Browse DevOps Blogs (34)

John Edward outlines practical ALM and environment strategy guidance for Microsoft Copilot Studio, focusing on how to run copilots like enterprise applications with multi-environment setups, solution-based development, source control, CI/CD pipelines, configuration management, governance, and ongoing monitoring.

Hidde de Smet compares the GitHub Copilot App and the VS Code Agents Window, focusing on how each surface supports agent-first workflows: isolated sessions, worktrees, review/CI loops, and customization via MCP and instruction files. It includes a practical “which one should you use?” decision guide for day-to-day development vs delegated work.

DevClass rounds up Microsoft Build announcements that matter to developers, including new Windows sandboxing for AI agents (MXC), an Arm-based Surface RTX Spark Dev Box, GitHub Enterprise Local for connected or air-gapped environments, Azure Linux updates, and Microsoft-maintained Coreutils for Windows.

DevClass reports on .NET Aspire 13.4, highlighting the general availability of the TypeScript AppHost and new integrations that broaden Aspire beyond C#-only workflows. The piece also covers deployment targets (including Azure and Kubernetes), the Aspire dashboard’s OpenTelemetry-based observability, and notable Kubernetes-related improvements.

Jesse Houwing shows how to automate GitHub Copilot AI Credits budgeting by assigning per-user budgets based on Microsoft Entra ID group membership, using a GitHub Actions workflow and a PowerShell script that calls the GitHub enterprise billing API via the GitHub CLI.

Hidde de Smet lays out a practical KPI scorecard for teams adopting AI coding agents under usage-based billing, using GitHub Copilot’s AI Credits model as the concrete example. It focuses on measuring speed, quality, reliability, and spend together, with a rollout plan and data sources you can wire into a weekly dashboard.

Randy Pagels explains how to reduce repeated prompting by capturing team conventions in a copilot-instructions.md file so GitHub Copilot can generate code that matches your repo’s standards, architecture expectations, and preferred testing and design patterns.

DevClass reports on a multi-hour GitHub Actions outage that surfaced an incorrect “Your account is suspended” error, why Actions downtime can block CI/CD even when developers can still code locally, and what GitHub’s incident updates said about authentication issues and follow-on data cleanup.

Jesse Houwing breaks down why common “AI ROI” dashboards (tokens, PR counts, lines of code) don’t actually measure value, and how they can backfire through metric gaming and biased attribution. He proposes outcome-based measurement and post-build validation practices that better reflect real impact.

DevClass reports on GitHub’s investigation into a poisoned VS Code extension that led to exfiltration of internal repositories, and the downstream risks for credentials, private code exposure, and follow-on access if stolen secrets were present.

DevClass reports on a Shai-Hulud supply-chain attack where a compromised npm account published malware into 314 packages, then hid reports by closing GitHub issues. The piece summarizes the payload’s credential-stealing behavior and practical cleanup steps like rotating secrets and checking for unauthorized repos and services.

Hidde de Smet compares GitHub’s Spec-Kit and Fission AI’s OpenSpec for spec-driven development, focusing on how each tool structures specs, guides agent workflows, and fits greenfield vs brownfield work.

DevClass reports on TanStack’s incident follow-up after a supply-chain attack that abused a GitHub Actions workflow to run untrusted code and poison shared caches, and on the project’s proposed hardening steps—including potentially moving to invitation-only pull requests.

Thomas Maurer shares a conversation with Geoff Ross (Cireson) on using Tikit to bring IT service management practices to Azure operations, with a focus on self-service deployments, standardized service delivery, and governance baked into approval workflows.

Harald Binkle demonstrates a practical BMAD workflow using GitHub Copilot to turn fuzzy requirements into reviewable artifacts: a PRD, project context, epics/stories, architecture decisions, risk-based test design, and traceability. The example focuses on enterprise authentication concerns like MFA, tenant isolation, RBAC, and auditability.

Hidde de Smet breaks down what AI coding agents actually cost once GitHub Copilot switches to usage-based billing, including how credits map to tokens, why model choice changes your bill, and how to budget for agent-heavy teams without surprising finance.

Rob Bos argues that as GitHub Copilot shifts to usage-based billing, teams should stop fixating on token costs in isolation and instead measure what they get back: foundation work, reduced tech debt, and faster MVP delivery. He shares real usage patterns, cost concentration among heavy users, and practical steps to manage spend without throttling engineers.

Rob Bos introduces the GitHub Copilot App technical preview and shares a practical first look at using it for repository maintenance, including parallel agent sessions, session modes (Interactive/Plan/Autopilot), and the Agent Merge workflow for handling CI failures, merge conflicts, and security-related alerts.

John Edward explains how GitHub Copilot changes team workflows around pull requests, code review expectations, and knowledge sharing. The article focuses on the trade-offs of faster AI-assisted coding, why review discipline matters more, and how teams can add guardrails like testing and security scanning without losing collaboration.

John Edward outlines an architecture for a “Daily Stand-Up Agent”: a custom AI copilot that pulls sprint activity from Jira and Azure DevOps, detects blockers, and generates consistent stand-up summaries. The post focuses on connectors, grounding ticket data, conversational reporting, and practical considerations like security and data quality.

Rob Bos shares a real-world GitHub Copilot CLI mishap where an unintended Copilot CLI extension caused repeated prompts to close GitHub deployment-status notifications, and explains how he tracked down the source and removed it.

DevClass reports on the Zed editor reaching version 1.0, covering its Rust-based architecture, GPU-accelerated UI, built-in language server support, and the editor’s growing set of AI features (including agents) alongside an option to disable AI entirely.

John Edward explains how Architecture Decision Records (ADRs) capture the “why” behind technical choices, and how AI tools can generate consistent ADR drafts quickly so teams can focus on review, accuracy, and long-term knowledge sharing.

Rob Bos shares an overview of his open source projects spanning GitHub and CI/CD tooling, Azure-backed services, security reporting, and local-first AI utilities, with links to each repo and a clear description of what each tool does.

Rob Bos breaks down five GitHub Copilot and agent extensibility surfaces that create supply-chain and governance gaps in large enterprises, and explains what controls exist today (and where they don’t) across Copilot CLI plugins, APM, gh skill, MCP servers, and VS Code extension registries.

John Edward explains how to use GitHub as a “living” architecture repository—capturing Architecture Decision Records (ADRs), diagrams, standards, and roadmaps—and how pull requests and versioning can turn architecture work into a collaborative, auditable part of delivery.

DevClass.com reports on GitHub’s private preview of Stacked PRs, a workflow for breaking large changes into smaller, independently reviewable pull requests that can still depend on each other, with an optional gh stack CLI that’s also intended to work well with AI agents.

Jesse Houwing summarizes GitHub’s update that GitHub Copilot can now keep inference processing and associated data within US or EU data residency regions, and shows the enterprise/org policy you must enable to restrict Copilot to data-resident models.

Emanuele Bartolesi explains why Remote Desktop is a poor fit for day-to-day development on customer VMs, and shows how VS Code Remote Tunnels restores a normal local-editor workflow while keeping code and execution on the remote machine.

Andrew Lock explains how to build and publish custom Docker Sandbox templates so AI-agent sandboxes start with the tooling you need, including an example that installs the .NET SDK and a more advanced approach that swaps the base image while reapplying the sandbox layering.

Hidde de Smet explains how Spec-Kit’s extension system works, highlights useful community extensions, and walks through the Ralph Loop extension, which runs a GitHub Copilot agent in iterations to implement tasks from `tasks.md`, commit changes, and track context in `progress.md`.

Andrew Lock explains how to run AI coding agents in Docker Sandboxes using the sbx tool, so you can use “dangerous”/YOLO-style agent modes while keeping your host machine isolated, with practical setup steps, network policy notes, and git workflow tips.

Jesse Houwing explains why he rebuilt the Azure DevOps Marketplace publishing tasks from v5 to v6, focusing on faster builds, stronger testing, GitHub Actions support, and more secure authentication (OIDC/workload identity) while using GitHub Copilot’s Coding Agent to accelerate the rewrite.

Emanuele Bartolesi explains how to keep repositories in sync during a Git migration (for example, GitLab to GitHub), and why `git push --all` + `--tags` is not the same as `git push --mirror`, especially when it comes to non-branch refs and deletions.