I thought of 3 potential exercises in this DevOps space. We can look at them and decide which order to do them in (and how many to do). The first two are based on L34 note.
Let's develop a naming scheme for our herds of (literal) cows. How can we apply the principles in the lecture to this problem?
This is pretty cookbook, but you can follow these instructions for creating a Docker image of a Node.js application.
https://docs.docker.com/get-started/02_our_app/
I figured out how to use GitHub Actions to compile the TeX files automatically. Probably the easiest CI thing is to run test cases for a project automatically. Pick some Java project and set up a GitHub action for it.
See: https://docs.github.com/en/actions/quickstart
See: https://docs.gitlab.com/ee/ci/quick_start/
We can probably try both GitHub Actions and GitLab CI/CD
We can talk about how it can be avoided: https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/
https://www.openwall.com/lists/oss-security/2024/03/29/4
Did the naming exercise. Did not do the other exercises. Instead, we collectively talked through an example of writing an incident report (fake, "patricklam.ca is down"). That works as an exercise, though maybe one could read an existing incident report also. Or have a better scenario.
The xz incident can be extended further I think. On Apr 5th, we tried both GitHub Action and GitLab CI/CD. UW GitLab needs us to set up a separate runner to do jobs. I used my own laptop for it. Its tutorial was not very straightforward.