Office Add-in Community call 9 Jan 2019

This months meeting is Wednesday Jan 9th – 8am PST

You can sign up for the Office DEveloper community calls here – https://aka.ms/OfficeDevCalls

The Office Add-ins community call is our quarterly event for developers to connect in real-time with the folks who are building the Office JavaScript APIs. During this call, we’ll share updates about new Office JavaScript APIs and provide tips about useful tools, samples, and resources for developing Office Add-ins. Additionally, each call will feature a technical deep dive on a specific topic and will conclude with an opportunity for attendees to ask questions and share feedback.

If you’d like to submit questions before the call, please use this form – https://aka.ms/officeaddinsform

Join the call here – https://aka.ms/officeaddinscall

 

Advertisements

PSC Tech Talk: Using AzureDevOps to Automate the Build and Deployment of SharePoint Framework widgets

During this PSC Tech Talk, Mark Roden gave a precursory run-through presentation for his SharePointFest Chicago 2018 presentation on the automation of build and deployment for SharePoint Framework widgets.

What is AzureDevops

Mark briefly walked through why AzureDevOps is PSC’s tool of choice for managing Agile projects. During an Agile project we build and deploy projects every two weeks so that progress can be demonstrated to clients and to ensure that the process is tested and working. Azure DevOps allows us to manage the whole process from:

  • Requirements Management (Backlog)
  • Project Management (Sprint Boards)
  • Code Source Control (git)
  • Automated Build and Deploy pipelines
  • Automated Testing

Quality

Having a transparent, visible to a client, Quality control process generates trust. Not only in the development process but also in the process for deployment. PSC uses AzureDevOps capabilities to run unit tests and where appropriate load testing of projects in development. SharePoint Framework is no exception. We want to make sure that anything being developed does not break existing code or the user interface. Traditionally testing would be done at the end of the project. In an Agile project it is done every two weeks.

What is SharePoint Framework?

Traditionally SharePoint on premises allowed an organization to customize the functionality using a “trusted-code” model whereby they were in complete control of the code going into their environment. When SharePoint online came out though this model was not available. Because of the shared-tenant model and because of a lack of access to modify SharePoint in a similar manner than on prem, Microsoft create the front-end-based SharePoint Framework model.

SharePoint online and therefore the SharePoint Framework (SPFx) are based on the React JavaScript framework. Developers create components which are directly integrated into the SharePoint online experience as if they were a first class member of the site.

Hello world 

Mark’s presentation used the Hello World example provided by Microsoft as a simple demonstration of how to build and deploy an SPFx widget locally. Mark then walked through the process of adding the widget manually to his SharePoint on line development tenant. Manually this process takes a couple of hours to set up and then about 10-15 minutes for every successful deployment.

Using AzureDevOps

Mark walked through the “build” and “deployment” processes provided by Microsoft in the AzureDevOps tool. The Build process manager has the ability to create separate tasks which simulate the manual process of creating the deployable code as explained in the Hello World example. The build process is triggered by checking the code into the Master branch.

The deployment process is similar and automates the process of taking the code and moving it out to the SharePoint tenant. The deployment is triggered on the completion of a successful “build”.

The Build and deployment process takes approximately 5 minutes and Mark showed the ability to track progress and see the console logging provided. Mark’s example also provided code coverage reports and testing dashboards.

Summary

When working on agile projects PSC recommends using AzureDevOps as the management tool of choice and as Mark demonstrated in this Tech Talk, building, testing and deploying SharePoint Framework widgets can automated.

 

 

 

 

 

Speaking at SharePointFest Chicago 2018

I am very lucky enough to have been accepted to speak at SharePointFest Chicago for the third year running now. The subject is Automated Build and deploy of SharePoint Framework webparts.

One of the really fascinating things about working in a modern large development team is the outstanding benefits for automated testing, automated build, and automated deployment. Even for something which might not on the surface seem to be a “big deal” such as SPFx webpart development, has many advantages to be gained by using a professional automated development environment.

Since I submitted and was accepted to speak, VSTS has been renamed to Azure DevOps, so this might be difficult to pull off as a topic – but i think we will be ok 😉

SharePointFest is always  alot of fun with a good crowd of speakers and attendees. I am excited to attend and excited to speak 🙂

 

DEV304 – Using VSTS to automate build and deployment tasks for SharePoint Framework webparts

Working on your own and building SharePoint Framework webparts is one thing, but when you have to work in a team on a larger project, the team approach to development has to be more structured and automated.

Modern team web development practices demand the use of unit tests, load testing and automated build and deploy methodologies. Why should developing for the Sharepoint framework be any different?

In this presentation Mark will highlight the advantages to using VSTS to create and manage and continuous build and deploy process for working with the Sharepoint Framework. Come and see how modern team development techniques can be applied to SPFx.

S106A Fri 2:20 PM – 3:30 pm

The JDRF One Walk – Trying to find a cure for Childhood Type 1 Diabetes

Type 1 Diabetes (T1D) is a serious and stressful disease to manage.  When you have T1D, your pancreas stops producing insulin—a hormone essential to turning food into energy. This means you must constantly monitor your blood-sugar level, administer insulin, and carefully balance these insulin doses with your eating and activity just to stay alive. JDRF is the only global diabetes foundation with a strategic plan to end T1D. One of the main fundraisers for JDRF is in the form of the “Walk for the Cure” held all over the country these walks are often attended by thousands of people, all walking to help raise money to find a cure for T1D.

Just over a year ago we found out that my youngest daughter Paige has Type 1 Diabetes. JDRF has been amazing in helping us initially cope with the disease, but also being there in support of us when we needed it and providing community support for families in our situation.

Last year my company PSC Group sponsored The Odd Socks walk team as part of the work done through the Philanthropic Committee. We raised over $5,000 as a team and we were incredibly proud of what we achieved in our first year.

We are doing the Walk in Schaumburg Illinois again this year September 30th.

Please consider donating your time and or fundraising for the team so that we may find a cure for T1D. You can do both from the link to the team page below.

https://www2.jdrf.org/site/TR?fr_id=7460&pg=team&team_id=264088

You can join the team any time until the day of the walk itself but we need to know before Saturday 22nd if you want one of the new improved TYE-DYE t-shirts for 2018.

 

 

PSC Tech Talk: Using Chrome Profiles for Office365 developers

In this presentation one of our Directors @MarkyRoden gave a short presentation on using Chrome profiles to help manage your life as a developer.

Mark gave the example of having a chrome profile for each of his customers and how he takes advantages of the features the profiles provide.

Using Chrome profiles you can:

  • Store separate bookmarks per profile
    • This means that you can create specific bookmarks just for that customer and/ or that development environment.
  • Different homepages
    • You can create a unique set of pages which always opens for each individual profile. For his salesforce instance Mark has the SalesForce tenant open automatically, for his Azure dev profile, Mark has portal.azure.com open automatically.
  • It remembers you
    • When you log into a website like Office365 for example, you can allow the system to remember who you are and now ask you for authentication every time. These credentials are remembered separately for each profile. Using this Mark can log into him development instance of Office365 by opening the profile and when he opens his PSC instance of Office365 in his Work profile, he is logged into the PSC Office 365 tenant.
  • Chrome extensions
    • Each profile has it’s own set of chrome extensions. So those which are useful for salesforce development, are only available in the salesforce profile.
  • Microsoft Teams
    • Right now you cannot log into two separate client instances within one Teams Client instance. Mark uses his client profiles so that he can access teams for each organization separately within their own tenant, while keeping them all separate from each other.

 

 

 

PSC Tech Talks – Securing AWS Lambdas

During this PSC Tech Talk, Roger Tucker gave an in depth technical talk on how to create signatures and the secure HTTP headers necessary to have secure authenticated access to calling and executing Amazon Web Services (AWS) Lambdas.

What are AWS Lambdas?

AWA Lambdas are a serverless service that runs your code in response to events and automatically manages the underlying compute resources.

PSC uses Lambdas for a number of AWS projects which we create and manage for our clients. The advantages of Lambdas are that they self-scale, and the client is only billed for the time the lambads are running. The presentation was not about the right way (there are many) to architect a Lambda based application. That would be for another day.

Samples Lambdas

Roger showed how to create a simple Lambda function in and call it via an unsecured API Gateway endpoint. Using the Postman tool he demonstrated how the response can be triggered from an unsecured API Gateway endpoint in a development environment.

Roger set a different API Gateway endpoint to use IAM (Identify access manager) security. He allowed the TestLambda user to have access to one resource – the secure demo api.

 

His initial attempt to call the enpoint using Postman with no Authorization provided resulted in a “missing authentication token” message.

In the next attempt the AWS signature option was selected in postman.  He provided the appropriate AWS credentials, region and service name in Postman and resubmitted the request.  We saw how Postman allows us to create the AWS Signature and HTTP header for the sake of testing. And now that the test user has access, we can see the proper response from the endpoint.

 

Creating the signature

Roger demonstrated how to create the Signature necessary for the HTTP header. Starting with a Canonical Request, your AWS credentials, endpoint region, and service you can create the signature. The signature is then used to create the HTTP header.

The hashed response to the canonical request “e3boc……”then becomes an input for a string which is needed to generate the signature.

Using the string to sign (containing the credential scope) we then create the Signature and this is what is attached to the api call as an Authorization header.

There are multiple levels of hashing, this is intentionally complicated, so as to make the Lambdas as secure as possible. This signature must make the necessary hash generated on the server to allow the authorization to be allowed.

Roger then closed out the presentation by showing how his Python code creates these separate credentials and how he can then call the secure Lambda directly.

Conclusion

Securing Lambdas is a complex process, this is by design to ensure that an open endpoint cannot be called by a rogue service.

 

Renewed as a Microsoft MVP 2018-2019

I am very honoured and humbled to be renewed as a Microsoft MVP for 2018-2019 in the category of Office Development. The MVP program recognizes content creators, code providers and conference speakers who want to share their knowledge and broaden the outreach of the platforms they work with.

Since I got involved in Office Add-In development over two years ago it has been an truely gratifying, eye-opening experience to see what a transformed company Microsoft is. I have never written a line of .NET code. I am a web developer, and using those web dev. skills I am now a Microsoft developer and MVP. The me of ten years ago would never have believed it possible 🙂

 

Thank you to Microsoft for the recognition and all the perks which come along with the award.
Thank you to every one at PSCGroup who continues to enable me in what I do and love, and long may it continue.
Thank you to all the friends I have met along the way and who’s encouragement is always wecome and appreciated.