►
From YouTube: Demo Days - Container Registry and Container Security
Description
Andrew Weiss and Robert Freeman, Solutions Engineers, explore the container ecosystem with an emphasis on code security. Dig into static code analysis and variant analysis to reduce false positives. Prevent your software supply chain from passing known vulnerabilities into your build. Learn how to package up your code into a container, make it available via the GitHub Package Registry, and deploy it to a Kubernetes cluster with AKS.
Can we help you solve a specific problem?: https://github.co/twitch-contact-sales
B
B
Potentially,
potentially
not
sure,
yet
it's
a
little
thin
for
that,
but
I
heard
about
this
awesome
thing
called
github
container
registry
rob
you
and
I
were
talking
about
it
a
little
bit.
I
heard
it's
got
a
little
security
to
it.
It's
got
some
container
flexibility
and
enhancements.
Tell
me
a
little
bit
about
this
container
registry
that
you
wanted
me
to
look
at
for
this
application.
A
It's
a
nice
setup,
it's
interesting
because
to
go
to
go
back
a
little
bit
before
before
I
jump
into
this.
It
probably
is
relevant
to
talk
about
our
background
so
me
and
andrew
in
the
container
space.
I
say
we
we
we
are
at
least
knowledgeable
enough
to
discuss
it
at
some
depth.
Me
andrew
have
known
each
other.
For
I
don't
know,
we've
been
working
together
for
two
and
a
half
three
years,
something
like
that
right,
yep
and
we
first
met
at
a
docker.
A
You
know
one
of
the
folks
that
helped
make
containers
really
usable
and
one
of
the
things
that
was
really
exciting.
Now
that
we're
at
github
has
been,
you
know,
they're
they're,
embracing
of
you,
know
that
container
ecosystem,
and
so
now,
with
the
launch
of
of
github
container
registry-
and
I
was
super
excited
to
see
like
what
was
our
take
on
it.
How
did
we
do
it?
What
ways
is
it?
A
Is
it
kind
of
differentiated
and
special,
and-
and
it's
like
I
said
it's
it's
one
of
the
things
I've
been
really
excited
for
ever
since
started.
Github
is
to
to
have
this
type
of
capability
to
kind
of
bring
not
just
our
code
but
to
be
able
to
take
our
compiler
effects.
In
this
case,
our
images
or
container
images
and
be
able
to
store
them
in
one
place.
B
Yeah
absolutely-
and
you
know,
containers
have
been
around
for
quite
some
time
and
you
know
lots
of
folks
are
using
containers.
You
know
out
on
docker
hub
and
also
recently
with
github
packages,
but
one
of
the
things
that
individuals
and
entities
are
concerned
about
is,
of
course,
security.
Security
is
top
of
mind
for
a
lot
of
folks.
You
know,
we've
got
all
these
containers
out
there.
B
You
know
how
do
we
prevent
things
like
container
sprawl
and
ensure
that
the
software
we're
packaging
into
those
containers
is
secure,
and
I
think
that's
a
lot
of
the
impetus
too,
for
github
container
registry
is
really
expanding
upon
that
vision.
We
have
with
github
packages
and
really
digging
into
this
space,
especially
from
a
security
perspective.
You
got
any
comments
on
that
rob.
A
B
Love
it
love
it.
So
we've
got
an
application
here
that
you
and
I
have
been
working
on.
We've
got
the
blog
post
up
with
the
recent
launch
of
github
container
registry
and
I've
been
reading
about
some
of
these
security
enhancements
around
access
control.
So
what
we
want
to
do
is:
let's
try
to
set
this
up.
Let's
try
to
wire
this
up
to
our
repository
that
we
have
I've
got
a
sample
code
base
here.
This
is
just
a
simple
node.js
backend
with
an
express
api.
B
It's
also
using
a
react.js,
front-end
client
super
simple
application
and
I'll
run
it
here
shortly,
but
rob
you
and
I
have
been
working
on
this
together.
We've
got
a
couple
of
issues
up
and
you
called
me
out.
You
said
I'm
the
security
guy.
You
said
this
is
something
I
should
look
at
here.
We've
got
a
few
things
we
have
to
configure.
We've
got
some
static
code
scanning
that
we
have
to
address
some
deployment
tasks.
It
looks
like
to
a
kubernetes
service
running
out
on
microsoft,
azure
anything
else
here.
A
B
Absolutely
absolutely,
and
it
looks
like
two:
a
couple
of
these
security
vulnerabilities
were
detected.
Let's
take
a
look
at
what
these
look
like
looks
like
I
know,
you're,
not
necessarily
up
to
speed.
When
was
the
last
time
you
wrote
some
some
javascript,
it's
been,
it's
been
a
hot
second
right,
yeah
javascript.
A
B
Yeah,
so
we're
gonna,
we're
gonna,
keep
you
away
from.
I
guess
the
the
source
code
specifically,
but
it
looks
like
here
knowing
what
I
know
about
this
application,
there's
some
client-side
dependencies
that
have
some
vulnerabilities
associated
with
them.
If
I
dig
in
here,
it
looks
like
http.
Proxy
dependency
needs
to
be
version
bumped,
but
it
also
looks
like
github
has
done
some
some
version
bumps
for
me
with
the
depend-a-bot.
So
we
can
definitely
merge
these
in
review
these
locally
and
make
sure
we
fix
these.
A
Well,
I'm
just
gonna
say
that
that
is
an
awesome
feature
of
github
that
I
think
a
lot
of
people
don't
recognize
is
the
idea
that
hey
you
know,
we're
all
using
open
source
packages
and
open
source
dependencies
throughout
our
code
to
be
able
to
develop
faster,
and
we
we,
you
know
we're
not
always
necessarily.
On
top
of
of
you
know,
what
do
we
need
to
address
where
their
vulnerabilities
have
been
found,
so
by
github
kind
of
helping
us
out,
you
know,
makes
for
more
secure
code,
absolutely.
B
A
Github
advanced
security,
which
is
now
well.
That
might
be
actually
that,
maybe
that's
a
mistake,
maybe
we
don't
call
it
that
anymore,
sorry
to
keep
track
of
all
of
all
our
ships,
but
yeah
stat
code
analysis
goes
because
it's
kind
of
a
step
beyond
depend
about.
You
know
that
was
our
first
step
as
we
started
to
focus
more
and
more
on
on
security
here
at
github,
and
what
we've
realized
is
it's
great
to
respond
to
vulnerabilities
they've
already
been
found.
A
You
know
been
identified
in
the
form
of
of
cdes,
but
how
do
we
take
it?
A
step
further
and
look
at
our
actual
code
base
and
identify
potential
vulnerabilities
on
in
custom
code
and
static
code.
Analysis
allows
us
to
do
that
and
it
does
it
in
a
very
kind
of
github
way
in
the
sense
that
it's
not
a
black
box.
That
says,
let
me
look
at.
Let
me
look
at
much
code
and
I'll
tell
you
what
the
vulnerabilities
are,
but
I'm
not
going
to
tell
you
to
tell
you
how
I
found
them.
A
A
B
Yeah
100
agree
rob
and
it
looks
like
here.
I
can
take
a
look
at
an
analysis.
Workflow
that's
already
been
set
up
for
me.
Let's
go
ahead
and
actually
do
this
right
now,
let's
set
up
this
workflow
so
for
for
those
of
us
familiar
with
github
actions.
Github
actions
is
our
built-in
ci
cd
capability
and
it
looks
like
here
that
github
has
automatically
filled
in.
A
B
Of
the
yaml
configuration
and
the
things
that
I
need
to
set
up
the
the
actual
code
scanning
steps,
let's
take
another
look
through
this
workflow
here
it
looks
like
it's
going
to
trigger
a
new
ci
cd
task.
Every
time
I
push
against
my
master
branch
and
open
up
new
pull
requests
against
master
or
based
on
a
schedule,
cron
job
here
as
well.
It
looks
like
it's
going
to
do
a
scan
against
javascript
language,
which
is
what
I'm
using
here.
So
that's
great
check
out
my
source
code
and
then
do
the
auto
build.
B
Like
you
mentioned
it
compiles
it
into
that
database
against
which
I
can
run
queries,
and
then
it
actually
does
the
analysis
all
right.
So
let's
go
ahead
and
set
this
up
and
I'm
gonna
leave
the
commit
message,
as
is
I'll,
set
up
an
optional,
extended
description,
I'll
go
ahead
and
create
a
new
branch,
we'll
call
this
codeql
scan.
A
A
B
And
it
looks
like
the
scan
has
started,
so
we
can
take
a
look
into
that.
It's
initializing
code,
ql,
it's
checked
out
my
code
and
it's
doing
everything
it
needs
to
do
here
so
we'll
let
that
run.
So,
let's
take
a
look
at
some
other
tasks,
rob
while
you're
reviewing
that
and
figuring
out
your
your
twitter.
A
B
A
Yeah,
let's
see
here
hold
on,
I
gotta
get
my
glasses
on
all
right
yeah.
So
if
you
guys
are
ever
seen
a
dockerfile,
it
should
look
fairly
familiar.
But
if
not
you
know,
you
have
your
initial
image
that
you're
basing
off
here,
which
looks
like
you're
using
a
node,
build
you're,
setting
your
your
working
directory
on
where
you're
going
to
put
everything
you're
copying
in
your
your
json
file,
with
your
with
your
packages
and
then
you're
running
impedance,
so
you're
installing
npm.
A
B
So
yeah,
it's
gonna
looks
like
it's
gonna
package
up
the
app
make
it
available
as
a
container.
Once
we
run
it,
let's
see
here
anything
else
that
we
need
to
take
into
account.
We've
got
some
code
spaces
stuff
here.
I
guess
we'll
dig
into
that
in
a
bit.
Let's
take
a
look
at
the
client-side
container
as
well.
It
should
look
about
the
same
yep.
As
you
mentioned,
rob
it's
gonna
set
a
working
directory
in
the
container
it's
gonna
copy.
B
Over
my
dependency
manifest
looks
like
we're
doing
some
finagling
here
around
the
the
host
routing.
I
guess
we'll
get
into
that
a
little
bit.
Oh,
this
is
pretty
cool.
Looks
like
I'm,
using
if
you're
familiar
with
the
multi-stage,
build
rob
right
with
the
the
build
steps
in
a
separate
step
from
the
the
actual
runtime
yeah.
This
is
ideal.
B
B
A
The
the
concept
is,
is
the
div
of
a
minimizing,
the
the
things
that
or
the
the
points
of
entry.
You
know
your
attack,
surface
area,
so
the
less
moving
parts
you
have
that
you
don't
need
which
is
what's
in
these
these,
these
large
images
that
are
built
to
actually
compile
your
job.
There
are
more
places
there
can
be
vulnerabilities.
So
if
you
limit
your
actual
container
image
to
just
the
the
functions
and
procedures
that
you
actually
need,
that's
going
to
reduce
your
attack,
surface
area
and
make
it
a
more
secure
system.
B
Yeah
and
we're
using
just
the
nginx
web
server
here
to
actually
serve
out
this
content,
which
is
a
pretty
lightweight
container.
They
have
some
variants
as
well
that
are
based
on
alpine
linux,
which
makes
that
image
even
smaller
and
there's
a
lot
of
creative
things
that
you
can
do
here
from
an
image
standpoint
for
optimizations.
B
B
So
I've
got
all
the
same
files.
My
code
is
pulled
down.
I've
also
got
a
make
file
here,
that'll
kind
of
assist,
with
some
of
the
the
build
steps
and
for
those
that
are
new
to
containers
in
order
to
take
our
docker
file
and
turn
that
into
a
container.
We
have
to
build
it
first
and
create
what's
known
as
a
container
image.
B
That
image
is
then
subsequently
pushed
to
some
registry
and
then
from
that
registry
we
can
of
course
deploy
that
as
a
running
container.
So
it
looks
like
I've
got
the
build
steps
ready
to
go
here.
If
I
do
a
make
build,
it
should
go
ahead
and
build
my
images
locally,
and
I
happen
to
be
running
the
docker
desktop
tool,
which
is
an
awesome
free
to
download,
desktop
client
with
docker
pre-packaged
and
ready
to
go.
It
even
includes
a
kubernetes
cluster
that
you
can
spin
up
on
your
local
workstation
works
across
mac,
os
and
windows.
B
A
B
C
A
B
A
B
A
C
A
C
C
B
B
But
once
the
image
is
pushed
out
there,
let
me
show
you
what
that
looks
like
it'll
show
up
in
your
packages.
Tab
and
it'll
be
filtered
out
by
type
container,
so
the
docker
filter
is
for
the
docker
or
the
get
a
packages
format.
Of
course
we
encourage
folks
to
migrate
to
this
new
github
container
registry,
where
possible-
and
we
have
some
migration
steps,
that
we
publish
to
to
our
documentation
and
it's
as
simple
as
changing
the
endpoint
and
then
pushing
your
container
images
to
that
new
endpoint.
A
Yeah,
I
think
I
think
that's
an
important
emphasize
right,
the
the
switch
if
you're
going
from
you
know
azure
container
industry
or
from
docker
hub
or
wherever
it
might
be.
You
know:
we've
we've
used
industry
standards
here,
so
you're
really
just
changing
the
end
point.
It's
it's
a
it's
a
pretty
easy
transition
and
there's
not
a
lot
of
you,
know,
recoding
or
or
work
involved
in
in
getting
your
stuff
moved
over
here.
Yeah.
B
Absolutely
and
the
other
thing
to
keep
in
mind
with
container
registry.
So
when
you
first
push
the
image
now,
this
one
has
already
been
pushed
it'll
prompt
you
on
the
the
summary
page,
whether
or
not
to
link
it
to
a
specific
repository.
So
that's
the
other
difference
from
going
from
get
up
packages
get
up.
Packages
is
going
to
push
the
package
directly
within
the
space
assigned
to
that
repository.
B
In
this
case,
you
have
flexibility
to
link
this
to
different
repositories
as
needed
and
then
assign
access
as
needed.
The
use
case
for
that
is,
if
you
have
a
kind
of
a
global
base
image.
Let's
say
I
wanted
to
have
a
specific
version
of
nginx
that
my
organization
is
going
to
use.
Then
I
can
push
that
here
as
well.
A
And
then
in
the
package
settings
go
ahead.
Rob
now
I
was
just
gonna
say
that
that
capability
is
is,
is
super
important.
You
know
we.
We
talked
to
a
lot
of
folks
and
that's
something
that
they
really
wanted,
because
it's
it's
sometimes
sometimes
it's
hey.
I
want
a
a
base
image
that
I
can
use
across
my
interiorization,
and
sometimes
it
might
just
be
this.
B
Once
absolutely
yeah-
and
these
are
some
of
the
new
asterisk
control
functions
here
so
right
now-
I'm
the
only
user
with
access
to
this
image
so
rob.
I
think
if
you
try
to
access
this,
you
won't
be
able
to
in
this
particular
case,
but
of
course
I
can
invite
very
selfish
of
you
yeah.
I
know
what
can
I
say
I
mean
in
this
case.
I
can
certainly
invite
you
to
access
this
image,
but
I
don't,
I
don't
think
we're
gonna.
Do
that
I'm
a
little
security
professor.
B
So
so,
of
course
these
are
some
of
the
new
access
control
functions
and
they
work
very
similarly
to
how
we
do
access
control
across
the
rest
of
github
for
repository
permissions
and
then,
of
course,
within
github
container
registry.
We
very
much
treat
it
like
a
traditional
oci
compliant
container
registry,
so
I
can
see
the
tag
push
the
shot,
256
digest
associated
with
that
image,
and
then
I
can
drill
into
that
tag
specifically
provide
a
description.
B
B
B
B
It's
going
to
check
against
different
versions
of
node.js.
In
this
case.
Let's
just
do
note.
12
we'll
do
12
and
14
how's
that
going
to
check
out
my
code.
It's
going
to
check
against
those
versions,
now
run
npm
tests.
One
of
the
things
I
need
to
do
is
I
need
to
make
sure
that
this
particular
step
runs
with
a
specific
environment
variable,
and
this
is
going
to
be
ci
is.
B
True,
it's
auto
filling
for
me
there
now.
The
reason
I'm
doing
this
is
because
the
unit
test
engine
I'm
using
on
this
particular
app
and
rob
if
you
had
written
some
javascript
recently.
You
would
probably
know
this,
but
I
know
it's
been
a
while
we
are
using
a
test
runner
which
opens
up
an
interactive
prompt
in
this
particular
case.
I
want
to
run
this
in
headless
fashion.
So
that
way,
my
unit
tests
will
not
stop
the
workflow.
A
B
What
I
typically
do
is
I'll
do
everything,
of
course,
on
a
separate
branch
instead
of
working
through
the
the
central
and
main
branch
and
it's
a
good
way
to
kind
of
test
and
iterate
against
the
action.
It's
likely
that
unless
you
have
a
super
sound
ready
to
go
action,
workflow
already
built
at
your
disposal,
you're,
probably
going
to
run
into
some
errors,
and
there
may
be
some
trial
and
error.
I
think
this
is
just
kind
of
a
challenge
with
any
sort
of
ci
cd.
A
A
You
should
be
starting
with,
ideally
with
some
of
the
community
actions
that
are
available,
so
you
know
we
talk
about
if
you're
deploying
to
aks
like
we
are
in
this
instance,
you
know
being
able
to
reference
back
to
the
aks
action
that
was
developed
by
the
microsoft
team
and
and
using
that
as
a
foundation
to
build
off
of
you
know,
that's
one
of
the
great
features
of
github
that
that
feedback
loop,
which
allows
us
to
utilize.
You
know
the
best
the
community
has
built
and
ideally
then
we're
then
contributing
back.
B
C
A
B
A
B
Yeah,
so
there
is
a
tool
that
you
can
do
that.
I
don't
have
the
url
off
the
top
here,
but
there
is
a
tool
that
you
can
use
to
test
actions
locally
for
the
different
steps
that
you
have,
but
you
can
essentially
link
your
actions
based
on
the
latest
schemas
that
we
provide.
I
highly
recommend
the
the
github
extension
for
github
actions
for
visual
studio
code.
It's
a
great
way
to
kind
of
walk
through
things
and
see
errors
that
you're
writing
locally.
C
B
So
while
those
workflows
are
running
rob,
what's
the
other
thing
we
have
to
do
here,
you've
got
a
few
other
tasks
here.
So
oh
we've
got
to
deploy
this
thing,
so
we've
got
to
test
it.
We've
got
to
deploy
it
now
before
we
deploy
it.
We
need
to
actually
create
those
deployment
artifacts
using
kubernetes
and
every
time
I
think
of
kubernetes.
All
I
think
about
is
yaml
yaml
with
gamma
and
lots
of
lots
of
yammer.
So
rob
talk
to
me
about
all
this
yaml
that
we've
got
here
in
the
repository.
B
B
They
should
spin
up
a
development
server
and
open
it
up
by
the
way
this
app
was
created.
Using
the
create
rack,
react
app
framework,
which
is
pretty
awesome
great
way
to
bootstrap
some
some
apps.
So
this
is
just
the
the
default
landing
page
that
it
gives
you,
and
I
think
I've
got
some
console
queries
here
up
excellent
yeah.
So
it's
looking
to
make
a
request.
Of
course,
I
have
a
course
enabled,
so
it's
going
to
block
that
request,
which,
of
course
I
can
allow,
as.
C
B
B
Clearly
I've
been
trying
to
get
it
working
in
production
previously,
and
it's
run
into
some
cross-origin
or
research
sharing
issues.
Would
you
get
just
the
app
just
simple
front-end?
It's
gonna
make
a
request
to
a
simple
api
backend,
but
going
back
to
what
we
need
to
build
here.
Talk
to
me
about
the
we're.
B
A
C
A
All
right
so
pretty
pretty
basic.
You
know
two-part
app
here.
If
you
you
know,
we
have.
We
have
two
sections
of
our
of
our
ammo.
We
have
our
deployment,
which
is
really
you
know
the
instructions
on
what
we
want
to
put
out
there
in
the
the
two,
the
two
containers
we
have.
So
if
you
you
go
down
there
and
you'll
see
time
deployment
and
then
we
have
under
containers.
We
have.
We
have
two
separate
pieces.
A
So
that's
the
first
part
of
your
of
your
of
your
k
channel
and
that
really
works
in
the
sense
that
it
will
stand
up
your
your
pod,
but
you're
not
going
to
be
able
to
do
anything
with
it
without
the
second
piece
and
the
second
piece
is
the
service.
So
on
the
bottom
end
you
have
a
service
and
kubernetes,
that's
how
we
actually
expose
something
into
you
know
to
the
broader
world
and
in
this
case
we're
using
a
type
of
load.
Balancer
we're
using
aks
load.
A
Balancer
works
really
well
just
right
out
of
the
box
with
load
balancer
and
that's
that's
going
to
expose
it
to
to
a
public
out
so
that'll
create
it
on
aks
that,
once
when
you
include
that
service
it'll
go
ahead
and
automatically
create
a
public
ip
and
expose
that
on
the
porch,
you've
you've
dictated
what
you'll
see
right
in
the
bottom
80
for
the
web
front,
end
and
3001
for
this.
For
the
back
end.
B
Awesome
yeah
I'll
echo,
your
your
comments
about
the
the
load.
Balancer
integrations
that
work
really
nicely
out
of
the
box
with
the
azure
kubernetes
service.
Of
course
you
have
lots
lots
of
flexibility
here
in
terms
of
how
you
want
to
configure
your
networking
and
routing-
and
you
can
do
you
know,
layer,
seven
ingress
as
well,
using
things
like
the
nginx.
A
B
C
B
The
surprise
here-
yes,
we'll
do
that
here
shortly,
so
we've
got
that
action
working
through
that
dealing
with
some
bugs
there
and
another
action
we're
going
to
want
to
create
is
for
actually
pushing
this
to
a
specific
registry.
And
of
course
I
can
look
at
this
marketplace
of
actions
to
see
if
there's
any
workflows
that
I
can
take
advantage
of
and
for
those
that
aren't
aware,
there's
tons
and
tons
of
prebuilt
actions
workflows,
there's
a
docker
image
workflow,
which
looks
like
is
one
that
I
can
use.
B
B
B
B
And
you
can
trigger
builds
accordingly
on
your
own
infrastructure.
Now
the
agents
themselves
have
to
run
on
x86.
But
if
you
have
an
arm
environment
that
that
agent
can
connect
to-
or
if
you
have
some
external
arm
building
environment,
then
you
can
absolutely
send
the
code
from
github
to
that
environment,
facilitate
the
build,
create
the
image
and
do
so
accordingly.
B
A
B
A
Whatever
yeah,
no,
it
makes
it
make
sense
once
you
once
you
once
you
understand
what
you're
doing,
but
when
I
first
saw
it,
I
was
like
why.
Why
is
this
even
required,
but
notice
on
on
the
run
when
he's
building
when
he's
tagging
it
that's
what's
different
different
diff
differentiating
between
github
container
registry
and
and
you
know,
pushing
the
docker
hub
or
some
other
places
is
the
inclusion
of
of
the
endpoint
right
there.
So
that's
that
ghcr.io
and
your.
B
B
B
B
B
B
B
B
Yeah
so
now,
when
we
move
towards
deployment,
there
are
a
couple
tricks
that
folks
will
want
to
take
into
account.
So
you
can
see
here
that
I've
got
the
access
token
we're
using
for
container
registry.
Now,
when
you
create
a
new
personal
access,
token
make
sure
that's
only
scoped
for
read,
write
privileges
for
your
your
packages
or
your
container
images.
You
don't
necessarily
want
to
use
a
widely
scoped
token
for
this.
So
that's
what
I'm
doing
there
now,
when
we
move
towards
deployment
to
kubernetes,
rob
there's
this
kubernetes
config.
B
Is
that
right
and
that's
that's
just
the
yaml
or
json
configuration
artifact,
yep
yeah,
so
we
can
of
course
store
that
information
in
the
repository
and
the
nice
thing
too
is.
If
we
have
multiple
repositories
in
the
org
that
are
using
the
same
cluster,
we
can
create
an
org
or
organization
scope
secret
that
we
can
then
subsequently
access.
So
that's
what
I've
got
here
now,
one
of
the
things
you
can
do
here
for
deployment.
Let's
see
here,
I'm
going
to
go
and
create
another
action.
C
A
All
the
latest,
so
one
of
the
questions
we
got
from
chat
was
in
regards
to
being
able
to
create
secrets
for
each
stage.
I
mean
you
could
definitely
create
different,
see,
secrets
and
and
label
them
appropriately
to
cover
each
stage,
but
secrets
are
really
at
base
of
two
levels:
they're
either
at
the
repo
or
they
are
at
the
at
the
organization.
B
B
C
B
Typically,
you
would
scope
this
to
a
specific
branch
or
other
labeling
construct.
We
need
to
do
job.
The
job
name
will
be
deploy,
say,
aks
deploy.
This
is
gonna
runs
on
ubuntu
and
you
can
see
here
the
pretty
awesome
auto
completion
in
intellisense.
For
me,
using
this
plug-in
highly
highly
recommend
it.
B
The
nice
thing,
though,
too,
about
github
actions
is
that
you
know
we.
We
try
to
keep
the
the
actual
syntax
pretty
light,
so
the
number
of
properties
we
use
is
really
not
overly
complex.
It's
easy
to
get
started
with.
If
you
are
trying
to
hand
write
it,
you
know.
I
equate
that
to
kind
of
the
nesting
here
you
see,
there's
really
not
a
lot
of
nesting
and
that's
on
purpose
we're
trying
to
make
it
as
simple
and
then
digestible
as
possible.
B
B
B
B
B
A
That
people
people
get
wrapped
up
in
the
word
secret
and
forget
that
you
know
there's
a
there's
a
lot
of
flexibility
in
how
you
use
that
and
you
can
pass
you
know,
config
config
files.
You
can
pass
environmental
variables
really
really
any
text.
You
can
go
ahead
and
pass
through
that
secret,
especially
if
you
look
at
the
org
level
and
you
there's
something-
maybe
that
you
want
to
re
reutilize
a
lot
of
times
across
multiple
multiple
repos.
You
know
you
can
use
the
secrets
to
pass
past
that
information.
B
Exactly
so,
you
can
see
here,
I'm
just
pre-staging
the
config
into
my
local
home
directory,
that's
created
for
the
life.
This
excuse
me
life
of
this
build
and
because
the
crew
control
or
coupe
cuddle,
there's
that
whole
industry
debate
as
to
how
you
pronounce
it.
I
like
coop
control.
Personally,
you
can
use
the
command
that's
already
available
in
this
ubuntu
based
environment,
to
take
the
yaml
file
and
apply
it
to
my
cluster.
B
A
C
A
B
Oops,
I'm
on
the
I'm
naming
my
branch
differently
all
right,
so
we've
got
a
new
action
here,
simple
action.
In
reality,
your
kubernetes
deployments
are
going
to
be
likely
a
little
bit
more
complex
depending
on
the
approach
that
you
take.
This
is
very
much
a
push-based
approach
whereby
you're
going
to
have
a
branch
that
has
changes
to
both
the
app
and
the
infrastructure
code
and
then
those
changes
are
pushed
to
your
kubernetes
cluster.
B
There's
a
lot
of
interesting
ways.
You
can
do
this.
You
can
also
take
a
pull-based
approach
if
you're
familiar
with
concepts
such
as
git
ups,
whereby
you
have
infrastructure
running
on
your
kubernetes
cluster,
that
checks
for
changes
in
your
your
image
files
and
the
the
kubernetes
artifacts
and
then
pulls
those
changes
in
so
very
different
approaches,
depending
on
how
you
look
at
it.
Most
folks
are
familiar
with
this
push
based
approach,
which
triggers
the
updates
from
the
the
get
side,
but
there's
definitely
a
few
ways
to
look
at
that.
B
B
I'd
have
to
have
you
review
this
too.
So
now
we've
got
going
back
to
the
beginning.
Here,
we've
got
some
code
scanning
results,
no
no
alerts.
So
that's
that's
promising
and
then
we've
got
our
ci.
Jobs
looks
like
those
worked
for
both
node
12
and
the
tests
were
inappropriately
it's
nice
to
get
up.
Actions
provides
this
web-based
log
output,
so
I
can
view
things
there's
troubleshooting
specified.
There
are
no
back-end
tests.
B
C
A
C
B
B
Yep
it
looks
like
deployed,
so
that
was
really
fast,
so
you
can
see
here
that
the
actual
application
was
already
out
and
running
on
the
cluster.
So
control
takes
care
of
all
that.
Stick
reconciliation
for
you.
So
if
I
had
made
any
changes
or
we
made
any
changes
to
the
infrastructure,
they
would
be
present
or
identified
and
then
addressed
so
the
deployment
works,
which
is
awesome.
B
So
I
should
have
my
kubernetes
cluster
ready
to
go
oops
so
awesome,
I'm
connected
to
the
kubernetes
cluster
that
you've
created
rob.
So
that's
good
that
one
works
and
it
looks
like
there's
a
load
balancer
created
as
well
and
aks
handles
all
that
routing
for
me.
So
as
long
as
I
connect
to
this
ip,
I
should
be
able
to
it.
Should.
B
A
A
C
B
A
fantastic
job
with
the
infrastructure,
so
it
looks
like
still
having
issues
with
just
the
login.
I
think
most
folks
gets.
The
gist
looks
like
my
my
token
may
have
expired
here,
as
you
saw
from
the
very
beginning
of
the
demonstration,
but
essentially
you're,
going
to
have
different
workflows
defined
for
different
tasks.
You
can,
of
course,
combine
all
of
these
tasks
in
the
same
workflow.
C
B
A
B
You
can,
I
don't
have
the
the
the
same
class
running
here,
but
you
can
absolutely
use
the
new
github
cli
and
I
can
do
issue
creation.
I
can
create
pull
requests
and
clone
repos.
You
can
absolutely
facilitate
this
entire
workflow
through
the
new
github
cli.
So
you
didn't
have
to
see
me
go
back
and
forth
with
the
ui.