Hello. I'm Hirakiba from the Productivity Improvement Team at Cybozu, Inc.

Our Productivity Improvement Team holds a weekly internal meeting every Wednesday called "Productivity Weekly," where we share tips and topics discovered during the week related to improving developer productivity.
This article is a compilation of the topics from that meeting.

This is the 18th edition. Past articles can be found here.

news

Amazon ECS now allows command execution in containers running on Amazon EC2 or AWS Fargate

https://aws.amazon.com/jp/about-aws/whats-new/2021/03/amazon-ecs-now-allows-you-to-execute-commands-in-a-container-running-on-amazon-ec2-or-aws-fargate/

The ECS Exec feature, which allows you to execute commands inside containers running in ECS, is now available. Previously, it was very cumbersome because users had to prepare their own backdoors to SSH into running containers. From now on, you can execute commands inside a container simply by making minor configuration changes to services or tasks.

https://dev.classmethod.jp/articles/ecs-exec/

Classmethod has already published an article on how to use it. Currently, it seems to be executable only with AWS CLI v1. Please refer to that as well.

AWS Summit Online 2021 - May 11th & 12th! | AWS

https://aws.amazon.com/jp/events/summits/online/japan/

AWS Summit Online 2021 will be held in May. While many sessions are business-oriented, there is also content for developers (Developer Zone), where you can see demos of the latest services.

If you're interested, go ahead and add it to your calendar now.

Code scanning: support for additional libraries and frameworks improves CodeQL analysis - GitHub Changelog

https://github.blog/changelog/2021-03-10-code-scanning-support-for-additional-libraries-and-frameworks-improves-codeql-analysis/

CodeQL, used for GitHub's Code scanning feature, now supports more libraries and frameworks.

Code scanning is a feature that analyzes code pushed to GitHub and notifies you of any security issues. I've had it point out code that could cause bugs before. With the expanded support for CodeQL, it can now find problems in more types of code.

Code scanning is free^[1] for public repositories, so if you're interested, give it a try.

[Minor Update] Sort repositories by name in organizations - GitHub Changelog

https://github.blog/changelog/2021-03-12-sort-repositories-by-name-in-organizations/

You can now sort repositories within a GitHub Organization alphabetically.

Previously, you could only sort them by the most recently updated. This might be useful for Organizations with a large number of repositories.

Dependabot private registry support public beta - GitHub Changelog

https://github.blog/changelog/2021-03-15-dependabot-private-registry-support-public-beta/

Dependabot now supports private registries (public beta).

Until now, Dependabot could not update packages located in private registries. Manual dependency updates are quite a bit of work, so this is a welcome addition^[2].

There was also a post about private dependencies on the GitHub Blog, so please refer to that as well.
https://github.blog/2021-03-15-dependabot-private-dependencies/

Dimmed theme beta for GitHub.com

https://github.blog/changelog/2021-03-16-dimmed-theme-beta-for-github-com/

A slightly lighter dark mode has been added to GitHub's themes (beta).

Recently, dark mode became available on GitHub. However, there were some opinions that dark mode is too dark. I also felt a bit of discomfort with a dark mode that was too black.

Perhaps reflecting those user voices, a new, more subdued and pale dark mode has been added compared to the existing dark mode. Personally, I'm happy with the addition, but now the contrast between the text color and the background has become so small that the text looks a bit blurry (this probably varies by individual). This is still in beta, so I'm looking forward to future adjustments.

If the existing dark mode is too dark for you, give this one a try.

know-how

Top 20 Dockerfile Best Practices | Sysdig

https://sysdig.jp/blog/dockerfile-best-practices/

This is a collection of Dockerfile best practices. Implementing these can help prevent security issues and optimize your applications.

While there have been various tips for Docker best practices for a long time, some people may not have updated their knowledge. I am one of those people. This article is especially recommended for those individuals.

Docker Security - OWASP Cheat Sheet Series

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

A Docker security cheat sheet by the Open Web Application Security Project. It mainly describes controls using container startup options. Just by reviewing these rules when handling Docker, you can expect an improvement in security.

For those who work with Docker, it's recommended to read this along with Top 20 Dockerfile Best Practices | Sysdig.

Scripting with GitHub CLI - The GitHub Blog

https://github.blog/2021-03-11-scripting-with-github-cli/

This article features various ways to utilize the GitHub CLI. It covers usage of the gh command that might not be widely known, such as setting aliases, changing the diff pager, and how the GitHub API is easier to call than with curl.

Not only for those who don't use GitHub CLI, but also for those who use it but aren't familiar with many of its features^[3], reading this might help you use GitHub even more effectively.

AWS Fault Injection Simulator – Fully managed chaos engineering service – Amazon Web Services

https://aws.amazon.com/jp/fis/

AWS Fault Injection Simulator is finally available. AWS Fault Injection Simulator is a service that allows you to intentionally cause AWS failures to verify the fault tolerance of your running systems and help improve performance.

While it is not difficult to intentionally cause failures on an on-premises infrastructure, the same cannot be said for external cloud infrastructures. Using this feature makes it easier to conduct so-called GameDays.

Classmethod quickly published an article about it as well.

https://dev.classmethod.jp/articles/aws-fault-injection-simulator-ga/

If you have a service running on AWS, it might be a good idea to try it out once in a staging environment or similar.

tool

iann0036/iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy

https://github.com/iann0036/iamlive

When making AWS API calls, you create IAM policies, but adding Actions and Resources with the bare minimum required is quite a lot of work. This becomes particularly tedious when building complex programs.

iamlive is a tool that blows away such hassles. It monitors AWS API calls and automatically generates IAM policies.

It has CSM mode and Proxy mode. In CSM mode, it monitors metrics delivered to localhost when an AWS API is called to tell you which Actions are required for the API call. In Proxy mode, it sets up a proxy on localhost and inspects requests sent to the API endpoint to tell you the required Actions and Resources for the API call.

Since it monitors requests, it supports not only the execution of the AWS CLI but also programs created with the AWS SDK.

I tried it today with a program that makes multiple AWS API calls, and it was extremely convenient to have a minimal policy automatically created with only the necessary Actions and Resources permitted. If you're struggling with similar issues, give it a try.

Earthly - Better Builds

https://earthly.dev/

Earthly is a build system that combines elements of Dockerfile and Makefile.

By using Earthly, if you had previously prepared a Dockerfile, Makefile, and sh scripts for build, lint, and test in CI, you can combine all of them into a single file. Additionally, since all processes inherently run within Docker containers, it claims to enable reproducible builds regardless of the OS or platform.

Whether it will become a major trend is uncertain, but it's certainly convenient to be able to consolidate things, and I personally found it interesting. If you're interested, give it a try.

Afterword

This week, unlike last week, there were many topics related to productivity improvement. It's been almost a year since I joined Cybozu. Time flies. Also, I'm looking forward to the new graduates of 2021 joining. It would be great if someone joined the Productivity Improvement Team.

The Productivity Improvement Team holds a meeting to share these kinds of topics every week. If you're interested in such a team, click the link below!
https://blog.cybozu.io/entry/2020/08/31/080000

Furthermore, Cybozu holds internships every year, and to my surprise, the Productivity Improvement Team is also planning to accept interns this summer. If you are a student and interested, please check out the link below.
https://cybozu.co.jp/company/job/recruitment/intern/2021/

Bonus

This is this week's bonus.

Stickfigure Recorder

https://stickfigure-recorder.web.app/

This is a service that generates a stick figure GIF just by standing in front of a webcam. Everything from filming and trimming the playback time to outputting is done entirely within the browser, making it easy to generate stick figure GIFs. The ease of use is great. Amazing.

I tried making one myself.

This is the stick figure I recorded. When I lowered the FPS to reduce the file size, it somehow turned yellow.