Welcome to this week’s edition of my newsletter. From the latest updates in .NET 8, to GitHub news and the ins and outs of advanced C# features, we've got a lot to cover. So sit back, relax, and let's get into it.

Pulse of the week

Heads up, devs! The GitHub Universe agenda is officially out, and let's just say it's more packed than a commit history before a major release. Taking place November 8-9 and broadcasting live from San Francisco, this year's event covers everything from AI and security to developer experience.

Interested in hands-on learning? Choose from sessions like "Unlocking the Power of AI in Open Source", “Collaborating effectively using GitHub“ or "Revolutionizing Development with GitHub Copilot." Whether you're attending in person or tuning in virtually, there's something for everyone.

Don't miss out—check the full agenda and start plotting your Universe journey today. Which GitHub Universe session are you most excited about? Let me know!

GitHub Digest

Beware the Wolf in Dependabot's Clothing: New GitHub Vulnerability Exposed

GitHub is under fire again, this time from a devious campaign that mimics Dependabot contributions to steal passwords. Software security firm Checkmarx reveals that malicious commits are flooding GitHub repositories, both public and private. This malware captures GitHub secrets and variables, sending them off to a remote server.

What's unique? These attacks impersonate Dependabot, the very tool designed to enhance your project's security. Most of the compromised accounts are linked to Indonesia, and the modus operandi suggests the involvement of rogue packages. This episode accentuates the ever-present dangers lurking in open-source ecosystems.

Stay alert and take preventative measures to secure your GitHub repositories from these password-stealing commits. Given these threats' increasing complexity and scope, there's no room for complacency.

Streamline Your Workflow: GitHub Revamps Project Templates in Public Beta

The GitHub platform is enhancing its project templates, now in public beta. You'll find a dedicated "Templates" section within your organization's Projects page, making locating and using available templates easier. The update also introduces the one-click 'New template' feature and allows you to transform existing projects into templates.

And it doesn't stop there. You can now link these templates directly to teams and repositories from their respective "Projects" pages, optimizing how you manage and initiate new projects. Couple these features with some bug fixes and quality-of-life improvements, and you're looking at a more intuitive and streamlined project setup on GitHub.

Unlock Professional Growth with GitHub Learning Pathways

GitHub is stepping up its game in educational resources with the introduction of GitHub Learning Pathways—a new initiative designed to empower developers like you with expertise and insights from industry leaders. So, what makes a Learning Pathway interesting? These modules, ranging from Essentials to Advanced, offer guided tutorials and best practices from leading organizations like Amplifon, Telus, and Salesforce.

Whether you're looking to get a grip on CI/CD automation, aiming to bolster your codebase security, or keen on mastering the ins and outs of GitHub administration, Learning Pathways has you covered. You'll gain skills that are directly applicable to your projects, so you're not just learning—you're becoming more proficient and effective in your role.

GitHub Actions and Actions Larger Runners: A Deep Dive into GitHub's CI/CD Evolution

Ever wonder how GitHub itself leverages GitHub Actions for its CI/CD workflows? In a fascinating look behind the scenes, GitHub unveils how it uses GitHub Actions and the newly introduced "Actions larger runners" to meet the development and scaling demands of its engineering team. The platform has been successful in running 15,000 CI jobs within an hour across 150,000 cores, all while offering a slew of features to streamline the development process.

Some key highlights:

1. Why Actions Larger Runners? 

GitHub moved to Actions larger runners to provide a more scalable and manageable CI/CD experience. These larger runners are basically beefed-up virtual machines with more RAM, CPU, and disk space, giving engineers the power to perform intensive tasks more efficiently.

2. Managed and Auto-scaled 

One of the major benefits of using larger runners is the ability to autoscale the CI system. GitHub automatically adjusts the number of running instances to match job demands, relieving the Developer Experience (DX) team from the complexities of manual scaling.

3. Custom VM Image Support (Beta) 

To cater to complex production requirements, GitHub is developing features to launch larger runners from custom VM images. This helps in significantly reducing bootstrapping times and ensures all required software and tools are pre-installed.

4. Reusable Workflows 

The introduction of reusable workflows allows GitHub to manage a centralized workflow that can be used by multiple repositories. This cuts down on redundancy and accelerates adding CI to new or existing projects.

5. Optimized Developer Experience 

The platform also features an innovative system that allows workflows to reuse the outcome of a previous run when file contents remain the same between different commits. This alone saves engineers from running 300 to 500 redundant daily workflow runs.

6. Secure Access to Private Services 

Due to larger runners being isolated from other production environments, GitHub developed a remote access solution using OIDC tokens to securely access private services within their Virtual Private Cloud (VPC).

Coding Corner

Serilog vs log4net vs NLog: Untangling the Web of .NET Logging Options

Logging is often considered the unsung hero of application development. For .NET developers, choosing the right logging framework is a critical decision. With options like Serilog, log4net, and NLog available, how do you decide which fits your project best?

This article provides an in-depth comparison of these three popular .NET logging libraries. As someone who's particularly fond of Serilog—having even created popular sinks for it like the MSSQL and Elasticsearch sink—I'm intrigued to see how these frameworks stack up against each other.

Feature Flags in .NET: A Developer's Swiss Army Knife for Managing Change

Feature flags offer a powerful way to control the behavior of your software without altering the codebase. They provide flexibility for experimentation, gradual rollouts, and quick reversals without the headache of constant deployments.

Having previously delved into OpenFeature, it's clear that the method holds immense potential. This comprehensive guide explores how to implement and utilize feature flags in .NET applications, especially in the ASP.NET Core context. From adding the functionality to your app and defining values in the appsettings file, to using feature flags in a more generic C# context, this article is your go-to resource. Buckle up, and let's explore how to make your .NET applications more adaptable and resilient using feature flags.

Azure Updates & Insights

Azure API Center: The Next Evolution in API Governance and Discoverability

After discussing its private preview phase, it's exciting to share that Azure API Center is now available for the broader public in preview mode.

Designed as a centralized hub for API inventory management, API Center works hand-in-glove with Azure API Management, albeit as a standalone service.

This innovation allows organizations to manage, discover, and reuse APIs irrespective of their type, lifecycle stage, or deployment location. While Azure API Management focuses on securing and publishing your API backends through an API gateway, API Center extends its capabilities to offer a holistic view of your organization's entire API landscape. In preview, the platform delivers essential functionalities like API inventory management and metadata properties to assist in governance and discoverability. As you navigate the expanding universe of APIs, Azure API Center promises to be your compass.

.NET Nook

What's New in System.Text.Json for .NET 8: A Deep Dive

As .NET 8 rolls out, it's time to explore the substantial enhancements in System.Text.Json, a library that's increasingly becoming indispensable for JSON handling in .NET applications.

This release offers significant improvements in user experience, especially in Native AOT applications, alongside the introduction of several highly requested features. Whether you are wrestling with read-only members, interface hierarchies, or naming policies like snake case and kebab case, System.Text.Json in .NET 8 has got you covered.

Moreover, source generator support now includes new functionalities for required and init-only members, filling the gap between reflection-based and source-generated serialization. With these upgrades, System.Text.Json becomes more robust and flexible, adapting to various application requirements.

Simulating Discriminated Unions in C#

Are you missing the powerful feature of discriminated unions in your C# projects? While native language support is still on the horizon, innovative solutions like the `Results<>` class in ASP.NET Core Minimal APIs and the third-party OneOf package offer compelling alternatives.

Maarten Balliauw explores how these tools emulate discriminated unions, providing type safety and functional programming capabilities in C#. Learn to handle multiple return types gracefully and make your code more robust and maintainable.

Closing Thoughts

Your journey through this edition has come to an end, but the world of tech and programming is ever-evolving. Found something that piqued your interest? Don't miss another byte—hit that subscribe button to get your weekly dose of .NET insights, GitHub updates, and coding tips delivered straight to your inbox.

By subscribing, not only do you stay in the loop, but you also become part of a community of developers committed to expanding their horizons. Got questions or suggestions for future topics? Your feedback drives the content of this newsletter, and I'd love to hear from you.

Until our code paths cross again, happy coding! 🚀