content updates automatically update the RSS feeds. This then makes the episodes appear in podcast services such as Apple Podcasts, Google Podcasts and Spotify. However, throughout that time I have been manually uploading the podcast files to my storage account. It wasn’t a significant overhead, but I kept thinking that there must be a better way to do this. And, there is - I’ve implemented it! This blog post will walk you through why I’ve made these changes, how I made them and what the result is.

Cloud Drops - Introducing and Setting up Git LFS (Large File Storage)

Tue, 23 Mar 2021 00:00:00 +0000

Storing large binary files directly in Git forces every developer to download the full history of those files on every clone — a growing pain as the number of assets increases. Git LFS solves this by replacing tracked files with small pointer files containing a version, an ID, and a size, while the actual content lives on the remote LFS server. Run git lfs install once per machine, then git lfs track "*.mp3" per repository to create a .gitattributes entry. All subsequent git add, git commit, and git push operations work exactly as normal; LFS handles the upload transparently. When cloning, pass --config lfs.fetchExclude="*.mp3" to skip downloading the large files and receive only the lightweight pointers instead.

V012 - Weekly Technology Vlog #12 (Busy week, and quite a few blog posts to cover!)

Mon, 22 Mar 2021 00:00:00 +0000

In this episode, Chris marks three months of weekly vlogging, celebrates crossing 350 subscribers, and recaps a week where content shipped every single day.

Three Months In

Analytics show a clear correlation between increased publishing frequency and subscriber growth. The channel is approaching the 500-subscriber target for end of 2021.

Last Week’s Content (Something Every Day)

Monday — Weekly Vlog #11: DevSecOps-heavy, covering Cache Aside Pattern, GPG Keys Part 3, and a strong Azure security news cycle.

Using GPG Keys to sign Git Commits - Part 4

Wed, 17 Mar 2021 00:00:00 +0000

Part 4 - The final part (at least for now, until I find somewhere else that we can expand on with this)! This part will focus on porting the keys that we have recently generated onto our YubiKey device. I own a YubiKey NEO, so I’ll be using that.

Note: Be aware that the YubiKey NEO has a limitation where it can only hold keys up to a size of 2048 bits. If you have generated a key longer than this, then the move will fail. You may need to go through the previous blog posts to re-generate the keys. Though I mentioned this limitation in part 2.

V011 - Weekly Technology Vlog #11

Mon, 15 Mar 2021 00:00:00 +0000

In this episode, Chris unveils a refreshed visual identity for Cloud With Chris, recaps a DevOps-heavy week of content, and digs into Azure, Azure DevOps, and GitHub news with a strong security theme throughout.

New Branding

The Cloud With Chris stream background and lower-thirds have been redesigned for a more consistent, polished look. The new backdrop carries through to all series going forward.

Recent Content

GPG Keys Part 3: The generated GPG keys are now associated with Git commits (git config --global user.signingkey), and the public key is uploaded to GitHub so commits display the “Verified” badge. YubiKey integration comes in Part 4 this week.

Using GPG Keys to sign Git Commits - Part 3

Wed, 10 Mar 2021 00:00:00 +0000

Okay, part 3! At this point, I’m assuming that you have already familiarised yourself with part 1 and part 2 of the series. As a quick recap, part 1 focused on why we would consider using GPG Keys in general. Part 2 focused on how to generate GPG keys along with some recommended practices on splitting out our master (Certification) key, from our specific purpose-driven keys. This post (part 3) focuses on using those keys as part of our usual development workflow using Git. We’ll be assuming that GitHub is our end target, as GitHub supports commit signature verification using GPG Keys.

V010 - Weekly Technology Vlog #10 (Episode backlog until Mid-July! New Microphone, Ignite Content!)

Mon, 08 Mar 2021 00:00:00 +0000

In this milestone tenth episode, Chris marks a birthday and a one-year podcast anniversary, picks up a new microphone, then spends the majority of the runtime covering the best of Microsoft Ignite.

Personal Milestones

Vlog #10 & Birthday: A new Shure SM7B microphone arrives — a noticeable audio quality upgrade. Episodes are now booked through to mid-July with more guests lined up into August.
One Year of Cloud With Chris: The podcast launched on 1 March 2020.

Recent Content

GPG Keys Part 2: Hands-on guide to generating GPG keys; Part 3 (linking keys to Git commits and uploading to GitHub) is coming this week.
Cloud Gaming Notes Ep. 2: Chris and Lee discuss matchmaking in cloud gaming-as-a-service — how cloud infrastructure shapes the player experience when joining sessions dynamically rather than connecting to a fixed server. Next episode covers Sea of Thieves, inventory systems, and in-game economies.
Sidecar & Ambassador Patterns with Peter Piper: Another co-hosted patterns episode with a bingo card of API buzzwords.
DotNet Limerick Azure User Group: A live presentation on using GitHub Actions to build and deploy a static podcast/blog site. Recording available on cloudwithchris.com.

Upcoming

Welsh Azure User Group (18 March): Lightning talk — GitHub for podcast/blog deployment.
MSHowTo Live with Mert (25 March): DevOps discussion.
Northern Azure User Group (6 April): Sharing the bill with Scott Hanselman.
Cache Aside Pattern episode (this Friday).
GPG Keys Part 3 (this Wednesday).

Microsoft Ignite Highlights

Azure Cognitive Search — Semantic Search: Results ranked by user intent rather than keyword frequency, powered by Microsoft Research models.

Using GPG Keys to sign Git Commits - Part 2

Wed, 03 Mar 2021 00:00:00 +0000

Hopefully by now you’ve had a chance to read part 1 of this series, which explains why you may be interested in using GPG keys to sign your commits. Congratulations on getting to the second part! In part two, we’re going to focus on how I worked through setting up GPG in my Windows environment, and generating a set of keys for use. There were some challenges/hurdles along the way, and we’ll talk through those too! I may do another separate blog post at a later point on setting this up within Windows Subsystem for Linux. However, there are plenty of articles that already focus on macOS / Native Linux, so it isn’t really the focus of this post.

Using GPG Keys to sign Git Commits - Part 1

Wed, 24 Feb 2021 00:00:00 +0000

For a while now, I’ve been using GPG Keys to sign my Git Commits to prove that my commits on GitHub are genuine and from me. Over the last few weeks, I’ve been inspired by a couple of colleagues (Kudos to Adrian and Julie if you’re reading this) to dig out my YubiKey and use these for my key signing activities. While there are several blog posts/samples (e.g. here, here and here) on the topic already, I encountered a number of roadblocks along the way.

GitHub Codespaces, Visual Studio Code and Remote Containers

Fri, 08 Jan 2021 15:30:00 +0000

Setting up a development environment—installing the right SDK versions, extensions, and tools—wastes hours and creates ‘works on my machine’ problems. VS Code Remote Containers and GitHub Codespaces solve this with containerised, reproducible dev environments.

What You’ll Learn

How the VS Code Remote Containers extension connects your local editor to a Docker container running a full development environment
The role of devcontainer.json as a manifest defining your development container’s configuration, extensions, and port forwarding
How to bootstrap a .NET Core dev container using the microsoft/vscode-dev-containers repository samples
The difference between Remote Containers (local Docker) and GitHub Codespaces (cloud-hosted containers accessible from a browser)
Using the GitHub Codespaces VS Code extension to connect your local IDE to a cloud-hosted Codespace
The dotfiles convention: GitHub Codespaces automatically applies your ~username/dotfiles repository to personalise every Codespace with your aliases, shell configuration, and shortcuts
Live demo: editing, previewing, and committing changes to cloudwithchris.com (Hugo static site) entirely within a GitHub Codespace

Developer Experience Impact

GitHub Codespaces eliminates onboarding friction—any developer with browser access can contribute to a project within minutes, with a pre-configured environment including the correct language runtime, VS Code extensions, and tooling. No local setup required.

V001 - Weekly Technology Vlog #1 (Blog, Hugo, Azure, GitHub & Azure DevOps)

Mon, 04 Jan 2021 00:00:00 +0000

Chris kicks off the weekly vlog format with a look back at December 2020. On the open source front, he contributed pull requests to Matt Stratton’s Hugo Castanet theme — adding blog functionality and fixing episode number bugs — and began building a new Hugo theme designed for community groups, meetups, and conference platforms with multiple group and event structures. He was recognised as a new user of the month on the Hugo community forum for his support contributions there.

GitHub Actions and Azure - Deploying ARM templates with GitHub Actions

Wed, 02 Dec 2020 00:00:00 +0000

Before deploying application code, you need cloud infrastructure in place. This episode demonstrates automating Azure infrastructure provisioning using ARM templates and GitHub Actions.

What You’ll Learn

What ARM templates (Azure Resource Manager templates) are and why they’re declarative, deterministic, and idempotent
How ARM templates differ from imperative approaches like Azure CLI or PowerShell scripts
ARM template structure: schema, contentVersion, parameters, variables, resources, and outputs
Using the azure/arm-deploy GitHub Action to deploy ARM templates from a workflow
Repository organisation: separating source/ (application code) from templates/ (ARM templates)
Adding the actions/checkout step—and why forgetting it causes cryptic “file not found” workflow failures
Using secureString parameter types to protect secrets in ARM template inputs and outputs
Browsing the Azure Quickstart Templates gallery for production-ready ARM template samples

Series Context

This is the second episode in the GitHub Actions and Azure series. The infrastructure deployment workflow built here becomes the first job in the multi-job pipeline extended in the next episode to also compile and deploy application code.

GitHub Actions and Azure - Getting started with GitHub Actions and Azure Login

Sun, 29 Nov 2020 00:00:00 +0000

New to GitHub Actions? This episode is your starting point for automating Azure deployments with GitHub’s built-in CI/CD platform.

What You’ll Learn

The difference between Git and GitHub, and how GitHub Actions fits into your development workflow alongside alternatives like Azure DevOps, GitLab, and Bitbucket
GitHub Actions workflow YAML structure: on triggers, jobs, steps, runs-on
How GitHub-hosted runners (Ubuntu, Windows, macOS) work and when to use self-hosted alternatives
Using the Azure Login action to authenticate against Azure from a workflow
Creating an Azure Service Principal with the az ad sp create-for-rbac command and storing credentials as GitHub Secrets
Running Azure CLI commands as workflow steps after authentication
Pinning GitHub Actions to specific versions (e.g., azure/login@v1) for reproducible, auditable pipelines

Key Concept: Actions as Repositories

GitHub Actions are themselves open-source repositories. When you reference azure/login@v1, you’re pinning to a specific release tag of the azure/login GitHub repository. This makes the GitHub Actions ecosystem composable, auditable, and extensible—anyone can submit a pull request to add new capabilities.

GitHub Actions and Azure - Source Controlling our Code using Git

Sun, 29 Nov 2020 00:00:00 +0000

Before writing a single GitHub Actions workflow, you need a version-controlled project on GitHub. This episode scaffolds a .NET MVC web application with dotnet new mvc inside a WSL Ubuntu environment, then uses VS Code’s Source Control panel to stage the generated files, write an initial commit, and push to a freshly created public GitHub repository — equivalent to running git remote add origin, git branch -M main, and git push -u origin main from the command line.

Deploying Azure Functions and Static Sites with GitHub Actions | Cloud with Chris

Fri, 02 Oct 2020 00:00:00 +0000

Chris uses a real side-project — a multi-tenant card inventory app — to demonstrate GitHub Actions from first principles through to a working CI/CD pipeline.

GitHub Actions Fundamentals

The session opens with a clear explanation of what GitHub Actions are and why they are called workflows rather than pipelines: Actions are not limited to CI/CD and can respond to any GitHub event, including issue comments, new contributors, and dependency alerts. Core concepts covered include: