© Copyright Microsoft Corporation. All rights reserved.

FOR USE ONLY AS PART OF MICROSOFT VIRTUAL TRAINING DAYS PROGRAM. THESE MATERIALS ARE NOT AUTHORIZED
FOR DISTRIBUTION, REPRODUCTION OR OTHER USE BY NON-MICROSOFT PARTIES.
Microsoft Azure Virtual
Training Day:
DevOps with GitHub
Getting Started with DevOps
Who is Tailwind Traders?
Experiencing rapid growth

Differing goals across teams

Need for better collaboration

Looking to Implement
• DevOps methodology
• Better communication tools
• Shared tooling
Agenda
What is DevOps?

Source Control: Introduction to Git and GitHub

Using Microsoft Teams as a Collaboration Hub

Extending DevOps with Visual Studio Code

What is DevOps?
DevOps Accelerates
Delivery
Plan Develop

DevOps is the union of

people, process, and
products to enable
continuous delivery of value to
your end users.
− Donovan Brown DevOps

Learn about What is DevOps Operate Deliver

What does this all mean?
Deliver value
Plan Develop
Increasing efficiency

Eliminating waste

Streamline the feedback loop

Continuously improve DevOps

Deliver faster

Operate Deliver
Happier customers
High Performance DevOps Companies
Achieve Developer Velocity by…
208X more 106X faster from commit
frequent deployments to deploy

Faster Increased
time-to-market revenue
DevOps

7X lower change 2,604X faster

failure rate Incident recovery
Source: 2019 DORA
People

OPS

DEV

WALL OF CONFUSION

G E T T I N G S T A R T E D W I T H D E V O P S 1 0
 Development
Plan 1 2 Develop

Process

Operate 4 3 Deliver

Production
DevOps is about delivering value…

Sprints Doubling down on delivery

Prioritization Continuous
Improvement
DevOps

Backlog Greater reliability

G E T T I N G S T A R T E D W I T H D E V O P S 1 2
Source Control
Introduction to Git and GitHub
What is Source Control
and Why do we Need it?
A form of version control

Uses concept of code repositories

Tracks changes made within repositories

Allows for cross-team collaboration

GitHub

G E T T I N G S T A R T E D W I T H D E V O P S 1 4
Components of a Git Project

Branches – Tags – point

isolate to a specific
Code! development release
work

.gitignore – Commits –
untracked track changes
files to ignore to artifacts

G E T T I N G S T A R T E D W I T H D E V O P S 1 5
What is GitHub?
GitHub is the leader in Git repository
hosting. Some key features of GitHub

Expertise sharing
Cross-team collaboration
Improved code reuse
Codespaces on GitHub
GitHub Actions (CI/CD)
Increased velocity Learn about GitHub

G E T T I N G S T A R T E D W I T H D E V O P S 1 6
Features of a GitHub Project
README.md file – Document your project

SECURITY.md file – Define your security policy

LICENSE file – Define the license for your project

CODEOWNERS file – Define who is responsible for code

Pull Requests – Request to merge your changes

Issues – Track issues/bugs/features

Releases – Bundle specific iterations of your project

G E T T I N G S T A R T E D W I T H D E V O P S 1 7
Demo
GitHub In Action
Using Microsoft
Teams as a
Collaboration Hub
What is Microsoft Teams?
Microsoft Teams is the hub for teamwork.

Key features of Teams

Chat from anywhere

Meet from anywhere

Call from anywhere

Collaborate from anywhere

Achieve more, faster Learn about Microsoft Teams

G E T T I N G S T A R T E D W I T H D E V O P S 2 0
Microsoft Teams Integration via
GitHub Enterprise App

Uses a connector to send

notifications directly into a specific
Microsoft Teams channel.

G E T T I N G S T A R T E D W I T H D E V O P S 2 1
Demo
Collaboration with
Teams
Extending
DevOps with
Visual Studio
Code

1
What is Visual Studio Code?
Visual Studio Code is a lightweight and
powerful source code editor.

Run anywhere (Mac, Win, Lin)

Git commands built-in
Extensible and customizable
IntelliSense syntax highlights
Easily debug code
Open Source
Learn about Visual Studio Code
Free!

G E T T I N G S T A R T E D W I T H D E V O P S 2 4
G E T T I N G S T A R T E D W I T H D E V O P S 2 5
Visual Studio Code Marketplace
Thousands of extensions!

Microsoft and Third-party

• Language support
• Tooling support
• Connectivity
• Deployment
• Multi-cloud

Learn about Visual Studio Code Marketplace

G E T T I N G S T A R T E D W I T H D E V O P S 2 6
Extension Example – Live Share
Extension Pack
Share your code and collaborate

Share terminals and servers

Edit

Debug

Audio calls

Chat

G E T T I N G S T A R T E D W I T H D E V O P S 2 7
Demo
Tying it all together
with Visual Studio
Code
Recap
DevOps and
Tailwind Traders
Tailwind
Traders

Needed Solving The Solution

• Rapidly growing • Source control via GitHub
• Lack of collaboration • Microsoft Teams collaboration hub
• Lack of shared tooling • Visual Studio Code for shared tooling
• Solid foundation for a DevOps strategy

G E T T I N G S T A R T E D W I T H D E V O P S 3 0
Session
Resources Get Certified
Designing and Implementing
Explore Microsoft Learn Content Microsoft DevOps Solutions
for the AZ-400 Certification
Learn on AZ-400 Certification
Learn about getting started on DevOps

G E T T I N G S T A R T E D W I T H D E V O P S 3 1
DevOps in Azure: Managing the flow of work
Tailwind
Traders
all in on
DevOps OP
DEV
S
 DevOps is the union of People, Process,
and Products to enable continuous
delivery of value to our end users.
− Donovan Brown

D E V O P S I N A Z U R E 3 4
Why is DevOps
so Important?
Your competition is already doing this

Increase velocity

Reduced downtime

Reduced human error

High performance DevOps Companies
Achieve Developer Velocity by…
208X more 106X faster from commit
frequent deployments to deploy

Faster Increased
time-to-market revenue
DevOps

7X lower change 2,604X faster

failure rate Incident recovery
SPACE Framework to measure
Source: 2019 DORA Developer Productivity

D E V O P S I N A Z U R E 3 6
Scrum
The Agile: Scrum Framework at a glance
Burndown/up
Inputs from Executives Team, Charts
Stakeholders, Customers, Users
Scrum Master
Daily Scrum
Meeting
Every
24 Hours

Sprint Review
The Team
Product Owner 1-4 Week
Task Sprint
Breakout
Ranked list of what Team selects starting at top
is required: features as much as it can commit Finished Work
stories,… to deliver by end of Sprint
Sprint end date and team
deliverable do not change
Product Backlog Sprint Planning Meeting Sprint Backlog

Sprint Retrospective
General Principles
Product is built incrementally

Frequent inspection and adaption (course

correction)

Transparency (Product and Sprint

backlogs are public)

Product Owner, Development Team,

Scrum Master

Scrum Teams are self-organizing and

cross-functional
 QUALITY

Quality is
non-negotiable
DATE FEATURES
Move? Reduce?

D E V O P S I N A Z U R E 3 9
Estimates
Never accept an
estimate over 4 hours

More accurate Enables parallel Confirms alignment

development with DoD

Never start from a date

The Rules No one is
Apply to above the law

Everyone

Even the CEO

must obey the
rules
Demo
Tracking Work using Azure Boards
Branching
Strategy
Choosing the right
branching scheme is
critical to success
Traditional Branching Strategy
Feature Branching without flags

Maste
r

Development
Branch

Feature Branch A A A

Feature Branch B B B
Your Users
Trunk Based Development
Using trunk based development to avoid merge debt

Topic

Topic
Topic Hotfix

Master

Releases/M129

Releases/M130
How can that
work???
Feature Flags
On

Off

Off

New Feature Feature Flag or Toggle Consumers

Glorified If statement
Bob Sarah “Beta Page”
{ {
Key: bob@example.com”, Key: sarah@example.com”,
If group is beta return true
name: “Bob Smith”, name: “Sarah Jones”,
group: “beta” group: “normal”
… if not, return false
} }

If ( flag = true ) { Beta

true [ SHOW BETA PAGE ]
}
Else if ( flag = false ) {
[ RUN THIS CODE ]
}
false

Your Code Result

No really… it’s an if statement

if (flag == true) {
// do new behaviour
}
else {
// do old behaviour
}
A/B Experiments
23%

50% visitors see Variation A Conversion

variation A

11%

50% visitors see Variation B Conversion

variation B
Safe Deployment

New Feature Soft Launch Incremental Rollout

 Rollback
Set switch to off. Done

Done

D E V O P S I N A Z U R E 5 2
Demo
Feature Flags
Maintaining Quality w/Pull Requests
Tests OK

Looks good to me

Pull request

Master branch
Automation
to the
rescue!
Demo
Automation with GitHub Actions
Tailwind
Traders
is now in a
good state
 Let’s Recap

D E V O P S I N A Z U R E 5 8
Tailwind
Traders

Needed Solving The Solution

• Managing Work • Scrum and Azure Boards
• Managing Source Control Changes • Trunk Based Development
• Automation to help with processes • Feature Flags
• GitHub Actions

D E V O P S I N A Z U R E 5 9
Delivering Change to the Cloud
DevOps
Learning Path
Getting Started with DevOps

Managing the Flow of Work

Delivering Change to the Cloud

Building in Security and Quality

Operating Software in the Cloud

D E L I V E R I N G C H A N G E T O T H E C L O U D 6 1
 Goals for
this Session

Continuous Integration Protect Production /

Continuous Delivery / Trunk Based Development
Secrets
Deployment

D E L I V E R I N G C H A N G E T O T H E C L O U D 6 2
Tailwind Traders
DevOps Accelerates Delivery
Plan Develop

DevOps is the union of

people, process, and
products to enable
continuous delivery of value to
your end users.
– Donovan Brown DevOps

Operate Deliver
CI and CD
Continuous Integration
Continuous Delivery
Continuous Deployment
Continuous Your changes work with everyone else’s changes

Integration

Your code still builds

Your tests still run

Continuous You have a deployable piece of work

Delivery

Including infrastructure and dependencies

Deploy from build to a testing, staging, and/or production

environment
Continuous Deploy that piece of work

Deployment

Doesn’t have to be to Production

Trustworthy and reproducible

CI and CD
Continuous Integration –
Develop phase. Build, test, and validate code.

Continuous Delivery –
Automates delivery. New build artifact is available, artifact is deployed.

Continuous Deployment –
From when you commit and check in code to production, everything is
automated
Protip
Always have
Continuous Deployment to
somewhere.

Don’t assume this version will deploy

as cleanly as the last.
GitHub Actions
CI/CD with GitHub Actions
GitHub
Actions

Automation for any software Dozens of events that can trigger Continuous Integration and
workflow workflows Continuous Delivery
Demo
GitHub Actions – CI / CD
Protecting
Production
We might not want every change to
go to Production
Pull Request
Workflows

Workflow triggers Build, test, deploy Checks before merging

on PR to main branch
Trunk-based Development
Release branches (no commits)

trunk/main

Short-lived feature branches

Trunk-based Development

trunk/main

Short-lived feature branches

Trunk-based Development

trunk/main

Short-lived feature branches

Trunk-based Development
Release branches (no commits)

trunk/main

Short-lived feature branches

Demo
Trunk Based Development and PR
Workflows
Pre Production

GitHub Actions
Azure App Service
Deployment Slots

Staging Production
Deployment Slots

Staging Production

0% 100%

D E L I V E R I N G C H A N G E T O T H E C L O U D 8 3
Deployment Slots

Staging Production

100% 0%

D E L I V E R I N G C H A N G E T O T H E C L O U D 8 4
Deployment Slots

Staging Production

10% 90%
Demo
CI / CD with pre-production and UAT
environments
Handling Keys
and Credentials
Keeping secrets secret
 GitHub Secrets

D E L I V E R I N G C H A N G E T O T H E C L O U D 8 8
 GitHub Secrets

D E L I V E R I N G C H A N G E T O T H E C L O U D 8 9
Azure Key Vault

Keys Secrets Certificates

Azure Key Vault
Future Ideas for
Tailwind Traders

Rotate credentials in Automatically build a new Pull commit messages

Key Vault when an dev environment and fork a since last production release
admin asks a Teams Bot repository based on a properly- and build release notes for
formatted issue customers
Summary
Add CD to your pipeline!

Continuously deploy somewhere

Protect production with GitHub Environments

Centralize Secrets Storage

Buidling in Security and Quality
DevOps
Learning Path
Getting Started with DevOps

Managing the Flow of Work

Delivering Change to the Cloud

Building in Security and Quality

Operating Software in the Cloud

B U I L D I N G I N Q U A L I T Y 9 5
Goals for
this Session

Security Apply Security Build Quality and Gain

to Containers Confidence

B U I L D I N G I N Q U A L I T Y 9 6
 Tailwind
Traders
Website

B U I L D I N G I N Q U A L I T Y 9 7
 Tailwind
Traders
Website ASP.NET Core + React
Docker container on
Azure App Service

Azure SQL Database Azure Cosmos DB

B U I L D I N G I N Q U A L I T Y 9 8
 Quality
What Tailwind
Traders Needs
Confidence

Security

B U I L D I N G I N Q U A L I T Y 9 9
 Tailwind
Traders ASP.NET Core + React
Microservices with
Website backend APIs and Web
Frontend

Azure SQL Database Azure Cosmos DB

B U I L D I N G I N Q U A L I T Y 1 0 0
 Security and
Vulnerability
Management

B U I L D I N G I N Q U A L I T Y 1 0 1
Security and Vulnerability Management

B U I L D I N G I N Q U A L I T Y 1 0 2
Security and Vulnerability
Management

B U I L D I N G I N Q U A L I T Y 1 0 3
EMBEDED SECURITY IN THE DEVELOPER W ORKFLOW

Where security fits in the development lifecycle

PRE-COMMIT
COMMIT (CI)
• Threat modeling
• Static code analysis
• IDE security plug-in
• Security unit tests
• Pre-commit hooks
• Dependency management
• Secure coding standards
• Credential scanning
• Peer review

OPERATE & MONITOR DEPLOY (CD)

• Continuous monitoring • Infra as code (IaC)
• Threat intelligence • Security scanning
• Blameless postmortems • Cloud configuration
• Security acceptance tests
 Dependency Insights

What Tailwind • Real-time inventory

• License compliance
• Vulnerability alerting
Traders Needs
Vulnerability Management
• Code scanning
• Secret scanning
• Largest vulnerability database
• Automated security updates

CodeQL
• World’s most advanced code analysis
• Vulnerability hunting tool
• Community of top security experts

B U I L D I N G I N Q U A L I T Y 1 0 5
Vulnerability Management

Over 62 million
security alerts sent
across GitHub.

B U I L D I N G I N Q U A L I T Y 1 0 6
Code Scanning
Find and fix vulnerabilities fast
Find and fix vulnerabilities before they are
merged into the code base with automated
CodeQL scans

Community of top security experts

Community-driven query set powers every
project with a world-class security team

Integrated with developer workflow

Integrate security results directly into the
developer workflow for a frictionless
experience and faster development

B U I L D I N G I N Q U A L I T Y 1 0 7
Secret Scanning

Scan for leaked

secrets in public and
private repos.

B U I L D I N G I N Q U A L I T Y 1 0 8
 Tailwind
Traders
Website

B U I L D I N G I N Q U A L I T Y 1 0 9
GitHub Security
Code Scanning
Find and fix vulnerabilities before they are
merged into the code base with automated
CodeQL scans

Scan containers
Scan for common vulnerabilities in Docker images
before pushing them to a container registry or
deploying them to a containerized web app or
Kubernetes cluster

Manage secrets using Azure Key Vault

Dynamically pull secrets from an Azure Key Vault
instance for consumption in GitHub Action workflows

D E V S E C O P S B D M 1 1 0
 Demo
Azure Security and GitHub
Advanced Security

B U I L D I N G I N Q U A L I T Y 1 1 1
 Container
Security

B U I L D I N G I N Q U A L I T Y 1 1 2
Kubernetes Architecture
Self-managed main node(s)

API Server etcd

Scheduler Controller Manager

App/workload Kubernetes API Cloud Controller

definition endpoint

Agent Pool
Docker Docker Docker Docker Docker

Pods Pods Pods Pods Pods

B U I L D I N G I N Q U A L I T Y 1 1 3
Kubernetes Architecture
Self-managed
Azure managedmain node(s)
control plane

API Server etcd

Scheduler Controller Manager

User App/workload Kubernetes API Cloud Controller

definition endpoint

Agent Pool
Docker Docker Docker Docker Docker

Pods Pods Pods Pods Pods

B U I L D I N G I N Q U A L I T Y 1 1 4
Refresher on container layers
Container Layer Read/Write
91e49dfb1179

d7b1189bf667

c220123c8472
Image Layers
d31af33eb855
Read Only

a7183fb762a8

f61792ba8979

From: Alpine:3.8

B U I L D I N G I N Q U A L I T Y 1 1 5
Demo
Building Secure Containers
End-to-end, code-to-cloud DevOps

Home for all

Build Test
developers Deploy anywhere,
including your own
Home for the
Code Release data centers
world’s code

• Elastic, to any scale • On-prem

• Fully managed Plan Deploy • Azure
• Packages always the latest • AWS
• Supports all OS for CI/CD Monitor Operate • Google Cloud Platform
• Largest ecosystem
• Community-led automation

B U I L D I N G I N Q U A L I T Y 1 1 7
HARDENING DEVOPS INFRASTRUCTURE

GitHub

Code Collaborate

Develop Automate

Secure Community
 Quality

B U I L D I N G I N Q U A L I T Y 1 1 9
Demo
Gaining DevOps Confidence
Bridge to Kubernetes
Simplifies microservice development
Eliminates the need to manually source,
configure, and compile external dependencies

Streamlines application
development
Sidestep operational complexities of building
and deploying code into the cluster to test and
debug

Work in isolation in shared

development environment
Work in a private “sandbox” environment by
routing specific traffic locally

B U I L D I N G I N Q U A L I T Y 1 2 1
B U I L D I N G I N Q U A L I T Y 1 2 2
 Developer Workstation

You Cart API

B U I L D I N G I N Q U A L I T Y 1 2 3
GitHub Actions

Automate

Build, test and deploy with

confidence

Customizable

B U I L D I N G I N Q U A L I T Y 1 2 4
What did we learn?
Code Scanning and
Dependency Alerts

Build More Secure Containers

Gain DevOps Confidence

B U I L D I N G I N Q U A L I T Y 1 2 5
Invent with purpose.
Operating Software in the Cloud
Welcome to the
Tailwind Team
Agenda

Understanding Application Responsible Incident Guiding Incident Response

Behavior Response with Automation
Creating Visibility in Production If no one is on-call, everyone is Using computers to help people
do the right things
What is
DevOps?
DevOps Accelerates Delivery
Plan Develop

DevOps is the union of

people, process, and
products to enable
continuous delivery of value to
your end users.
− Donovan Brown DevOps

Operate Deliver
High performance DevOps Companies
Achieve Developer Velocity by…
208X more 106X faster from commit
frequent deployments to deploy

Faster Increased
time-to-market revenue
DevOps

7X lower change 2,604X faster

failure rate Incident recovery
Source: 2019 DORA

D E V O P S I N A Z U R E 1 3 3
People

OPS

DEV

WALL OF CONFUSION

D E V O P S I N A Z U R E 1 3 4
 Development
Plan 1 2 Develop

Process

Operate 4 3 Deliver

Production

D E V O P S I N A Z U R E 1 3 5
Understanding
Application
Behavior in
Production
 Improve Time to
Detect

The Goals for

Monitoring our Reduce Time to
Production Mitigate/Remediate

Systems
Enable Validated Learning

D E V O P S I N A Z U R E 1 3 7
Sources of Monitoring Data

Real User Synthetic Telemetry

Monitoring Transactions
 What and why?

Defining
Over what time
Effective period?
Monitoring
Who needs to know?

D E V O P S I N A Z U R E 1 3 9
Demo
From Instrumentation to Alerting
Responsible
Incident
Response
 API calls are failing!

Disaster Email notifications

went out… to
Strikes! everyone

And time goes by…

D E V O P S I N A Z U R E 1 4 2
Establishing a Basic Designated
Responsible Individual Rotation
Create a shared DRI Schedule

Identify an escalation path

Define response time targets

The DRI is Responsible for

Responding to alerts/incidents in the defined time window

Coordinating with partner service DRIs

Ensuring the proper escalation of severe or long-running issues

Demo
Defining our DRI/On-Call Schedule
Incident Response
Incident Notifications
are not:

Broadly Informational Heartbeat or

distributed only logging
Incident Response
Incident Notifications
are not:

Specifically Actionable In need of

directed human intervention
Guiding Incident
Response with
Automation
 Can't see the value of
automation?!! At some point it's
an IQ test.

The Value of – Jeffrey Snover

Automation Technical Fellow and
Creator of PowerShell
2010

O P E R A T I N G S O F T W A R E I N T H E C L O U D 1 4 9
Reducing Manual Intervention
in Production
Move manual, repetitive tasks to automation

Reduce human interaction to reduce variability in response

Protect production by ensuring notification and response

Demo
Creating a Basic DRI Notification
 In a lousy economy, NOTHING
is more important than
automation.
Productivity == Career security.

The Value of – Jeffrey Snover

Automation Technical Fellow and
Creator of PowerShell
2009
Review
 Monitor to Understand
Production
Improve time to detect, mitigate, and remediate,
and enable validated learning.
Review
Responsible Incident Response
If everyone is responsible for incident response,
no one is.

Automation Guided Response

Let machines do repetitive tasks and help guide the response
process.

O P E R A T I N G S O F T W A R E I N T H E C L O U D 1 5 4