Advantages and Pitfalls of your Infra-as-Code Repo Strategy

Following-up on the questions I’ve received on Introduction to Terraform Cloud post, today I want to tackle the never-ending debate around repo structures and some of the solutions and their inherent problems. For this conversation, I’ll refer to my IaC in a mostly Terraform oriented way, but most of what follows will apply well to other technologies.

There are 2 main schools of thought when it comes to infra-as-code repository structures:

  1. Mono Repo: One repository to rule them all, containing all your IaC, your modules and any auxiliary automation
  2. Distributed Repos: “self-contained” repositories that hold the components needed for the solution you’re trying to deliver and referring other repos for reusable components or data variables

Within these 2 categories, there is a wide number of sub-strategies for how to manage the lifecycle of your IaC across multiple environments. Across my career, I’ve seen both simple and truly horrible implementations and I hope to discuss some of the reasons why people might have made these choices and what to avoid if possible.

But before we proceed, it’s always helpful to remind people that the best solution is the one that fits your team’s needs and workflow, so take everything here for what it is, an analysis of professional experiences.

This Google Engineer said it best!

Jaana Dogan put it best with this quote. Any simple solution is hard and will require the processing of tons of information before it can be accomplished. This information can be in the form of requirements, processes, constraints and people needs but it can involve so much more.

With this in mind, let’s break down the requirements we usually have for our infra-as-code repos (this list is by no means extensive or in any particular order but it includes things that I usually look for in my workflows):

  • Ability to reference to a common “stack” or “base-config”. This usually happens if you have a terraform workspace or a separate statefile for your base VPC/Network that will provision your Subnets and base connectivity. Usually, these come as outputs rather than having to use data resources later in other parts of the code.
  • Ease of promotion of changes from environment A to environment A+1. Being able to quickly compare between environments and promote changes safely whilst still keeping the codebase readable is a must. In a growing environment, you’ll want to be able to quickly detect “what’s different” or “what’s changed”.
  • Harmony between software products. Nobody uses terraform in isolation, the same way you don’t use Ansible, Puppet or Kubernetes to run everything in your company. Your repo structure needs to accommodate all the different tools you use and provide engineers with an intuitive or at least well-documented walkthrough of how to use it or make changes.
  • Keeping it Simple but not too Simple. Referring back to Jaana’s tweet, “simple” ain’t easy or in most cases desirable. To over-simplify or optimize will most likely put you in a position that will hinder any meaningful speed. Design to retain the speed of change and ease of testing and modification. Retain your flexibility, ’cause one thing is for sure, new requirements and requests will always come around to blindside you. It’s called maturity for a reason :)
  • Flatten the learning curve. Not everyone will have the same background or level of experience. Design and document for intuitive use and ease of onboarding new engineers. An overly complex solution, “beautiful” as it may be, will suck hours out of your team’s day in onboarding, training and troubleshooting.

#aws #cloud #terraform #git #devops

What is GEEK

Buddha Community

Advantages and Pitfalls of your Infra-as-Code Repo Strategy
Tyrique  Littel

Tyrique Littel


Static Code Analysis: What It Is? How to Use It?

Static code analysis refers to the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it.

Lately, however, the term “Static Code Analysis” is more commonly used to refer to one of the applications of this technique rather than the technique itself — program comprehension — understanding the program and detecting issues in it (anything from syntax errors to type mismatches, performance hogs likely bugs, security loopholes, etc.). This is the usage we’d be referring to throughout this post.

“The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.”

  • J. Robert Oppenheimer


We cover a lot of ground in this post. The aim is to build an understanding of static code analysis and to equip you with the basic theory, and the right tools so that you can write analyzers on your own.

We start our journey with laying down the essential parts of the pipeline which a compiler follows to understand what a piece of code does. We learn where to tap points in this pipeline to plug in our analyzers and extract meaningful information. In the latter half, we get our feet wet, and write four such static analyzers, completely from scratch, in Python.

Note that although the ideas here are discussed in light of Python, static code analyzers across all programming languages are carved out along similar lines. We chose Python because of the availability of an easy to use ast module, and wide adoption of the language itself.

How does it all work?

Before a computer can finally “understand” and execute a piece of code, it goes through a series of complicated transformations:

static analysis workflow

As you can see in the diagram (go ahead, zoom it!), the static analyzers feed on the output of these stages. To be able to better understand the static analysis techniques, let’s look at each of these steps in some more detail:


The first thing that a compiler does when trying to understand a piece of code is to break it down into smaller chunks, also known as tokens. Tokens are akin to what words are in a language.

A token might consist of either a single character, like (, or literals (like integers, strings, e.g., 7Bob, etc.), or reserved keywords of that language (e.g, def in Python). Characters which do not contribute towards the semantics of a program, like trailing whitespace, comments, etc. are often discarded by the scanner.

Python provides the tokenize module in its standard library to let you play around with tokens:



import io


import tokenize



code = b"color = input('Enter your favourite color: ')"



for token in tokenize.tokenize(io.BytesIO(code).readline):





TokenInfo(type=62 (ENCODING),  string='utf-8')


TokenInfo(type=1  (NAME),      string='color')


TokenInfo(type=54 (OP),        string='=')


TokenInfo(type=1  (NAME),      string='input')


TokenInfo(type=54 (OP),        string='(')


TokenInfo(type=3  (STRING),    string="'Enter your favourite color: '")


TokenInfo(type=54 (OP),        string=')')


TokenInfo(type=4  (NEWLINE),   string='')


TokenInfo(type=0  (ENDMARKER), string='')

(Note that for the sake of readability, I’ve omitted a few columns from the result above — metadata like starting index, ending index, a copy of the line on which a token occurs, etc.)

#code quality #code review #static analysis #static code analysis #code analysis #static analysis tools #code review tips #static code analyzer #static code analysis tool #static analyzer

Samanta  Moore

Samanta Moore


Guidelines for Java Code Reviews

Get a jump-start on your next code review session with this list.

Having another pair of eyes scan your code is always useful and helps you spot mistakes before you break production. You need not be an expert to review someone’s code. Some experience with the programming language and a review checklist should help you get started. We’ve put together a list of things you should keep in mind when you’re reviewing Java code. Read on!

1. Follow Java Code Conventions

2. Replace Imperative Code With Lambdas and Streams

3. Beware of the NullPointerException

4. Directly Assigning References From Client Code to a Field

5. Handle Exceptions With Care

#java #code quality #java tutorial #code analysis #code reviews #code review tips #code analysis tools #java tutorial for beginners #java code review

Houston  Sipes

Houston Sipes


How to Find the Stinky Parts of Your Code (Part II)

There are more code smells. Let’s keep changing the aromas. We see several symptoms and situations that make us doubt the quality of our development. Let’s look at some possible solutions.

Most of these smells are just hints of something that might be wrong. They are not rigid rules.

This is part II. Part I can be found here.

Code Smell 06 - Too Clever Programmer

The code is difficult to read, there are tricky with names without semantics. Sometimes using language’s accidental complexity.

_Image Source: NeONBRAND on _Unsplash


  • Readability
  • Maintainability
  • Code Quality
  • Premature Optimization


  1. Refactor the code
  2. Use better names


  • Optimized loops


  • Optimized code for low-level operations.

Sample Code


function primeFactors(n){
	  var f = [],  i = 0, d = 2;  

	  for (i = 0; n >= 2; ) {
	     if(n % d == 0){
	       n /= d;
	  return f;


function primeFactors(numberToFactor){
	  var factors = [], 
	      divisor = 2,
	      remainder = numberToFactor;

	    if(remainder % divisor === 0){
	       remainder = remainder/ divisor;
	  return factors;


Automatic detection is possible in some languages. Watch some warnings related to complexity, bad names, post increment variables, etc.

#pixel-face #code-smells #clean-code #stinky-code-parts #refactor-legacy-code #refactoring #stinky-code #common-code-smells

Fannie  Zemlak

Fannie Zemlak


Softagram - Making Code Reviews Humane

The story of Softagram is a long one and has many twists. Everything started in a small company long time ago, from the area of static analysis tools development. After many phases, Softagram is focusing on helping developers to get visual feedback on the code change: how is the software design evolving in the pull request under review.

Benefits of code change visualization and dependency checks

While it is trivial to write 20 KLOC apps without help of tooling, usually things start getting complicated when the system grows over 100 KLOC.

The risk of god class anti-pattern, and the risk of mixing up with the responsibilities are increasing exponentially while the software grows larger.

To help with that, software evolution can be tracked safely with explicit dependency change reports provided automatically to each pull request. Blocking bad PR becomes easy, and having visual reports also has a democratizing effect on code review.

Example visualization

Basic building blocks of Softagram

  • Architectural analysis of the code, identifying how delta is impacting to the code base. Language specific analyzers are able to extract the essential internal/external dependency structures from each of the mainstream programming languages.

  • Checking for rule violations or anomalies in the delta, e.g. finding out cyclical dependencies. Graph theory comes to big help when finding out unwanted or weird dependencies.

  • Building visualization for humans. Complex structures such as software is not easy to represent without help of graph visualization. Here comes the vital role of change graph visualization technology developed within the last few years.

#automated-code-review #code-review-automation #code-reviews #devsecops #software-development #code-review #coding #good-company

Vincent Lab

Vincent Lab


Let's Talk About Selling Your Code

In this video, I’ll be talking about when do I think code is ready to be sold.

#should you sell your code? #digital products #selling your code #sell your code #should you sell your code #should i sell my code