March 24 - 25, 2022
DevOps.js
Online

DevOps.js Conf 2022

The JavaScript DevOps Conference



This edition of the event has finished, the latest updates of this JavaScript Conference are available on the Brand Website.
Levelling up Monorepos with npm Workspaces
33 min
Levelling up Monorepos with npm Workspaces
Top Content
NPM workspaces help manage multiple nested packages within a single top-level package, improving since the release of NPM CLI 7.0. You can easily add dependencies to workspaces and handle duplications. Running scripts and orchestration in a monorepo is made easier with NPM workspaces. The npm pkg command is useful for setting and retrieving keys and values from package.json files. NPM workspaces offer benefits compared to Lerna and future plans include better workspace linking and adding missing features.
Fine-tuning DevOps for People over Perfection
33 min
Fine-tuning DevOps for People over Perfection
Top Content
DevOps is a journey that varies for each company, and remote work makes transformation challenging. Pull requests can be frustrating and slow, but success stories like Mateo Colia's company show the benefits of deploying every day. Challenges with tools and vulnerabilities require careful consideration and prioritization. Investing in documentation and people is important for efficient workflows and team growth. Trust is more important than excessive control when deploying to production.
Why is CI so Damn Slow?
27 min
Why is CI so Damn Slow?
Slow CI has a negative impact on productivity and finances. Debugging CI workflows and tool slowness is even worse. Dependencies impact CI and waiting for NPM or YARN is frustrating. The ideal CI job involves native programs for static jobs and lightweight environments for dynamic jobs. Improving formatter performance and linting is a priority. Performance optimization and fast tools are essential for CI and developers using slower hardware.
pnpm – a Fast, Disk Space Efficient Package Manager for JavaScript
31 min
pnpm – a Fast, Disk Space Efficient Package Manager for JavaScript
pnpm is a fast and efficient package manager that gained popularity in 2021 and is used by big tech companies like Microsoft and TikTok. It has a unique isolated node module structure that prevents package conflicts and ensures each project only has access to its own dependencies. pnpm also offers superior monorepo support with its node module structure. It solves the disk space usage issue by using a content addressable storage, reducing disk space consumption. pnpm is incredibly fast due to its installation process and deterministic node module structure. It also allows file linking using hardlinks instead of symlinks.
The Zen of Yarn
31 min
The Zen of Yarn
Let's talk about React and TypeScript, Yarn's philosophy and long-term relevance, stability and error handling in Yarn, Yarn's behavior and open source sustainability, investing in maintenance and future contributors, contributing to the JavaScript ecosystem, open-source contribution experience, maintaining naming consistency in large projects, version consistency and strictness in Yarn, and Yarn 4 experiments for performance improvement.
The Inner Workings of Vite Build
31 min
The Inner Workings of Vite Build
Welcome to vidBuild, a tool that optimizes your application for production by offering fast hodgemodule replacement and support for various technologies. The build process in vidBuild involves optimizing and minifying assets, bundling JS and CSS, and generating chunks for dynamic imports. The pipeline in vidBuild includes plugins for alias, resolution, CSS modules, and asset handling. Vid is a complete build tool with a flexible plugin system and support from a vibrant community. Vite's plugin API is compatible with Rollup, and Vite aims for simplicity while pushing complexity to the plugin system.
Observability for Microfrontends
24 min
Observability for Microfrontends
Microfrontends follow the microservices paradigm and observability is crucial for debugging runtime production issues. Error boundaries and tracking errors help identify and resolve issues. Automation of alerts improves incident response. Observability can help minimize the time it takes to understand and resolve production issues. Catching errors from the client and implementing boundaries can be done with tools like OpenTelemetry.
Optimize Node.js Development Workflows in Kubernetes with Skaffold and Rancher Desktop
9 min
Optimize Node.js Development Workflows in Kubernetes with Skaffold and Rancher Desktop
Lucan de Muela discusses how to optimize Node.js development workflows in Kubernetes using Scaffold and Rancher Desktop. He highlights the developer experience, cluster management simplification with Rancher Desktop, and build/release workflow optimization with Scaffold. He also mentions the ability to update Kubernetes versions and choose a container runtime, as well as the option to reset the cluster for a safe development environment.
MERN Stack Application Deployment in Kubernetes
152 min
MERN Stack Application Deployment in Kubernetes
Workshop
Joel Lord
Joel Lord
Deploying and managing JavaScript applications in Kubernetes can get tricky. Especially when a database also has to be part of the deployment. MongoDB Atlas has made developers' lives much easier, however, how do you take a SaaS product and integrate it with your existing Kubernetes cluster? This is where the MongoDB Atlas Operator comes into play. In this workshop, the attendees will learn about how to create a MERN (MongoDB, Express, React, Node.js) application locally, and how to deploy everything into a Kubernetes cluster with the Atlas Operator.
The Lazy Developer Guide: How to Automate Code Updates?
22 min
The Lazy Developer Guide: How to Automate Code Updates?
Code automations can save time and effort in development tasks. There are tools and examples available for automating tasks like updating dependencies and code formatting. Automation allows teams to focus on valuable work and improves overall performance. Deciding when to automate depends on the impact and type of code. The last automated task discussed was applying translation updates to multiple projects.
Azure Static Web Apps (SWA) with Azure DevOps
13 min
Azure Static Web Apps (SWA) with Azure DevOps
WorkshopFree
Juarez Barbosa Junior
Juarez Barbosa Junior
Azure Static Web Apps were launched earlier in 2021, and out of the box, they could integrate your existing repository and deploy your Static Web App from Azure DevOps. This workshop demonstrates how to publish an Azure Static Web App with Azure DevOps.
Experimenting with Deno for Easier Kubernetes Deployments
31 min
Experimenting with Deno for Easier Kubernetes Deployments
The Talk discusses using Dino and TypeScript to simplify writing and managing Kubernetes YAML configurations. It explores the challenges of working with large YAML files and introduces a unique solution. The Talk also highlights the features and benefits of Deno, such as its secure runtime and powerful typing capabilities. It demonstrates how Deno can be used to create and modify Kubernetes objects, and emphasizes the advantages of using a general-purpose language for configuration. The Talk concludes by discussing the potential applications of this approach beyond Kubernetes deployments.
How to Secure Your Node.js Containers on Kubernetes With Best Practices
34 min
How to Secure Your Node.js Containers on Kubernetes With Best Practices
Today's talk is about securing Kubernetes containers, especially for Node.js. The best practices for securing Kubernetes include using RBAC, OIDC, and secrets, as well as isolating workloads and securing container images. OADC is recommended for authentication in Kubernetes, and securing the Kubernetes cluster is crucial. Cloud-based Kubernetes clusters can utilize OADC or the default authentication mechanism provided by the cloud provider. Managing team size and dealing with different security philosophies are important considerations. Overall, securing Kubernetes is essential for protecting the infrastructure and data.
How to develop, build, and deploy Node.js microservices with Pulumi and Azure DevOps
163 min
How to develop, build, and deploy Node.js microservices with Pulumi and Azure DevOps
Workshop
Alex Korzhikov
Andrew Reddikh
2 authors
The workshop gives a practical perspective of key principles needed to develop, build, and maintain a set of microservices in the Node.js stack. It covers specifics of creating isolated TypeScript services using the monorepo approach with lerna and yarn workspaces. The workshop includes an overview and a live exercise to create cloud environment with Pulumi framework and Azure services. The sessions fits the best developers who want to learn and practice build and deploy techniques using Azure stack and Pulumi for Node.js.
Serverless for Frontends
8 min
Serverless for Frontends
Welcome to my session on Serverless for Front-ends. Serverless functions eliminate the need for a runtime and handle orchestration for you. Microfrontends require a runtime and orchestration, but side-less UIs provide a runtime-free solution. In the demo, a new team adds functionality to an application and publishes it easily. Building and deploying applications is quick and easy with micro apps and PowerCLI, offering true loose coupling and instant availability without a runtime.
A Simple, Yet Powerful Approach to Clean Code!
8 min
A Simple, Yet Powerful Approach to Clean Code!
This Talk introduces the concept of CleanCode in DevOps workflows, highlighting the benefits of efficient and maintainable code. The use of SonarCloud and the Sonar Solution is showcased as an easy way to add clean code to the workflow, providing valuable insights and metrics. Analyzing pull requests and triaging issues is emphasized as a proactive approach to catching and correcting code issues before they reach the main branch.
Bring Code Quality and Security to your CI/CD pipeline
76 min
Bring Code Quality and Security to your CI/CD pipeline
WorkshopFree
Elena Vilchik
Elena Vilchik
In this workshop we will go through all the aspects and stages when integrating your project into Code Quality and Security Ecosystem. We will take a simple web-application as a starting point and create a CI pipeline triggering code quality monitoring for it. We will do a full development cycle starting from coding in the IDE and opening a Pull Request and I will show you how you can control the quality at those stages. At the end of the workshop you will be ready to enable such integration for your own projects.
1001 Packages – Strategies for Managing Monorepos
24 min
1001 Packages – Strategies for Managing Monorepos
This Talk discusses strategies for managing monorepos, including release strategies, building strategies, development processes, and linking packages. The speaker highlights the challenges and complexities of monorepos, such as large codebases and potential coupling of software parts. They also mention the importance of suitable tooling for successful monorepo management and the potential for standardization in the future. Additionally, the speaker shares their personal journey in programming, starting at a young age and expressing their love for the field.
All About Dependencies
8 min
All About Dependencies
Today's presentation discusses the role of dependencies in software development, including different types of dependencies and their impact on development and maintenance. The talk also highlights incidents related to software dependencies, such as naming disputes and compromised credentials, which have led to system failures and security breaches. Efforts are being made to address these issues with tools like X-Ray and scorecards that provide analysis and insights for improvement.
Tracking errors and slowdowns across JS applications using Sentry
59 min
Tracking errors and slowdowns across JS applications using Sentry
WorkshopFree
Simon Zhong
Simon Zhong
We'll go through setting up Sentry step--step to get visibility into our frontend and backend. Once integrated, we will track and triage errors + transactions surfaced Sentry from our services to understand why/where/how errors and slowdowns occurred within our application code.
Releasing JavaScript Applications Faster with Feature Flags
10 min
Releasing JavaScript Applications Faster with Feature Flags
Welcome to the Releasing React Apps Faster with Feature Flags talk. Feature flags alleviate problems in the development process by allowing for the creation of feature flags instead of branches. By using feature flags, incomplete versions can be deployed, reviewed, approved, merged, and deployed without errors for customers. Feature flags also enable low-risk deployments, testing in production, gradual release processes, and the ability to quickly turn off features if issues arise.
Automated Application Security Testing
9 min
Automated Application Security Testing
StackHawk is a dynamic application security testing tool that helps you find and fix security bugs in your running applications. It runs active security tests on your REST API, GraphQL API, SOAP API, server-side application, and single-page applications. StackHawk ensures that your application handles user input and output safely and follows OWASP top 10 best practices for application security. We make dynamic testing fast by placing the scanner close to the application and using open standards to inform the scanner. The scanner is configured via YAML, and findings are triaged to provide simple descriptions and examples for issue identification and resolution. You can push the identified issues to a JIRA ticket for prioritization and resolution. Once triaged, the scanner will remember the issues and stop notifying you. Start a free trial at stackhawk.com to experience its benefits.
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
32 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
The Talk discusses the recent compromise of the UA parser.js package and the need for supply chain security in the open source community. It explores the reasons for security risks in open source and the need for a new approach to detect and block malicious dependencies. The different attack vectors and maintainer vulnerabilities are also discussed. The speaker emphasizes the importance of evaluating packages and protecting your app, as well as the need for a mindset shift in how we view open source. The Talk concludes with an introduction to Socket.dev, a tool focused on supply chain attack detection.
Passwordless Auth to Servers: hands on with ASA
32 min
Passwordless Auth to Servers: hands on with ASA
WorkshopFree
E. Dunham
E. Dunham
These days, you don't need a separate password for every website you log into. Yet thanks to tech debt and tradition, many DevOps professionals are still wrangling a host of SSH keys to access the servers where we sometimes need to be. With modern OAuth, a single login and second factor to prove your identity are enough to securely get you into every service that you're authorized to access. What if SSHing into servers was that easy? In this workshop, we'll use Okta's Advanced Server Access tool (formerly ScaleFT) to experience one way that the dream of sending SSH keys the way of the password has been realized.
- we'll discuss how ASA works and when it's the right tool for the job- we'll walk through setting up a free trial Okta account to use ASA from, and configuring the ASA gateway and server on Linux servers- we'll then SSH into our hosts with the ASA clients without needing to supply an SSH key from our laptops- we'll review the audit logs of our SSH sessions to examine what commands were run
Monitoring Errors and Slowdowns Across JS Applications
8 min
Monitoring Errors and Slowdowns Across JS Applications
Sentry is an error monitoring platform that helps developers optimize the customer experience by alerting them of errors and slowdowns. It supports all major languages and frameworks, with a focus on error monitoring, performance monitoring, and release health. The Talk explores how Sentry organizes and represents error data, analyzes error details and tags, and investigates backend issues, performance problems, and release health. Collaboration with backend teams is emphasized to resolve issues and optimize transaction time. The Talk also highlights the importance of analyzing graphs, issues, and regressions to identify areas for improvement in release health.
Powering your CI/CD with GitHub Actions
155 min
Powering your CI/CD with GitHub Actions
Workshop
David Rubio Vidal
David Rubio Vidal
You will get knowledge about GitHub Actions concepts, like:- The concept of repository secrets.- How to group steps in jobs with a given purpose.- Jobs dependencies and order of execution: running jobs in sequence and in parallel, and the concept of matrix.- How to split logic of Git events into different workflow files (on branch push, on master/main push, on tag, on deploy).- To respect the concept of DRY (Don't Repeat Yourself), we will also explore the use of common actions, both within the same repo and from an external repo.
Enter CDK: What this Means for the World of IaC
13 min
Enter CDK: What this Means for the World of IaC
AWS CDK is a concept that allows you to use coding languages to create infrastructure as code, making it more flexible and powerful than traditional config languages. CDK offers benefits such as improved developer experience, multi-regional deployments, and a programmatic approach to infrastructure as code. It is a suitable choice for AWS users, particularly those familiar with CloudFormation. CDK can be used to migrate from CloudFormation to a more efficient and user-friendly infrastructure management tool. CDK also provides drift detection and supports multi-region deployment, making it a popular choice for managing infrastructure on AWS.
Independence: What Does It Mean For DevOps?
6 min
Independence: What Does It Mean For DevOps?
Vulture is a powerful and flexible cloud platform that offers an easy-to-use control panel, custom ISOs, and automatic backups. The Vultr Marketplace provides a wide range of applications for easy deployment and provisioning. Vultr also offers enterprise-grade networking options and has 23 locations available. Users can start with Vultr using a coupon code to get $150 of free credit.
Debugging JavaScript Apps in CI/CD
124 min
Debugging JavaScript Apps in CI/CD
Workshop
Cecelia Martinez
Cecelia Martinez
- Causes of failed builds in CI/CD pipelines- Approaches to debugging (reviewing logs, accessing environments, reproducing issues)- Debugging application-related causes (failing tests, failed application builds)- Debugging pipeline-related causes (pipeline setup, environment issues, container issues)
Gaming the System: How Video Games Can Help us Create More Effective Virtual Teams
7 min
Gaming the System: How Video Games Can Help us Create More Effective Virtual Teams
Today's Talk explores the lessons that video games can teach us about building virtual teams. The impact of communication on software development is discussed, highlighting the importance of understanding software for successful deployment. The concept of collective intelligence is introduced, emphasizing the role of social perceptiveness, cognitive diversity, and equal distribution of communication. The Talk also emphasizes the need to optimize team performance with key metrics and suggests keeping teams small and cross-functional to enable easy communication and lower cognitive loads.
A journey of the thousand binaries
67 min
A journey of the thousand binaries
WorkshopFree
Ixchel Ruiz
Ixchel Ruiz
In this workshop we will explore the advantages of having a robust, mature universal artifact repository manager at the heart of the software development cycle. We will explore the most important concerns when developing rich applications and adapting to a fast pacing market. In the past years big companies have benefited from techniques like AB testing to improve their products, increase traffic, improve UX experience and offer new functionality. This is only possible if there is a solid devops infrastructure in place with tools that provide among others, control, security, versioning and good annotation support. It’s not only about having the right tools but knowing how to use them to its full potential.