Posted on

Leveraging FlexDeploy Project Package Features

For a long time software development processes have been using packages. A package, for all intents and purposes, is a container file. Much like a zip file, they contain other files such as binaries, source code, scripts, and also a manifest that tells users what this project package means. Some common usages of packages are to make it easier to reuse and share code or to deploy code dependencies to different projects. Often, having a formal system with packages can help expose bugs sooner, making it easier to deliver trustworthy software. FlexDeploy packages, along with other built-in continuous integration and delivery functionality, will allow for a significant increase in productivity for developers and release managers.

In this blog, we will explore the significance of partial projects, how we can utilize project packages, and also integrating change management into the build and deployment of those packages.

Posted on

Build Even Faster Quarkus Applications With fast-jar

Quarkus is already fast, but what if you could make inner loop development with the supersonic, subatomic Java framework even faster? Quarkus 1.5 introduced fast-jar, a new packaging format that supports faster startup times. Starting in Quarkus 1.12, this great feature became the default packaging format for Quarkus applications. This article introduces you to the fast-jar format and how it works.

Note: The ninth annual global Java developer productivity report found that more developers are implementing business applications with Quarkus. Quarkus’s support for live coding with fast startup and response times lets developers focus more on business logic implementations rather than wasting time on jobs such as recompiling and redeploying code and continuously restarting the runtime environment.

Posted on

Package Signing in PIP

A few days ago, I made this DEV.to post about how Python's PIP lacks GPG package signing. Well, it turns out that I'm wrong! It does have a package signing process after all. Except it's one of the most manual, archaic, and cumbersome security practices I've seen to date.

I discovered this method when I landed on this blog post by a core python developer yesterday. To test package signing in the way described, I created a test package called siterank, a small script to fetch Alexa ranking of given websites.