Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.
PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Sm...Puppet
Here are the slides from Michael Smith's PuppetConf 2016 presentation called Building Nano Server Images with Puppet and DSC . Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
A brief overview of what we do at Gruntwork. Learn what we mean by "DevOps as a Service" and how you can get your entire infrastructure, defined as code, in about a day. https://www.gruntwork.io/
Video of the presentation: http://www.youtube.com/watch?v=8z3h4Uv9YbE
At LinkedIn, we have started to use the Play Framework to build front-end and back-end services at massive scale. Play does things a little differently: it's a Java and Scala web framework, but it doesn't follow the servlet spec; it's fairly new, but it runs on top of robust technologies like Akka and Netty; it uses a thread pool, but it's built for non-blocking I/O and reactive programming; most importantly, it's high performance, but also high productivity. We've found that the Play Framework is one of the few frameworks that is able to maintain the delicate balance of performance, reliability, and developer productivity. In the Java and Scala world, nothing even comes close. In this talk, I'll share what we've learned so far, including details of rapid iteration with Java and Scala, the story behind async I/O on the JVM, support for real time web apps (comet, WebSockets), and integrating Play into a large existing codebase.
Lightweight Developer Provisioning with Gradle and SEU-as-codeMario-Leander Reimer
This document discusses lightweight developer provisioning using Gradle. It describes how Gradle tasks and Groovy can be used to automate the creation and updating of a software development environment (SEU). Dependencies are expressed as Gradle configurations and stored in an artifact repository. The document provides examples of customizing an SEU by mounting network drives, initializing databases, and restoring Solr indexes using Gradle tasks. It also outlines how to easily build software package files and publish them to a repository.
Docker is a groundbreaking technology that will heavily influence how we will write software in the years to come: let's then have a look at:
* where it comes from (Linux Containers)
* how it works
* how to dockerize simple apps to easily deploy them on production
* how you can use Docker in local environments to simplify your development workflow
Do you like Vagrant, auto-scaling or 12-factor apps? Then get ready to be mindblown.
Deploying an application with Chef and DockerDaniel Ku
Docker 캐주얼 토크 #1 (2014-10-15)에서 발표하기 위해 만든 자료.
원래 'Docker 실서비스 도입기'를 발표하려고 했으나, 아직 도입이 마무리되지 못한 관계로 그 과정에서 의미 있는 부분을 찾아보았다.
그래서 Chef와 Docker가 도입되면 StudyGPS에서 어플리케이션을 업데이트하는 기존의 방식이 어떻게 변화하는지에 대해 설명하고, 그 변화의 의미에 대해서 생각해보고 정리하였다.
Ship your Scala code often and easy with DockerMarcus Lönnberg
This document discusses how to build and ship Scala code using Docker containers. It introduces Docker and shows how to define Dockerfiles and build Docker images from sbt projects using the sbt-docker and sbt-assembly plugins. It also demonstrates how to manage Docker containers from Scala code and how Docker can be used to automate build and deployment pipelines.
Thanks to tools like Vagrant, Puppet/Chef, and Platform as a Service services like Heroku, developers are extremely used to being able to spin up a development environment that is the same every time. What if we could go a step further and make sure our development environment is not only using the same software, but 100% configured and set up like production. Docker will let us do that, and so much more.
Docker is fast becoming an important part of many developers toolkits. Not only are more developers using it day-to-day, but it is also becoming an important tool for deployments. We'll look at what Docker is, why you should consider using it, and all of the features developers can take advantage of.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
The document discusses using Docker and Docker Compose to run Python and Django applications. It shows commands for pulling Docker images, running containers, linking databases, mounting volumes, building images, and using Docker Compose to define and run multi-container applications. Key aspects covered include using Dockerfiles to build images, linking containers, mounting host directories as volumes, setting environment variables, and running commands on container startup.
It’s trivial today to start writing and debugging some React code, but it’s not 100% clear how to properly deploy the application, manage versions and what implications that has on the build configurations. Especially if you want to allow different versions for different users in order to perform some A/B testing, testing new features in production environment, come up with some UI experiments, or gradually roll out new features for a subset of users.
In this presentation I hopefully covered all that.
Automate Your Automation | DrupalCon ViennaPantheon
Greg Anderson provides guidance on automating various development and deployment tasks. He discusses automating tasks like development, testing, deployment and maintenance. Some key tools mentioned are Travis CI, Circle CI, Composer and hub. Automating tasks improves reliability, makes onboarding easier and allows doing more work. The costs of not automating include increased risk of errors and lost knowledge over time.
Continuous Integration/Deployment with Docker and JenkinsFrancesco Bruni
“Continuous Integration doesn’t get rid of bugs, but it does make them dramatically easier to find and remove” M. Fowler
Jenkins and Docker are cool technologies. Here's how they serve in a continuous integration based process and how they could be exploited to deliver new version of the same software.
The slides present the whole process along with real code snippets.
This document provides an agenda and overview for the "Der Wal in der Kiste – Docker 101" presentation at the Admincamp 2017 conference from September 18-21, 2017 in Gelsenkirchen, Germany. The presentation will cover why and how to use Docker, including installing Docker on Linux, Windows, and Raspberry Pi systems, working with Docker images and containers, the Docker registry and hub, using Docker with Domino applications, and Kubernetes. The presenter Ulrich Krause is an experienced IBM Lotus Notes and Domino developer and administrator who created the open source Let's Encrypt for Domino project.
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...Docker, Inc.
This lightning talk will show you how simple it is to apply CI to the creation of Docker images, ensuring that each time the source is changed, a new image is created, tagged, and published. I will then show how easy it is to then deploy containers from this image and run tests to verify the behaviour.
Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...Andrea Dottor
In questa sessione scopriremo come utilizzare al meglio di Health Check, funzionalità che è stata introdotta in ASP.NET ancora dalla versione 2.2, ma che poche applicazioni sfruttano.
Uno strumento davvero utile anche per un primo debug, o per una semplice verifica dello stato delle nostre applicazioni...e non solo per chi utilizza container e orchestratori.
Cosa ci permettono di sapere gli Health Check?
Come possiamo essere notificati se qualcosa non va nel verso giusto?
A queste e ad altre domande daremo risposta nel corso della sessione
SFDX (Salesforce Developer eXperience) is a new set of tools and features that help shift development from an org-based model to a source-based development model. Key concepts include scratch orgs, source tracking with version control systems like Git, and unlocked packages. The SFDX CLI (command line interface) is used to create and manage scratch orgs, push and pull source between orgs and local repositories, and more. Scratch orgs are temporary orgs used for development and testing. Continuous integration and delivery can be achieved by deploying source or packages between orgs. SFDX works with both new and existing Salesforce projects and supports common development tasks like running tests and deploying metadata
Deploying windows containers with kubernetesBen Hall
The document discusses deploying Windows containers with Kubernetes. It covers building Windows containers, deploying containers on Kubernetes, and operating Kubernetes. Specifically, it shows how to:
- Build a Windows container with SQL Server using Docker
- Deploy a .NET Core app container to Kubernetes and expose it using a load balancer
- Scale the deployment to multiple replicas and observe traffic distribution
- Perform rolling updates to deploy new versions of the application
The document discusses configuring the PVS-Studio static code analyzer on the Azure DevOps cloud platform. It provides steps to integrate the analyzer using both Microsoft-hosted and self-hosted agents. Examples of bugs found by the analyzer in the ShareX project are presented, including redundant checks, incorrect assumptions, and a bug in pixelation logic that causes transparency issues. The pixelation bug demonstration highlights how visualizing issues can aid understanding.
An introduction to the Docker concept. Experiences with ASP.NET Core and Docker, How Docker can help produce modular deployments for ASP.NET web applications. Presented at Vermont Code Camp #8, UVM, Burlington VT, September 17, 2016
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
The document discusses integrating the PVS-Studio static code analyzer with Azure DevOps and Chocolatey. It provides steps to configure a build pipeline in Azure DevOps to install PVS-Studio using Chocolatey, run analysis on a project, and publish the results. The analysis found several potential bugs in the Chocolatey code including logical errors, redundant checks, and null reference issues. Integrating PVS-Studio with these tools helps improve code quality.
DevOps (Continuous Integrations, Continuous Delivery & Continuous deployment using Jenkins and Visual studio team services, setting up VTST build Agents, Integrating VSTS with SonarQube, NDepend,) , Complete automation of pushing code into VSTS from Visual Studio, Building Code by a Jenkin Server hosted on Azure and pushing that successful build on to Azure Web App via Release Pipeline or directly from Jenkins,VSTS Default agents, Setting up local agent from scratch, Setting up agents for code build, VSTS, Visual Studio Online Agents, Agent Pools, Hosted Agents, Hosted VS2017. Hosted Linux Agents, Setting up agent on VS Dev Test Labs, Setting up Template Parameters for Continuos Pipeline, Build Agent Creation Dynamically, Random Machine Name, Random Passwords, Dynamic Agent creation in VS Dev Test labs, Sonarcube, Code quality, Code Analysis, MSBuild, Integrate VSTS Build with NDepend, Package manager, Monolithic Architecture, Nuget, Package management, Npm js.com, Semantic versioning, Creating a nuget package, nuspec file, GitVersion Plugin, FeedURL, Chocolatey for package management, Chocolatey, chocolatey workflow,
Analysis of merge requests in GitLab using PVS-Studio for C#Andrey Karpov
Do you like GitLab and don't like bugs? Do you want to improve the quality of your source code? Then you've come to the right place. Today we will tell you how to configure the PVS-Studio C# analyzer for checking merge requests. Enjoy the reading and have a nice unicorn mood.
Docker containers have been making inroads into Windows and Azure world. Docker has now replaced the traditional Azure IaaS & PaaS services, offering superior container versions which are more responsive, cost effective, and agile. In this session for Charlotte Azure User Group, we will take an in-depth look at the intersection of Docker and Azure, and how Docker is empowering next gen Azure services.
Here's the link to CAG meetup for the event - https://www.meetup.com/Charlotte-Microsoft-Azure/events/fpftgmyxjbjb/
The document provides an overview of creating custom extensions for Azure DevOps. It discusses how extensions can be used to customize the Azure DevOps experience by adding new tasks, widgets, work item forms, and more. It then covers how to create a custom build task by setting up the file structure and dependencies. Finally, it discusses publishing extensions to the Azure Marketplace and installing them for use in Azure DevOps organizations.
Designing a production grade realtime ml inference endpointChandim Sett
This presentation discusses about designing a ML inference endpoint application in python flask and Docker containers using appropriate software engineering design principles. The application being developed is an enterprise production grade.
Drupal Continuous Integration with Jenkins - DeployJohn Smith
This document describes setting up Jenkins jobs to automate deploying code from a Git repository to different environments. It includes:
1. Creating a simple job that deploys code to a single server/environment using a deployment script.
2. Creating a generic job that deploys code to multiple servers/environments using parameters for the repository, branch, and environment.
3. A sample deployment script that would run on servers to check out the appropriate code from Git based on the job parameters.
Deploying configurable frontend web application containersJosé Moreira
Deploying containerized client-side web applications requires a different configuration strategy compared to system applications. The runtime of client-side web applications is the client-side web browser and, unlike other applications which can utilize environment values, configuration has to be hard-coded in the Javascript source code.
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
Deploying applications to Windows Server 2016 and Windows Containers.
Delivered at NDC London 2017 on 20th January.
Sponsored by Katacoda.com, interactive learning platform for Docker and Cloud Native platforms.
Containerisation Hack of a Legacy Software Solution - Alex Carter - CodeMill ...CodeMill digital skills
Details
Alexandra Carter - Callcredit, Numero and Microsoft: Containerisation Hack of a Legacy Software Solution
This is the story of how we took a legacy solution and pushed it into containers on windows in just three days. This was also a great chance to work with Microsoft at the cutting edge of their work on containerisation, VSTS and Azure. Moving on from our Hackathon, we have continued adding new components, experimenting with orchestration and showcasing our work. I’ll talk you through the prep work, the 3 day hack and the subsequent work; what it means for the product roadmap, the experimentation we have done and how stakeholders are responding. Finally, we’ll look ahead to next steps.
Case study: https://microsoft.github.io/techcasestudies/devops/2017/06/16/Callcredit_DevOps.html
Alex Carter
"I have worked in IT, Marketing, Software Support and Software Delivery before moving into my current System Build (DevOps) role within Callcredit. I live and breathe DevOps and am currently focussing on anything around containerisation in Windows. A day without Metal and motor racing is a dull one."
@smileandeliver (https://twitter.com/smileandeliver)
From CodeMill digital skills meetup https://www.meetup.com/CodeMill-Digital-Skills/events/243110732/
Krux operates a large infrastructure serving thousands of user requests per second. They use Puppet and tools like Cloudkick, Foreman, Boto, and Vagrant to manage their infrastructure in an automated and scalable way. Their Puppet configuration is split into modules, environments, and datacenters. They launch AWS nodes programmatically and configure them with Puppet. Cloudkick is used for monitoring and parallel SSH. Boto allows full Python API access to AWS. Vagrant allows consistently provisioning development machines locally. Automation and external configuration enable their small operations team to manage a large, dynamic infrastructure.
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
Container Technologien erfreuen sich grosser Beliebtheit und sind mittlerweile auch im Microsoft Entwicklerumfeld angekommen. Visual Studio als Entwicklungswerkzeug bietet neu eine direkte Docker Unterstützung und mit Asp.NET Core respektive .NET Core ist auch die Kompatibilität mit Linux-basierten Docker Containern gegeben. Erfahren Sie in diesem Vortrag, wie sie mit Visual Studio und TFS eine Docker-basierte Build und Release Automatisierung implementieren und betreiben. Mit Azure Container Services haben wir einen skalierbare und ausfallsicheren Cluster zur Verfügung, welcher sich optimal in unsere Release-Pipeline integriert.
Lean Drupal Repositories with Composer and DrushPantheon
Composer is the industry-standard PHP dependency manager that is now in use in Drupal 8 core. This session will show the current best practices for using Composer, drupal-composer, drupal-scaffold, Drush, Drupal Console and Drush site-local aliases to streamline your Drupal 7 and Drupal 8 site repositories for optimal use on teams.
Sydney based cloud consultancy Cloudten's Richard Tomkinson shows how masterless Puppet can be used in concert with AWS's services including Lambda to automate server builds and manage code deployments
TechDays 2017 - Asp.NET Core Anwendungen automatisiert als Container ausliefernMarc Müller
Container Technologien sind neben Linux nun auch im Windows Umfeld angekommen. Applikationen als Container auszuliefern bringen viele Vorteile. Dieser Prozess soll, ganz in DevOps-Manier, voll automatisiert mittels dem Build und Release System von VSTS / TFS durchgeführt werden. Die Session zeigt Ihnen die Integration der Docker Tools in VSTS und TFS für Build und Release Management.
CCI2018 - Automatizzare la creazione di risorse con ARM template e PowerShellwalk2talk srl
Su Azure è possibile creare risorse in maniera veloce e standardizzata tramite template json che descrivono le risorse da creare sulla piattaforma. Vediamo insieme cosa possono fare, e come possono essere estesi con custom script extension e Powershell Desired State Configuration.
By Marco Obinu
Scaling Docker Containers using Kubernetes and Azure Container ServiceBen Hall
This document discusses scaling Docker containers using Kubernetes and Azure Container Service. It begins with an introduction to containers and Docker, including how containers improve dependency and configuration management. It then demonstrates building and deploying containerized applications using Docker and discusses how to optimize Docker images. Finally, it introduces Kubernetes as a tool for orchestrating containers at scale and provides an example of deploying a containerized application on Kubernetes in Azure.
Similar to PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents (20)
Здесь вы найдёте 60 вредных советов для программистов и пояснение, почему они вредные. Всё будет одновременно в шутку и серьёзно. Как бы глупо ни смотрелся вредный совет, он не выдуман, а подсмотрен в реальном мире программирования.
In this article, you're going to find 60 terrible coding tips — and explanations of why they are terrible. It's a fun and serious piece at the same time. No matter how terrible these tips look, they aren't fiction, they are real: we saw them all in the real programming world.
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
Есть ошибки, которые легко прячутся от программистов на обзорах кода. Чаще всего они связаны с опечатками или недостаточным знанием тонких нюансах языка/библиотеки. Давайте посмотрим интересные примеры таких ошибок и как их можно выявить с помощью статического анализа. При этом анализаторы не конкурируют с обзорами кода или, например, юнит-тестами. Они отлично дополняют другие методологии борьбы с ошибками.
PVS-Studio analyzes source code and finds various errors and code quality issues across multiple languages and frameworks. The document highlights 20 examples of issues found, including uninitialized variables, unreachable code, incorrect operations, security flaws, and typos. PVS-Studio is able to find these issues using techniques such as data-flow analysis, method annotation analysis, symbolic execution, type inference, and pattern-based analysis to precisely evaluate the code and pinpoint potential bugs or code smells.
When should you start using PVS-Studio? What can PVS-Studio detect? Supported standards: MISRA, CWE, CERT, OWASP, AUTOSAR. What about analysis options? What about legacy code?
Двойное освобождение ресурсов. Недостижимый код. Некорректные операции сдвига. Неправильная работа с типами. Опечатки и copy-paste. Проблемы безопасности. Путаница с приоритетом операций.
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
George Gribkov presented on how to introduce static analysis to make programmers' and QA engineers' lives easier. Static analysis automatically checks code for bugs without executing it. While initial attempts to analyze Unreal Engine 4 failed, monitoring compiler calls directly succeeded in finding over 1800 warnings. Epic Games now uses continuous static analysis to receive early warnings. The best practices are to start analysis early and regularly in development and CI/CD pipelines, and to gradually fix old warnings using suppression files to ratchet down reported issues over time. Static and dynamic analysis complement each other to thoroughly check for errors.
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
George Gribkov will present on errors found in the code of popular games like System Shock, Doom 3, and osu!. He will discuss how his tool searches for code errors, provide examples of bugs detected, and conclude his presentation. The examples will showcase issues like unused variables, incorrect increment variables in for loops, null pointer dereferences, and misunderstandings of operators like ??. Corrections will be proposed to address the bugs.
Does static analysis need machine learning?Andrey Karpov
This document discusses whether static analysis needs machine learning. It begins with an introduction to static analysis and outlines existing static analysis solutions like DeepCode, Infer, SapFix, Embold, Source{d}, Clever-Commit, and CodeGuru. It then addresses problems with learning manually or from real large code bases, like outdated code and lack of documentation. Finally, it discusses promising approaches like analyzing code style, collecting additional metrics, and best practices for specific frameworks.
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
Objectives of this webinar
How we detected error patterns
Patterns themselves and how to avoid them:
3.1 Copy-paste and last line effect
3.2 if (A) {...} else if (A)
3.3 Errors in checks
3.4 Array index out of bounds
3.5 Operator precedence
3.6 Typos that are hard to spot
How to use static analysis properly
Conclusion
Q&A
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
How to fight bugs in legacy code?
Should you do it at all?
What to do if there are hundreds or even thousands of errors?(that’s usually the case)
How to avoid spending a plethora of man-hours on this?
And still, how did you work with Unreal Engine?
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
We all do code reviews. Who doesn't admit this – does it twice as often. C++ code reviewers look like a sapper. .. except that they can make a mistake more than once. But sometimes the consequences are painful . Brave code review world.
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
The document discusses using static code analysis when teaching or developing open-source software. It outlines how static analysis can help instructors check student homework and projects more efficiently, and help students learn about error patterns. When using static analysis for open-source projects, it recommends integrating it into developers' workflows locally and via continuous integration systems. Regular use is key to maximizing its benefits for finding and fixing bugs.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
Are С and C++ Alive? Even More, IBM RPG Is! C and C++ Are Not Just for Old Systems. Are С and C++ Alive? Summary for C, C++. Embedded: C and С++ Are on the Rise.
Zero, one, two, Freddy's coming for youAndrey Karpov
This post continues the series of articles, which can well be called "horrors for developers". This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddy will come to visit you at night. Go on, read and don't say we didn't warn you.
Lots of bloggers are using Google AdSense now. It’s getting really popular. With AdSense, bloggers can make money by showing ads on their websites. Read this important article written by the experienced designers of the best website designing company in Delhi –
Are you wondering how to migrate to the Cloud? At the ITB session, we addressed the challenge of managing multiple ColdFusion licenses and AWS EC2 instances. Discover how you can consolidate with just one EC2 instance capable of running over 50 apps using CommandBox ColdFusion. This solution supports both ColdFusion flavors and includes cb-websites, a GoLang binary for managing CommandBox websites.
Software development... for all? (keynote at ICSOFT'2024)miso_uam
Our world runs on software. It governs all major aspects of our life. It is an enabler for research and innovation, and is critical for business competitivity. Traditional software engineering techniques have achieved high effectiveness, but still may fall short on delivering software at the accelerated pace and with the increasing quality that future scenarios will require.
To attack this issue, some software paradigms raise the automation of software development via higher levels of abstraction through domain-specific languages (e.g., in model-driven engineering) and empowering non-professional developers with the possibility to build their own software (e.g., in low-code development approaches). In a software-demanding world, this is an attractive possibility, and perhaps -- paraphrasing Andy Warhol -- "in the future, everyone will be a developer for 15 minutes". However, to make this possible, methods are required to tweak languages to their context of use (crucial given the diversity of backgrounds and purposes), and the assistance to developers throughout the development process (especially critical for non-professionals).
In this keynote talk at ICSOFT'2024 I presented enabling techniques for this vision, supporting the creation of families of domain-specific languages, their adaptation to the usage context; and the augmentation of low-code environments with assistants and recommender systems to guide developers (professional or not) in the development process.
introduction of Ansys software and basic and advance knowledge of modelling s...sachin chaurasia
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...Hironori Washizaki
Hironori Washizaki, "Charting a Course for Equity: Strategies for Overcoming Challenges and Promoting Inclusion in the Metaverse", IEEE COMPSAC 2024 D&I Panel, 2024.
Efficient hot work permit software for safe, streamlined work permit management and compliance. Enhance safety today. Contact us on +353 214536034.
https://sheqnetwork.com/work-permit/
Responsibilities of Fleet Managers and How TrackoBit Can Assist.pdfTrackobit
What do fleet managers do? What are their duties, responsibilities, and challenges? And what makes a fleet manager effective and successful? This blog answers all these questions.
Overview of ERP - Mechlin Technologies.pptxMitchell Marsh
This PowerPoint presentation provides a comprehensive overview of Enterprise Resource Planning (ERP) systems. It covers the fundamental concepts, benefits, and key functionalities of ERP software, illustrating how it integrates various business processes into a unified system. From finance and HR to supply chain and customer relationship management, ERP facilitates efficient data management and decision-making across organizations. Whether you're new to ERP or looking to deepen your understanding, this presentation offers valuable insights into leveraging ERP for business success.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents
1. PVS-Studio: analyzing pull requests in Azure
DevOps using self-hosted agents
Author: Alexey Govorov
Date: 27.07.2020
Tags: Cpp, DevOps
Static code analysis is most effective when changing a project, as errors are always more difficult to fix in
the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous
development systems. This time, we'll show you how to configure pull request analysis using self-hosted
agents in Microsoft Azure DevOps, using the example of the Minetest game.
Briefly about what we are dealing with
Minetest is an open-source cross-platform game engine containing about 200,000 lines of code in C,
C++, and Lua. It allows you to create different game modes in voxel space. Supports multiplayer, and a
lot of mods from community. The project repository is located here:
https://github.com/minetest/minetest.
The following tools are used to configure regular error detection:
2. PVS-Studio is a static code analyzer of the code written in C, C++, C#, and Java to search for errors and
security defects.
Azure DevOps is a cloud platform that allows you to develop, run applications, and store data on remote
servers.
You can use Windows and Linux agent VMs to perform development tasks in Azure. However, running
agents on the local equipment has several important advantages:
• The local host may have more resources than an Azure VM;
• The agent doesn't "disappear" after completing its task;
• Ability to directly configure the environment and more flexible management of build processes;
• Local storage of intermediate files has a positive effect on build speed;
• You can complete more than 30 tasks per month for free.
Preparation to using a self-hosted agent
The process of getting started with Azure is described in detail in the article "PVS-Studio in the Clouds:
Azure DevOps", so I will go straight to creating a self-hosted agent.
In order for agents to be able to connect to project pools, they need a special Access Token. You can get
it on the "Personal Access Tokens" page, in the "User settings" menu.
After clicking on "New token", you must specify a name and select Read & manage Agent Pools (you
may need to expand the full list via "Show all scopes").
3. You need to copy the token, because Azure will not show it again, and you will have to make a new one.
A Docker container based on Windows Server Core will be used as the agent. The host is my desktop
computer on Windows 10 x64 with Hyper-V.
First, you will need to expand the amount of disk space available to Docker containers.
To do this, in Windows, you need to modify the file 'C:ProgramDataDockerconfigdaemon.json' as
follows:
{
"registry-mirrors": [],
4. "insecure-registries": [],
"debug": true,
"experimental": false,
"data-root": "d:docker",
"storage-opts": [ "size=40G" ]
}
To create a Docker image for agents with the build system and everything necessary, let's add a Docker
file with the following content in the directory 'D:docker-agent':
# escape=`
FROM mcr.microsoft.com/dotnet/framework/runtime
SHELL ["cmd", "/S", "/C"]
ADD https://aka.ms/vs/16/release/vs_buildtools.exe C:vs_buildtools.exe
RUN C:vs_buildtools.exe --quiet --wait --norestart --nocache `
--installPath C:BuildTools `
--add Microsoft.VisualStudio.Workload.VCTools `
--includeRecommended
RUN powershell.exe -Command `
Set-ExecutionPolicy Bypass -Scope Process -Force; `
[System.Net.ServicePointManager]::SecurityProtocol =
[System.Net.ServicePointManager]::SecurityProtocol -bor 3072; `
iex ((New-Object System.Net.WebClient)
.DownloadString('https://chocolatey.org/install.ps1')); `
choco feature enable -n=useRememberedArgumentsForUpgrades;
RUN powershell.exe -Command `
choco install -y cmake --installargs '"ADD_CMAKE_TO_PATH=System"'; `
choco install -y git --params '"/GitOnlyOnPath /NoShellIntegration"'
RUN powershell.exe -Command `
git clone https://github.com/microsoft/vcpkg.git; `
.vcpkgbootstrap-vcpkg -disableMetrics; `
$env:Path += '";C:vcpkg"'; `
[Environment]::SetEnvironmentVariable(
'"Path"', $env:Path, [System.EnvironmentVariableTarget]::Machine); `
[Environment]::SetEnvironmentVariable(
'"VCPKG_DEFAULT_TRIPLET"', '"x64-windows"',
[System.EnvironmentVariableTarget]::Machine)
RUN powershell.exe -Command `
choco install -y pvs-studio; `
$env:Path += '";C:Program Files (x86)PVS-Studio"'; `
[Environment]::SetEnvironmentVariable(
'"Path"', $env:Path, [System.EnvironmentVariableTarget]::Machine)
RUN powershell.exe -Command `
$latest_agent =
Invoke-RestMethod -Uri "https://api.github.com/repos/Microsoft/
azure-pipelines-agent/releases/latest"; `
$latest_agent_version =
$latest_agent.name.Substring(1, $latest_agent.tag_name.Length-1); `
$latest_agent_url =
5. '"https://vstsagentpackage.azureedge.net/agent/"' + $latest_agent_version +
'"/vsts-agent-win-x64-"' + $latest_agent_version + '".zip"'; `
Invoke-WebRequest -Uri $latest_agent_url -Method Get -OutFile ./agent.zip; `
Expand-Archive -Path ./agent.zip -DestinationPath ./agent
USER ContainerAdministrator
RUN reg add hklmsystemcurrentcontrolsetservicescexecsvc
/v ProcessShutdownTimeoutSeconds /t REG_DWORD /d 60
RUN reg add hklmsystemcurrentcontrolsetcontrol
/v WaitToKillServiceTimeout /t REG_SZ /d 60000 /f
ADD .entrypoint.ps1 C:entrypoint.ps1
SHELL ["powershell", "-Command",
"$ErrorActionPreference = 'Stop';
$ProgressPreference = 'SilentlyContinue';"]
ENTRYPOINT .entrypoint.ps1
The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake,
and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we
have to download the latest version of the Azure Pipelines Agent.
To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called,
to which you need to add the URL of the project's "organization", the token of the agent pool, and the
PVS-Studio license parameters:
$organization_url = "https://dev.azure.com/<Microsoft Azure account>"
$agents_token = "<agent token>"
$pvs_studio_user = "<PVS-Studio user name>"
$pvs_studio_key = "<PVS-Studio key>"
try
{
C:BuildToolsVCAuxiliaryBuildvcvars64.bat
PVS-Studio_Cmd credentials -u $pvs_studio_user -n $pvs_studio_key
.agentconfig.cmd --unattended `
--url $organization_url `
--auth PAT `
--token $agents_token `
--replace;
.agentrun.cmd
}
finally
{
# Agent graceful shutdown
# https://github.com/moby/moby/issues/25982
.agentconfig.cmd remove --unattended `
--auth PAT `
6. --token $agents_token
}
Commands for building an image and starting the agent:
docker build -t azure-agent -m 4GB .
docker run -id --name my-agent -m 4GB --cpu-count 4 azure-agent
The agent is running and ready to perform tasks.
7. Running analysis on a self-hosted agent
For PR analysis, a new pipeline is created with the following script:
9. PlogConverter ^
-t FullHtml ^
-o .PVSTestResults ^
-a GA:1,2,3;64:1,2,3;OP:1,2,3 ^
.PVSTestResultsminetest.plog
IF NOT EXIST "$(Build.ArtifactStagingDirectory)" ^
MKDIR "$(Build.ArtifactStagingDirectory)"
powershell -Command ^
"Compress-Archive -Force ^
'.PVSTestResultsfullhtml' ^
'$(Build.ArtifactStagingDirectory)fullhtml.zip'"
displayName: 'PVS-Studio analyze'
continueOnError: true
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'psv-studio-analisys'
publishLocation: 'Container'
displayName: 'Publish analysis report'
This script will work when a PR is received and will be executed on the agents assigned to the pool by
default. You only need to give it a permission to work with this pool.
10. The script saves the list of modified files obtained using git diff. Then the dependencies are updated, the
project solution is generated via CMake, and it is built.
If the build was successful, analysis of the changed files is started (the flag '-f diff-files.txt'), ignoring the
auxiliary projects created by CMake (select only the necessary project with the '-S minetest ' flag). To
make determining relations between header and source C++ files faster, a special cache is created,
which will be stored in a separate directory (the flag '-D C:caches').
This way we can now get reports on analyzing changes in the project.
11. As mentioned at the beginning of the article, a nice bonus of using self-hosted agents is a noticeable
acceleration of task execution, due to local storage of intermediate files.
Some errors found in Minetest
Overwriting the result
V519 The 'color_name' variable is assigned values twice successively. Perhaps this is a mistake. Check
lines: 621, 627. string.cpp 627
static bool parseNamedColorString(const std::string &value,
video::SColor &color)
12. {
std::string color_name;
std::string alpha_string;
size_t alpha_pos = value.find('#');
if (alpha_pos != std::string::npos) {
color_name = value.substr(0, alpha_pos);
alpha_string = value.substr(alpha_pos + 1);
} else {
color_name = value;
}
color_name = lowercase(value); // <=
std::map<const std::string, unsigned>::const_iterator it;
it = named_colors.colors.find(color_name);
if (it == named_colors.colors.end())
return false;
....
}
This function should parse the color name with the transparency parameter (for example, Green#77)
and return its code. Depending on the result of checking the condition, the color_name variable is
passed the result of splitting the string or a copy of the function argument. However, the original
argument is then converted to lowercase instead of the resulting string itself. As a result, it can't be
found in the color dictionary if the transparency parameter is present. We can fix this line like this:
color_name = lowercase(color_name);
Redundant checks of conditions
V547 Expression 'nearest_emergefull_d == - 1' is always true. clientiface.cpp 363
void RemoteClient::GetNextBlocks (....)
{
....
s32 nearest_emergefull_d = -1;
....
s16 d;
for (d = d_start; d <= d_max; d++) {
....
if (block == NULL || surely_not_found_on_disk || block_is_invalid) {
if (emerge->enqueueBlockEmerge(peer_id, p, generate)) {
if (nearest_emerged_d == -1)
nearest_emerged_d = d;
} else {
if (nearest_emergefull_d == -1) // <=
nearest_emergefull_d = d;
goto queue_full_break;
}
....
13. }
....
queue_full_break:
if (nearest_emerged_d != -1) { // <=
new_nearest_unsent_d = nearest_emerged_d;
} else ....
}
The nearest_emergefull_d variable doesn't change during the loop operation, and its checking doesn't
affect the algorithm execution progress. Either this is the result of a sloppy copy-paste, or they forgot to
perform some calculations with it.
V560 A part of conditional expression is always false: y > max_spawn_y. mapgen_v7.cpp 262
int MapgenV7::getSpawnLevelAtPoint(v2s16 p)
{
....
while (iters > 0 && y <= max_spawn_y) { // <=
if (!getMountainTerrainAtPoint(p.X, y + 1, p.Y)) {
if (y <= water_level || y > max_spawn_y) // <=
return MAX_MAP_GENERATION_LIMIT; // Unsuitable spawn point
// y + 1 due to biome 'dust'
return y + 1;
}
....
}
The value of the 'y' variable is checked before the next iteration of the loop. A subsequent, opposite
comparison will always return false and actually doesn't affect the result of checking the condition.
Missed pointer check
V595 The 'm_client' pointer was utilized before it was verified against nullptr. Check lines: 183, 187.
game.cpp 183
void gotText(const StringMap &fields)
{
....
if (m_formname == "MT_DEATH_SCREEN") {
assert(m_client != 0);
m_client->sendRespawn();
return;
}
if (m_client && m_client->modsLoaded())
m_client->getScript()->on_formspec_input(m_formname, fields);
}
14. Before accessing the m_client pointer, it is checked whether it is null using the assert macro. But this
only applies to the debug build. So, this precautionary measure is replaced with a dummy when building
to release, and there is a risk of dereferencing the null pointer.
Bit or not bit?
V616 The '(FT_RENDER_MODE_NORMAL)' named constant with the value of 0 is used in the bitwise
operation. CGUITTFont.h 360
typedef enum FT_Render_Mode_
{
FT_RENDER_MODE_NORMAL = 0,
FT_RENDER_MODE_LIGHT,
FT_RENDER_MODE_MONO,
FT_RENDER_MODE_LCD,
FT_RENDER_MODE_LCD_V,
FT_RENDER_MODE_MAX
} FT_Render_Mode;
#define FT_LOAD_TARGET_( x ) ( (FT_Int32)( (x) & 15 ) << 16 )
#define FT_LOAD_TARGET_NORMAL FT_LOAD_TARGET_( FT_RENDER_MODE_NORMAL )
void update_load_flags()
{
// Set up our loading flags.
load_flags = FT_LOAD_DEFAULT | FT_LOAD_RENDER;
if (!useHinting()) load_flags |= FT_LOAD_NO_HINTING;
if (!useAutoHinting()) load_flags |= FT_LOAD_NO_AUTOHINT;
if (useMonochrome()) load_flags |=
FT_LOAD_MONOCHROME | FT_LOAD_TARGET_MONO | FT_RENDER_MODE_MONO;
else load_flags |= FT_LOAD_TARGET_NORMAL; // <=
}
The FT_LOAD_TARGET_NORMAL macro is deployed to zero, and the bitwise "OR" will not set any flags in
load_flags, the else branch can be removed.
Rounding integer division
V636 The 'rect.getHeight() / 16' expression was implicitly cast from 'int' type to 'float' type. Consider
utilizing an explicit type cast to avoid the loss of a fractional part. An example: double A = (double)(X) /
Y;. hud.cpp 771
void drawItemStack(....)
{
float barheight = rect.getHeight() / 16;
float barpad_x = rect.getWidth() / 16;
float barpad_y = rect.getHeight() / 16;
core::rect<s32> progressrect(
rect.UpperLeftCorner.X + barpad_x,
rect.LowerRightCorner.Y - barpad_y - barheight,
15. rect.LowerRightCorner.X - barpad_x,
rect.LowerRightCorner.Y - barpad_y);
}
Rect getters return integer values. The result of dividing integer numbers is written to a floating-point
variable, and the fractional part gets lost. It looks like there are mismatched data types in these
calculations.
Suspicious sequence of branching operators
V646 Consider inspecting the application's logic. It's possible that 'else' keyword is missing. treegen.cpp
413
treegen::error make_ltree(...., TreeDef tree_definition)
{
....
std::stack <core::matrix4> stack_orientation;
....
if ((stack_orientation.empty() &&
tree_definition.trunk_type == "double") ||
(!stack_orientation.empty() &&
tree_definition.trunk_type == "double" &&
!tree_definition.thin_branches)) {
....
} else if ((stack_orientation.empty() &&
tree_definition.trunk_type == "crossed") ||
(!stack_orientation.empty() &&
tree_definition.trunk_type == "crossed" &&
!tree_definition.thin_branches)) {
....
} if (!stack_orientation.empty()) { // <=
....
}
....
}
There are else-if sequences in the tree generation algorithm here. In the middle the next if block is on
the same line with the closing brace of the previous else statement. Perhaps, the code works correctly:
before this if statement, blocks of the trunk are created, followed by leaves. On the other hand, it's
possible that else is missed. Only the author can say this for sure.
Incorrect memory allocation check
V668 There is no sense in testing the 'clouds' pointer against null, as the memory was allocated using
the 'new' operator. The exception will be generated in the case of memory allocation error. game.cpp
1367
bool Game::createClient(....)
{
if (m_cache_enable_clouds) {
16. clouds = new Clouds(smgr, -1, time(0));
if (!clouds) {
*error_message = "Memory allocation error (clouds)";
errorstream << *error_message << std::endl;
return false;
}
}
}
If new can't create an object, an std::bad_alloc exception is thrown, and it must be handled by the try-
catch block. A check like this is useless.
Reading outside the array bound
V781 The value of the 'i' index is checked after it was used. Perhaps there is a mistake in program logic.
irrString.h 572
bool equalsn(const string<T,TAlloc>& other, u32 n) const
{
u32 i;
for(i=0; array[i] && other[i] && i < n; ++i) // <=
if (array[i] != other[i])
return false;
// if one (or both) of the strings was smaller then they
// are only equal if they have the same length
return (i == n) || (used == other.used);
}
Array elements are accessed before checking the index, which may lead to an error. Perhaps the author
should rewrite the loop like this:
for (i=0; i < n; ++i) // <=
if (!array[i] || !other[i] || array[i] != other[i])
return false;
Other errors
This article covers the analysis of pull requests in Azure DevOps and doesn't aim to provide a detailed
overview of errors found in the Minetest project. Only some code fragments that I found interesting are
written here. We suggest that the project authors don't follow this article to correct errors, but perform
a more thorough analysis of the warnings that PVS-Studio will issue.
Conclusion
Thanks to its flexible command-line configuration, PVS-Studio analysis can be integrated into a wide
variety of CI/CD scenarios. And the correct use of available resources pays off by increasing productivity.
Note that the pull request checking mode is only available in the Enterprise version of the analyzer. To
get a demo Enterprise license, specify this in the comments when requesting a license on the download
page. You can learn more about the difference between licenses on the Buy PVS-Studio page.