Group items tagged

Trunk-based development is a more open model since all developers have access to the main code. This enables teams to iterate quickly and implement CI/CD.

Developers can create short-lived branches with a few small commits compared to other long-lived feature branching strategies.

Gitflow is an alternative Git branching model that uses long-lived feature branches and multiple primary branches.

Gitflow also has separate primary branch lines for development, hotfixes, features, and releases.

Trunk-based development is far more simplified since it focuses on the main branch as the source of fixes and releases.

Trunk-based development eases the friction of code integration.

trunk-based development model reduces these conflicts.

Adding an automated test suite and code coverage monitoring for this stream of commits enables continuous integration.

With continuous integration, developers perform trunk-based development in conjunction with automated tests that run after each committee to a trunk.

Instead of creating a feature branch and waiting to build out the complete specification, developers can instead create a trunk commit that introduces the feature flag and pushes new trunk commits that build out the feature specification within the flag.

Short running unit and integration tests are executed during development and upon code merge.

Automated tests provide a layer of preemptive code review.

A repository with a large amount of active branches has some unfortunate side effects

Merge branches to the trunk at least once a day

The “continuous” in CI/CD implies that updates are constantly flowing.

Tags are accessible to many AWS services, including billing.

personally identifiable information (PII)

Use automated tools to help manage resource tags.

Tag policies let you specify tagging rules that define valid key names and the values that are valid for each key.

Name – Identify individual resources

Environment – Distinguish between development, test, and production resources

Project – Identify projects that the resource supports

Owner – Identify who is responsible for the resource

Each resource can have a maximum of 50 user created tags.

For each resource, each tag key must be unique, and each tag key can have only one value.

decide on a strategy for capitalizing tags, and consistently implement that strategy across all resource types.

AWS Cost Explorer and detailed billing reports let you break down AWS costs by tag.

An effective tagging strategy uses standardized tags and applies them consistently and programmatically across AWS resources.

Encrypted cookies are an important security feature in Laravel.

All of this encryption and decryption is handled in Laravel by the Encrypter using PHP's built-in security tools, including OpenSSL.

Passwords are not encrypted, they are hashed.

Crypt (symmetric encryption) and Hash (one-way cryptographic hashing).

Laravel uses this same method for cookies, both the sender and receiver, using APP_KEY as the encryption key.

something like user passwords, you should never have a way to decrypt them. Ever.

Unique: The collision rate (different inputs hashing to the same output) should be very small

Laravel hashing implements the native PHP password_hash() function, defaulting to a hashing algorithm called bcrypt.

a one-way hash, we cannot decrypt it. All that we can do is test against it.

User password storage should never be reversible, and therefore doesn’t need APP_KEY at all.

Any good credential management strategy should include rotation: changing keys and passwords on a regular basis

update the key on each server.

their sessions invalidated as soon as you change your APP_KEY.

make and test a plan to decrypt that data with your old key and re-encrypt it with the new key.

A build system, git, and development headers for many popular libraries, so that the most popular Ruby, Python and Node.js native extensions can be compiled without problems.

Nginx 1.18. Disabled by default

production-grade features, such as process monitoring, administration and status inspection.

Redis 5.0. Not installed by default.

The image has an app user with UID 9999 and home directory /home/app. Your application is supposed to run as this user.

Passenger works like a mod_ruby, mod_nodejs, etc. It changes Nginx into an application server and runs your app from Nginx.

placing a .conf file in the directory /etc/nginx/sites-enabled

The best way to configure Nginx is by adding .conf files to /etc/nginx/main.d and /etc/nginx/conf.d

To preserve these variables, place an Nginx config file ending with *.conf in the directory /etc/nginx/main.d, in which you tell Nginx to preserve these variables.

By default, Phusion Passenger sets all of the following environment variables to the value production

PASSENGER_APP_ENV environment variable

passenger-docker autogenerates an Nginx configuration file (/etc/nginx/conf.d/00_app_env.conf) during container boot.

The configuration file is in /etc/redis/redis.conf. Modify it as you see fit, but make sure daemonize no is set.

You can add additional daemons to the image by creating runit entries.

the shell script must run the daemon without letting it daemonize/fork it.

We use RVM to install and to manage Ruby interpreters.

All jobs will share the same environment, if many of them run simultaneously they might get into conflicts.

storage management (accumulating images)

all containers would share the same Docker daemon.

Add privileged = true in the [runners.docker] section, the privileged mode is mandatory to use DinD.

To avoid that the runner only run one job at a time, change the concurrent value on the first line.

functional tests depending on a database.

Docker Compose allows you to easily start multiple containers, but it has no more feature than Docker itself

After the block type keyword and any labels, the block body is delimited by the { and } characters

Identifiers can contain letters, digits, underscores (_), and hyphens (-). The first character of an identifier must not be a digit, to avoid ambiguity with literal numbers.

The # single-line comment style is the default comment style and should be used in most cases.

he idiomatic style is to use the Unix convention

Indent two spaces for each nesting level.

align their equals signs

Use empty lines to separate logical groups of arguments within a block.

Use one blank line to separate the arguments from the blocks.

"meta-arguments" (as defined by the Terraform language semantics)

Avoid separating multiple blocks of the same type with other blocks of a different type, unless the block types are defined by semantics to form a family.

Resource names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.

By convention, resource type names start with their provider's preferred local name.

Most publicly available providers are distributed on the Terraform Registry, which also hosts their documentation.

The Terraform language defines several meta-arguments, which can be used with any resource type to change the behavior of resources.

use precondition and postcondition blocks to specify assumptions and guarantees about how the resource operates.

Some resource types provide a special timeouts nested block argument that allows you to customize how long certain operations are allowed to take before being considered to have failed.

Timeouts are handled entirely by the resource type implementation in the provider

Most resource types do not support the timeouts block at all.

A resource block declares that you want a particular infrastructure object to exist with the given settings.

Destroy resources that exist in the state but no longer exist in the configuration.

Destroy and re-create resources whose arguments have changed but which cannot be updated in-place due to remote API limitations.

Expressions within a Terraform module can access information about resources in the same module, and you can use that information to help configure other resources. Use the <RESOURCE TYPE>.<NAME>.<ATTRIBUTE> syntax to reference a resource attribute in an expression.

resources often provide read-only attributes with information obtained from the remote API; this often includes things that can't be known until the resource is created, like the resource's unique random ID.

data sources, which are a special type of resource used only for looking up information.

some dependencies cannot be recognized implicitly in configuration.

local-only resource types exist for generating private keys, issuing self-signed TLS certificates, and even generating random ids.

The count meta-argument accepts a whole number, and creates that many instances of the resource or module.

the count value must be known before Terraform performs any remote resource actions. This means count can't refer to any resource attributes that aren't known until after a configuration is applied

Within nested provisioner or connection blocks, the special self object refers to the current resource instance, not the resource block as a whole.

Ephemeral containers differ from other containers in that they lack guarantees for resources or execution, and they will never be automatically restarted, so they are not appropriate for building applications.

distroless images enable you to deploy minimal container images that reduce attack surface and exposure to bugs and vulnerabilities.