A journey of the thousand binaries

Rate this content
Bookmark

In this workshop we will explore the advantages of having a robust, mature universal artifact repository manager at the heart of the software development cycle. We will explore the most important concerns when developing rich applications and adapting to a fast pacing market. In the past years big companies have benefited from techniques like AB testing to improve their products, increase traffic, improve UX experience and offer new functionality. This is only possible if there is a solid devops infrastructure in place with tools that provide among others, control, security, versioning and good annotation support. It’s not only about having the right tools but knowing how to use them to its full potential.

Ixchel Ruiz
Ixchel Ruiz
67 min
29 Mar, 2022

Comments

Sign in or register to post your comment.

Video Summary and Transcription

The Workshop covers the importance of dependencies in software development, the different types of dependencies, challenges and security issues with dependencies, the role of repositories in dependency management, and the process of resolving dependencies and publishing. It also discusses the configuration of repositories and authentication, and the creation and configuration of different types of repositories. The Workshop emphasizes the need for understanding dependencies, ensuring security, and using tools like JFocusray and OWAS dependency check for analysis and assessment.

Available in Español: Un viaje de los mil binarios

1. Introduction to Dependencies

Short description:

This part is about the importance of dependencies in software development. It emphasizes the need to reuse software written by others and discusses the different types of dependencies such as frameworks, libraries, packages, modules, and resources. It also highlights the fact that dependencies are not all the same and can vary in terms of functionality and complexity. The text encourages the audience to start provisioning their free tier and provides a link for them to do so. Overall, the part sets the stage for the workshop and introduces the concept of dependencies in software development.

Hi, hello. I'm super happy that you are here. One of the most important links that you will have is that one that is showing right now in my screen. So, if you follow there, you can get a free instance. This is important because to follow all the examples and to do exactly the same what I'm going to do at the demo so and provisioning instances usually takes a little bit of time. So, it's important that you start doing it at this moment so we reach the hands on part of this workshop, we will have our instances running.

And, well, I'm here in Switzerland, in Basel, Switzerland. I'm super excited and happy that you're here with me. So, let's start with the session or the workshop. And I will post the link and you will have it in some of the slides, so if you join later on or you haven't done it, there is still a chance. So, this is me. I'm from Mexico. I live in Switzerland, as I work for a company so that's exactly where you're going with that link. Again, this session and this workshop is all about dependencies. And if you're starting to provision your free tier, this is what you are looking at. And you go and start for free. You can choose whatever name there. And as I said, it takes time. So, that's why I encourage you to do it right now. And while you do that and everything is provisioned, let's start with the real interesting topics.

So, today's presentation and workshop is about a key part of our software development process. And it is dependencies. We don't need to reinvent the wheel every time we want to achieve a new level of functionality or deliver software faster. We want and we do reuse software written by others every day. Software dependencies. But by doing that, sometimes, we get into trouble. So, dependencies are not only used while we are developing. They are used for runtime or testing. And you know what? Dependencies are not all the same. So, I'm going to give you two statements and you will tell me if they are true or false. Actually, I will answer that for you. But you get the idea. So, dependencies are collections containing high quality tested code that provides functionality that requires significant expertise to develop. That's true. Some of our dependencies are really highly functional. They are really well tested. That's the case of our frameworks. So, it's true. Dependency managers like NPM have made possible that almost trivial functionality can be packaged and published. That is true. Publishing to NPM registry is dead trivial. And these are both sides of the spectrum. From one side we have libraries or pieces of code that require a lot or require a lot of work, have a lot of tests and provide a lot of functionality and maybe they are opinionated. On the other side we have very small pieces of code. So, we have to see what are the different types of dependencies that we have. Frameworks, libraries, packages, modules, and resources. So, this is typical what we refer as our dependencies. So, what is our resource? A resource is a collection of files, for example, templates, media, audio, video or images, plain text or even blobs that need to be included inside our applications to execute or display correctly. This doesn't need to be binaries. This is something that we depend and is needed.

2. Types of Dependencies

Short description:

This part explains the different types of dependencies in software development, including modules, packages, libraries, and frameworks. It emphasizes the importance of understanding the purpose and functionality of each type of dependency in order to make informed decisions. It also highlights the need to consider the degree of need and the impact of dependencies on updates, migration costs, and clean-up efforts. The part concludes by reminding the audience to start provisioning their environment and highlighting the significance of dependencies in software development.

And a module. This is a set of functions or methods that provides self-contained functionality. A module usually has an interface that explicitly and abstractly specifies both the functionality. And it provides an interface and usually one implementation. So, we can see it as a black box.

A package is a collection of modules that hold, in general, the same functional purpose. Usually a directory. And this is only for Python and JavaScript. We have a different structure for a package, but the concept still remains. Usually a directory contains a file that describes metadata about the package. And usually they're aggregated based on the functionality. So, it's easy to abstract or omit some packages, entire packages.

And a library. A library is a collection of related functionality defined in several packages. It's essentially a set of functions that you can call. Each call does some work and returns control to the client or framework or application. And finally, frameworks. A framework embodies some abstract defined with more behavior built in. And in order to use a framework, you usually, it's the other way around. We include our code inside some places in the framework and he will call us. So, for example, this is one of the most interesting difference between a framework and a library. And they usually are more opinionated. So, frameworks or platforms usually are bigger, are more opinionated. The integration between the different functional components is more connected. And they usually have a long list of versions or at least a road map. It's very mature. Because it usually requires a larger group of developers to build its functionality. Usually there is a license and, of course, there is a set of tests.

And in the JavaScript world, this is pretty apparent. Because, for example, Angular is defined as a platform. While React, they said that it's just a library or a group of libraries to build user interfaces. So, they are very clear about what is the purpose of their libraries or frameworks. And on the order side of the spectrum, I told you before, you have frameworks and you have tiny, tiny, tiny packages. And this is a collection of micro NPM packages, like sometimes one liners.

So, there are different types of dependencies. And having a clear mind or a clear idea which type of dependencies we have in our projects make us realize and also make us think about which ones are the crucial, what are the important ones. What are only cosmetics? Others are easily exchanged. And also something that we have to keep in mind is our degree of need. Because even if it's a large library, it's not really needed. And these two factors are really important to help us decide the cadence of update. Migration costs, our clean up efforts. Because that has to happen in every single application. So, for example, we have a dependency on five major libraries. Or five major one platform usually. And five major libraries. When do we update? How do we test? And what is our own roadmap? How dependent are we on code that is not so great? So, this is the question that we need to ask every single time that we decide to add a new dependency in our projects. Or we're trying to think about the future, or we have a problem with a specific dependency. So, making dependencies important, our level of dependency, our level, or the type of dependency is really important.

So, before we continue with the bad news, I will remind you again of the link to start provisioning your environment, so you can work with me alongside me during the demo part. So, we have dependencies, all types of dependencies, and we depend on them in different ways.

Watch more workshops on topic

Deploying React Native Apps in the Cloud
React Summit 2023React Summit 2023
88 min
Deploying React Native Apps in the Cloud
WorkshopFree
Cecelia Martinez
Cecelia Martinez
Deploying React Native apps manually on a local machine can be complex. The differences between Android and iOS require developers to use specific tools and processes for each platform, including hardware requirements for iOS. Manual deployments also make it difficult to manage signing credentials, environment configurations, track releases, and to collaborate as a team.
Appflow is the cloud mobile DevOps platform built by Ionic. Using a service like Appflow to build React Native apps not only provides access to powerful computing resources, it can simplify the deployment process by providing a centralized environment for managing and distributing your app to multiple platforms. This can save time and resources, enable collaboration, as well as improve the overall reliability and scalability of an app.
In this workshop, you’ll deploy a React Native application for delivery to Android and iOS test devices using Appflow. You’ll also learn the steps for publishing to Google Play and Apple App Stores. No previous experience with deploying native applications is required, and you’ll come away with a deeper understanding of the mobile deployment process and best practices for how to use a cloud mobile DevOps platform to ship quickly at scale.
MERN Stack Application Deployment in Kubernetes
DevOps.js Conf 2022DevOps.js Conf 2022
152 min
MERN Stack Application Deployment in Kubernetes
Workshop
Joel Lord
Joel Lord
Deploying and managing JavaScript applications in Kubernetes can get tricky. Especially when a database also has to be part of the deployment. MongoDB Atlas has made developers' lives much easier, however, how do you take a SaaS product and integrate it with your existing Kubernetes cluster? This is where the MongoDB Atlas Operator comes into play. In this workshop, the attendees will learn about how to create a MERN (MongoDB, Express, React, Node.js) application locally, and how to deploy everything into a Kubernetes cluster with the Atlas Operator.
Azure Static Web Apps (SWA) with Azure DevOps
DevOps.js Conf 2022DevOps.js Conf 2022
13 min
Azure Static Web Apps (SWA) with Azure DevOps
WorkshopFree
Juarez Barbosa Junior
Juarez Barbosa Junior
Azure Static Web Apps were launched earlier in 2021, and out of the box, they could integrate your existing repository and deploy your Static Web App from Azure DevOps. This workshop demonstrates how to publish an Azure Static Web App with Azure DevOps.
How to develop, build, and deploy Node.js microservices with Pulumi and Azure DevOps
DevOps.js Conf 2022DevOps.js Conf 2022
163 min
How to develop, build, and deploy Node.js microservices with Pulumi and Azure DevOps
Workshop
Alex Korzhikov
Andrew Reddikh
2 authors
The workshop gives a practical perspective of key principles needed to develop, build, and maintain a set of microservices in the Node.js stack. It covers specifics of creating isolated TypeScript services using the monorepo approach with lerna and yarn workspaces. The workshop includes an overview and a live exercise to create cloud environment with Pulumi framework and Azure services. The sessions fits the best developers who want to learn and practice build and deploy techniques using Azure stack and Pulumi for Node.js.

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

Levelling up Monorepos with npm Workspaces
DevOps.js Conf 2022DevOps.js Conf 2022
33 min
Levelling up Monorepos with npm Workspaces
Top Content
Learn more about how to leverage the default features of npm workspaces to help you manage your monorepo project while also checking out some of the new npm cli features.
Automating All the Code & Testing Things with GitHub Actions
React Advanced Conference 2021React Advanced Conference 2021
19 min
Automating All the Code & Testing Things with GitHub Actions
Top Content
Code tasks like linting and testing are critical pieces of a developer’s workflow that help keep us sane like preventing syntax or style issues and hardening our core business logic. We’ll talk about how we can use GitHub Actions to automate these tasks and help keep our projects running smoothly.
Fine-tuning DevOps for People over Perfection
DevOps.js Conf 2022DevOps.js Conf 2022
33 min
Fine-tuning DevOps for People over Perfection
Top Content
Demand for DevOps has increased in recent years as more organizations adopt cloud native technologies. Complexity has also increased and a "zero to hero" mentality leaves many people chasing perfection and FOMO. This session focusses instead on why maybe we shouldn't adopt a technology practice and how sometimes teams can achieve the same results prioritizing people over ops automation & controls. Let's look at amounts of and fine-tuning everything as code, pull requests, DevSecOps, Monitoring and more to prioritize developer well-being over optimization perfection. It can be a valid decision to deploy less and sleep better. And finally we'll examine how manual practice and discipline can be the key to superb products and experiences.
Why is CI so Damn Slow?
DevOps.js Conf 2022DevOps.js Conf 2022
27 min
Why is CI so Damn Slow?
We've all asked ourselves this while waiting an eternity for our CI job to finish. Slow CI not only wrecks developer productivity breaking our focus, it costs money in cloud computing fees, and wastes enormous amounts of electricity. Let’s take a dive into why this is the case and how we can solve it with better, faster tools.
The Zen of Yarn
DevOps.js Conf 2022DevOps.js Conf 2022
31 min
The Zen of Yarn
In the past years Yarn took a spot as one of the most common tools used to develop JavaScript projects, in no small part thanks to an opinionated set of guiding principles. But what are they? How do they apply to Yarn in practice? And just as important: how do they benefit you and your projects?
In this talk we won't dive into benchmarks or feature sets: instead, you'll learn how we approach Yarn’s development, how we explore new paths, how we keep our codebase healthy, and generally why we think Yarn will remain firmly set in our ecosystem for the years to come.
Atomic Deployment for JS Hipsters
DevOps.js Conf 2024DevOps.js Conf 2024
25 min
Atomic Deployment for JS Hipsters
Deploying an app is all but an easy process. You will encounter a lot of glitches and pain points to solve to have it working properly. The worst is: that now that you can deploy your app in production, how can't you also deploy all branches in the project to get access to live previews? And be able to do a fast-revert on-demand?Fortunately, the classic DevOps toolkit has all you need to achieve it without compromising your mental health. By expertly mixing Git, Unix tools, and API calls, and orchestrating all of them with JavaScript, you'll master the secret of safe atomic deployments.No more need to rely on commercial services: become the perfect tool master and netlifize your app right at home!