AI-Based Pull Request Reviews

With the popularity ChatGPT, it was only a matter of time before developers began to use this technology to automate manual processes that require a little more finesse, such as reviewing pull requests.  Pull requests are a common practice in software development, where developers submit their code changes to a shared repository for review and approval by other developers. This process helps ensure that the code is consistent, readable, and free of errors or bugs. However, doing this manually can be time-consuming and tedious, not to mention subjective.

This is where artificial intelligence can help. Using Open AI’s Generative Pre-Trained Transformer (GPT) models, AI-based pull request reviews aim to automate and improve the quality and efficiency of code reviews.

 

Benefits and Challenges

Since AI does not have human limitations, it can review code changes in seconds or minutes. These changes will be consistent, objective, and there will be improved code quality and security as a result. However, the decisions made by the AI are based upon a predetermined set of rules. These predefined rules may have some inherent bias or error due to biased data. In addition, while we as people have the capacity for nuance and context, AI doesn’t always capture this. For this reason, among others, there is still a need for human oversight and a need for humans to be able to intervene or override the AI’s decisions entirely.

Examples of AI-Based Pull Request Review Services

Several services are already making the leap forward into artificial intelligence-based pull request reviews. One such service is CodeRabbit. This service uses OpenAI’s most advanced system in order to review pull requests. CodeRabbit can also review code line-by-line and suggest changes, provide a summary and release notes of a pull request, and even allow for in-context conversation about the code. This service is intended to be used as a GitHub Action.

Another service is found as an extension to Azure Pipelines: GPT Pull Request Review. This extension has the option of using Azure Open AI service, but you can also choose which Open AI model you prefer. This extension is a task is your build definition and can be found in the Visual Studio Marketplace.

AI-based pull request reviews are a promising and exciting innovation that can transform the way developers write, review, and maintain code. For more information, or to get started today, contact our team of experts here at PRAKTIK.


Top 5 Azure DevOps Features in Q4 2023

Although Q4 is riddled with holidays and long weekends, the Azure DevOps team still managed to deliver innovative and exciting features. In this post, we will highlight some of these new features that were released in Q4 2023.

GitHub Integration - Improved AB# validation (private preview)

When linking to a Pull Request using the AB#{ID} syntax, you only know if the link is successful by looking at the work item or notice the ID turn into a link. Q4 saw a private preview featuring enhancements to the Azure Boards GitHub experience to better inform you of the validity of a work item. This helps you identify and fix bad links before a Pull Request is merged. To be a part of the private preview, contact the team directly.

Work item filtering

In the past, you needed to create a custom query in order to find and access a particular piece of data. Now, though, finding this data is much easier with a feature called work item filtering. Work item filtering will allow you to hover over your work item chart for a quick overview. You can also go into specific chart segments for detailed insights.

New version of the Azure DevOps Web Extension SDK

The Azure DevOps Web Extension SDK got an update in Q4 that provides support for ES (ECMAScript) modules in addition to the existing AMD (Asynchronous Module Definition) modules. This means you can now import SDK using ES module syntax, which improves performance and reduces the size of the application.

 

Switch between HTML or Markdown on comments

Previously, there was a private preview introduced to enable Markdown for comments on work items. This was intended to eventually replace the existing HTML editor entirely. Following feedback, however, now you can switch between Markdown and HTML editors at the comment level. This will allow you to leave comments in the way that is most natural and productive to you.

Improved YAML validation

YAML is a powerful tool for building your pipelines, but only when the syntax is correct. To check this, you can use the Azure Pipelines web editor’s Validate functionality. As of Q4, YAML validation with this tool is even more thorough when it comes to expressions. Azure Pipelines will detect incorrect variable definitions and YAML conditions at the pipeline, stage, and job level.

 

For more information,, contact our team of experts here at PRAKTIK.


How to Deploy Static Web Apps with Azure DevOps

Static web apps are websites that consist of static content such as HTML, CSS, and JavaScript files. They can also have a serverless backend powered by Azure Functions. Static web apps are fast, secure, and easy to develop and maintain. They are ideal for modern web frameworks such as React, Angular, Vue, and Blazor. In this article, we will show you how to deploy static web apps using Azure DevOps.

Azure Static Web Apps

Azure Static Web Apps is a service that enables you to deploy static web apps to a global CDN with a custom domain, SSL certificate, authentication, and authorization. This service also integrates with Azure DevOps Services, a cloud-based platform for DevOps practices such as version control, planning, testing, and continuous delivery.

Deploy Static Web Apps Using Azure 

Deploying Static Web Apps with Azure is a relatively straightforward process. You will need a static web app project hosted in an Azure DevOps repository and an Azure subscription.

The first step is to create an Azure Static Web App resource in the Azure portal.

Next, you need to configure a pipeline in Azure DevOps with the repository where your code lives. You can use the Azure DevOps portal or the YAML editor to create and edit your pipeline. This will provide you with a deployment token. Make sure this token is imported in using a Powershell script, or you can add it manually. The code in your YAML file will define a simple pipeline that triggers upon changes to the main branch of your repo, uses an Ubuntu virtual machine, and runs the Azure Static Web Apps task. This task is native in Azure DevOps, so there is no concern about compatibility.

Finally, run your pipeline. If you immediately navigate to the URL for your web app, you’ll see the below message. After a few minutes, the pipeline will finish running, and your content will show up. Following your deployment, you can also check out deployment logs and build outputs. Your static web app is up and running!

For more information, or to get started today, contact our team of experts here at PRAKTIK.


Top 5 Azure DevOps Features in 2023 Q3

Azure DevOps is constantly coming out with new features to help improve your productivity, security, and quality. In this blog post, we will highlight some of these new features that were released in Q3 2023.

GitHub Advanced Security for Azure DevOps

One of the major initiatives in Q3 was the general availability of GitHub Advanced Security (GHAS) for Azure DevOps. This feature allows you to leverage the power of GitHub’s code scanning and secret scanning capabilities within your Azure DevOps repositories. You can also use third-party security analysis tools that generate results in SARIF format and display them in the Advanced Security Code Scanning alerts hub. Additionally, you can use custom CodeQL queries to find and fix vulnerabilities in your code. In short, GHAS helps you secure your code and protect your assets from malicious actors. Any project collection administrator can now enable Advanced Security for their organization, projects, and repos from the Project Settings or Organization Settings.

CodeQL code scanning now supports Swift

Speaking of security, CodeQL code scanning now includes Swift. This means that developers working on applications for Apple platforms can take advantage of code security analysis. This analysis includes the detection of path injection, risky web view fetches, various cryptographic misuses, and other forms of unsafe handling or processing of unfiltered user data.

Centralized control for building PRs from forked GitHub repos

One of the great things about GitHub is the ability to have the community work together on a project and give suggestions. However, this can come with risks, particularly those associated with fork builds. Forks can be dangerous because they come from outside your organization. Managing public repositories can come with a substantial amount of work to maintain security standards. Now, there is an organization-level control for defining how pipelines build pull requests from forked GitHub repos. The new setting is called Limit building pull requests from forked GitHub repositories and works at organization and project level. Furthermore, for new organizations, pull requests from forked repositories are securely built by default.

Azure Artifacts support for Cargo Crates

Azure Artifacts now offers native support for Cargo crates. Rust developers and teams can now consume, publish, manage, and share their Cargo crates seamlessly, all while using Azure's robust infrastructure and staying in the familiar Azure DevOps environment. This support is in public preview. You can get started by navigating to your Azure DevOps project, selecting Artifacts, and following the instructions to connect your Rust project to your Azure Artifacts feed.

Workload identity federation in Azure Pipelines

Azure Pipelines now offers workload identity federation in public preview. Workload identity federation uses an industry-standard technology, Open ID Connect (OIDC), to simplify the authentication between Azure Pipelines and Azure. Instead of certifications that must be manually changed, workload identity federation allows you to create an identity with an external identity provider. This identity establishes a trust relationship with protected resources and is able to access them securely. This also eliminates the risk of leaking stored secrets or having credentials expire.

To learn more about these features and learn how they can empower you and your team, contact our experts here at PRAKTIK.


How to Migrate Software Assets for a Merge, Acquisition, or Divestiture

Migrating software assets from one platform to another is a common scenario that many software companies face. Whether it is due to a merger, acquisition, divestiture, or simply a change of strategy, moving software assets can be a complex and challenging process that requires careful planning and execution.

Migrating Azure DevOps instance

If you are migrating between Azure DevOps instances, you can use the Azure DevOps Migration Tools. This is a set of open-source tools that can help with migrating data between Azure DevOps instances or organizations. It supports migrating projects, repositories, work items, pipelines, test plans, artifacts, and more. It even allows you to perform a test migration and validate the results before importing them to the target instance.

Alternately, you can leverage the Azure DevOps REST API to export data from the source organization and import it into the target organization. This requires more manual effort than the migration tools, but it is more configurable for scenarios in which you have specific requirements.

Migrating Git Repository Services

Migrating your web-based Git repository service (such as GitHub, GitLab, or Bitbucket) has different challenges and considerations than an Azure DevOps migration. One of the simplest ways to migrate between instances is to back up the existing instance and restore it on the new instance. Administrators would then use the Users API to migrate users to this new instance.

You can also migrate projects using file exports. This method can be a little tedious, as you are migrating your projects one by one. This method also does not correctly preserve history.

Leveraging the REST API is an option for migrating a Git instance as well. This will still require some heavy lifting manually, but it is a great option for migrating all your data and configuring to your needs. However, you will need to migrate your Container Registry over a series of Docker pulls and pushes.

Migrating Jira Instance

If you are migrating from one Jira instance to another, you can use the Project Configurator for Jira. This tool has an export function that packs your data into a ZIP file that you can then transfer to your target server. Or, again, leveraging the REST API is an option for migrating your Jira instance.

Additionally, if you choose to migrate from Jira to Azure DevOps, there are many tools available to make this transition as simple as possible.

Key Takeaways

The method by which assets are migrated is vitally important to the success of the migration. The compatibility, interoperability, and performance of the software assets need to be ensured across different platforms, systems, and environments. This may involve testing, debugging, modifying, integrating, and deploying the software assets. The software assets may also need to be updated, patched, or upgraded to meet new standards and expectations.

In addition, it is often advisable to do a test migration to ensure this compatibility and performance. This would allow for unforeseen circumstances to be observed and handled without jeopardizing the success of the migration as a whole.

For more information, or to get started with your own migration, contact our team of experts here at PRAKTIK today.


Azure DevOps vs. GitLab

Continuous integration and continuous delivery (CI/CD) are essential practices for modern software development. They enable faster and more reliable delivery of software products by automating the build, test, and deployment processes. There are many tools available for implementing CI/CD, such as Azure DevOps and GitLab.

Azure DevOps

Azure DevOps is a cloud-based platform that provides a set of services for teams to share code, track work, and ship software. It integrates well with Microsoft tools and supports various platforms and languages. It includes Azure Repos for Git hosting, Azure Pipelines for CI/CD, Azure Boards for agile planning, Azure Artifacts for package management, and Azure Test Plans for testing. When implementing CI/CD, you can decide to only use Pipelines, or you can use all the services for a full and seamless DevOps lifecycle.

GitLab

GitLab is an open-source self-hosted platform that offers a complete solution for the entire DevOps lifecycle. It can be deployed on any infrastructure and supports a wide range of technologies and integrations, though some have said it doesn't run as well on Windows. GitLab's message is: "One platform to empower dev, sec, and ops teams." The features available for use depend on the tier of GitLab selected, each with its own cost.

 

Compare and Contrast

When it comes to actually creating a pipeline, it is important to consider to the time cost of starting up. Azure DevOps has a YAML pipeline editor that makes it much easier to create and edit the pipelines. While GitLab also has a Pipeline Wizard, it expects you to create and maintain a YAML template as code. Conversely, the Azure DevOps wizard doesn’t require you to write any YAML. Furthermore, GitLab doesn't provide a visual editor for build and release orchestration like Azure DevOps. This can serve as an impedance for certain teams.

In terms of pricing, these tools vary greatly. Azure DevOps has a flexible pricing structure, which offers a free tier for up to five users and 1,800 minutes of build time per month. This is ideal for small teams or projects that do not require a lot of resources or features.  GitLab can be expensive for smaller teams, as it offers a free tier for unlimited users but limited features. To access more features and functionalities, users must pay a monthly or annual fee that can range from $29 to $99 per user per month. This is compared to the $6 per user per month for Azure DevOps Services.

If your ecosystem already has several Microsoft tools, Azure DevOps may be a better choice for your CI/CD needs. Additionally, it is customizable and integrates with other, third-party tools through plugins in the Visual Studio Marketplace. Conversely, GitLab focuses more on using its own native tools and does not provide a marketplace for CI/CD plugins. This may mean an additional time cost of having to learn a new tool instead of being able to use whatever tool works best for you.

 

When deciding which CI/CD tool is right for you, it is important to look at all aspects of what development would look like. The tool you choose should do nothing but enhance your team and enable them to go create great solutions. For more information, contact our team of experts here at PRAKTIK.


Migrating to the Cloud: Level Up Your Development

Are you managing your software development projects on-premises with Azure DevOps Server? If so, you're probably intimately familiar with the challenges associated with setup, maintenance, and scale. By migrating to Azure DevOps Services in the cloud, you could eliminate those challenges, as well as improve productivity and collaboration.

Azure DevOps Services

Azure DevOps Services is the cloud version of Azure DevOps Server. It is scalable, reliable, and backed by a 99.9% SLA that is monitored 24/7. It is broken down into five main services: Azure Pipelines, Azure Repos, Azure Boards, Azure Test Plans, and Azure Artifacts. You can get access to the services separately or all together. You only pay for what you use, and you get unlimited private Git repositories for free.

Benefits of the Cloud

Some organizations choose to stay on-premises because of security concerns. However, Azure DevOps Services has rock-solid security. In fact, Microsoft uses this service internally. They actively invest in security improvements, not only for their customers, but for their own development. Azure DevOps Services also supports role-based access control, encryption, auditing, and compliance standards. For more information on compliance certifications and security procedures, visit the Microsoft Service Trust Portal.

Azure DevOps Services will allow you to heal the pain points associated with an on-premises solution. For example, setup is far simpler. You don't need to install, configure, or maintain any servers or software. You can simply create an organization and start using Azure DevOps Services in minutes. It is also easier to scale up or down your resources as needed; this can even be done automatically with Azure App Service.  Furthermore, a cloud solution is virtually maintenance-free. Gone are the days of worrying about updates or patches.

Finally, by migrating to the cloud, you will have access to features that aren't available in Azure DevOps Server. One such feature is GitHub Advanced Security. GitHub Advanced Security is an application security testing service that is embedded in the developer workflow. It empowers teams to innovate and be productive without sacrificing ever-important security.

For more information, or to get started with your migration, contact our team of experts here at PRAKTIK.


2023 Gartner Magic Quadrant for DevOps Platforms

The 2023 Gartner Magic Quadrant for DevOps Platforms is out, and it reveals some interesting insights into the competitive landscape of the DevOps market. A Gartner Magic Quadrant is a two-dimensional framework used to display a culmination of research in a specific market. This view can quickly and easily tell you how well technology providers are executing their visions and how they are performing in the market. The 2023 Gartner Magic Quadrant for DevOps Platform report revealed three leaders in the DevOps space: Azure DevOps, GitLab, and Atlassian.

The Leaders

Azure DevOps is a cloud-based platform from Microsoft that provides a comprehensive set of tools and services for end-to-end software delivery. Azure DevOps enables teams to collaborate across the entire software development lifecycle, from planning and coding to testing and deploying. This platform also integrates seamlessly with other Microsoft products and services, such as Azure, GitHub, Visual Studio, and Office 365.

GitLab is a DevOps platform that offers a single application for the entire software development and delivery process. This platform aims to reduce complexity and increase operational efficiency by enabling teams to work on the same platform. GitLab also embeds security within the software development lifecycle, rather than bolting it on as an afterthought.

Atlassian is a provider of a single, extensible DevOps platform that connects teams to accelerate engineering velocity, increase uptime/reliability, and deliver value faster. Atlassian also offers a wide range of integrations and templates for various use cases and stacks.

 

Choosing the Right Tool

All three vendors offer compelling solutions for DevOps teams, and all are denoted as Leaders in the Magic Quadrant. Still, it can be challenging to choose the right tool for your organization and situation. One important facet of this decision is considering which tools you already use. For instance, if you use things like Azure and Office 365, Microsoft's Azure DevOps will be a more seamless option for you.

Other crucial pieces of this puzzle are reliability, scalability, and security. Atlassian's platform lacks native support for most application security capabilities, instead relying on external partners. This can mean additional cost and time setting up this important piece of your ecosystem. While GitLab and Azure DevOps have robust security built-in and are scalable, Azure DevOps takes the cake when it comes to reliability. It can automatically scale based on demand with no downtime.

Finally, it is critical to think about pricing. GitLab does not provide tiered pricing, nor does it provide visibility into cloud environment costs. On the other hand, Azure DevOps is more customer-centric in its approach. Therefore, it can be customized to your needs and budget so you're not paying for anything you don't need.

Not only does Azure DevOps fulfill the criteria for being a solid DevOps platform, it is also pushing the envelope with a more innovative approach to development that leverages AI and machine learning to enhance software delivery.

For more information, or to get started with a DevOps platform, contact our team of experts at PRAKTIK.

 


Using GitHub Copilot with Visual Studio

Artificial intelligence is a hot topic lately, especially with the popularity of things like ChatGPT. What if you could use this kind of technology to help write code better, faster, and more efficiently? GitHub Copilot is an extension for Visual Studio that uses artificial intelligence to help you do just that.

What is GitHub Copilot?

GitHub Copilot is an AI pair programmer extension for Visual Studio that is able to intelligently look at the context of your code and provide things like code completions, suggestions, and even full snippets of code for your project. This technology enables developers to write code more efficiently and to minimize errors.

GitHub Copilot is different from existing technology like IntelliSense and IntelliCode. IntelliSense is a code completion feature that is built-in to Visual Studio. It can provide suggestions based on the current context, such as variable names and classes, but does not use AI. IntelliCode, on the other hand, uses AI to analyze your code to understand common practices and provide whole-line completions. GitHub Copilot takes the features from each technology a little further by analyzing a vast dataset of publicly available code to provide things like context-aware code suggestions. The assistance that this extension offers to a developer is more advanced, and offers more accurate and relevant suggestions.

Research has found that GitHub Copilot users experience more job fulfillment and are able to stay in the flow longer to solve tough problems.

 

Getting Started

To use GitHub Copilot in Visual Studio, you need to have Visual Studio 2022 version 17.4.4 or later, and a GitHub Copilot subscription. You can get a free subscription if you are a verified student or a maintainer of a popular open-source project on GitHub.

To install the extension, you must enable GitHub Copilot from your GitHub settings. Then, install the extension from the Visual Studio Marketplace.

With the extension installed, you're able to start using it in Visual Studio. You can do things like ask it to write code for you by simply typing it in natural language as a comment. You can also have it write those ever-important unit tests for you to make sure your code is working properly.

GitHub Copilot is a powerful tool for enhancing developer productivity and reducing disruptions. To learn more or to get started, contact our team of experts here at PRAKTIK.


Large-Scale Deployment Strategy with Azure Pipelines and Omaha

Deploying a client application at scale requires compatibility, security, performance, and reliability of the software across different platforms and environments. Additionally, the software needs to be updated frequently to fix bugs, add features, or address security vulnerabilities. By using Azure Pipelines in conjunction with an application update framework such as Omaha, you can achieve a streamlined strategy to ensure seamless updates, efficient delivery, and overall user satisfaction.

Azure Pipelines and Omaha

Azure Pipelines is a cloud-based continuous integration and continuous delivery (CI/CD) platform. It enables development teams to automate build, testing, and deployment, ensuring fast and reliable software delivery.

Omaha is the open-source version of Google Update, which offers a mechanism to deliver client application updates. If you're using Chrome or Edge for your browser right now, you already have Omaha working for you in the background. It makes sure users have access to the latest features, bug fixes, and security patches without manual intervention. Omaha consists of two main components: a server-side module called Omaha Server and a client-side module called Omaha Client. The Omaha Server hosts and distributes the updates. The Omaha Client runs on the end-users’ devices and periodically communicates with the Omaha Server to check for and install updates.

By leveraging Azure Pipelines and Omaha, you can automate build and deployment processes while guaranteeing efficient and reliable updates.

Deployment Strategy

The deployment strategy using these tools is quite simple. For your build, testing, and deployment, you'll use Azure Pipelines in the same way you know and love. To handle large-scale deployments, you can use tools such as Azure Kubernetes Service or Azure Pipelines Scale Set Agents. Both of these allow automatic scaling based on demand.

For any updates, you'll use Omaha. Setting up and using Omaha for your updates requires that you have an update server, which is where the update information and installer files will be stored. Your installer files will also need to include registry values that tell Omaha important information, such as version. With all files and parameters provided to the server, you can now distribute the Omaha client and client application installer to your users. There, it will run in the background. By default, Omaha will check every 24 hours for an update and will automatically install the update if detected.

By using Omaha for updates instead of manual intervention, we are reducing human error, increasing efficiency, and allowing teams to focus on new features as opposed to maintaining old ones. This is especially true for large-scale client applications.

For more information, or to get started today, contact our team of experts at PRAKTIK.