It’s not unusual for teams to want to merge the same branch into multiple branches. If they create multiple pull requests from that branch to each of the other branches, they suddenly find that their Checks behave differently than expected and the branches start to share results. Understanding why this happens makes it easy to get Checks to behave as expected.

What you don’t know can hurt you, especially when it comes to code. Dependency chains can tend to have more security considerations than most people realize. In fact, most dependencies have far more abilities than most developers realize …

I previously mentioned that it’s possible to force a release build to act like a debug build. To do this, we need to understand how .NET knows when to treat an assembly as a debug build or a release build (hint: it’s not the AssemblyConfiguration attribute!). We also need to understand the options that the runtime provides for overriding the default settings. Time to explore how that process is implemented and the configuration options available for overriding those settings.

If you’re not completely sure about the differences between Debug and Release builds in .NET, you’re not alone. Like PDBs, there’s lots of myths and half-true stories coloring our views. Most developers know that they use debug builds when they are creating code. But what is .NET really doing that’s so different? They know they should use release builds for production, but they don’t necessarily understand why. Think the code is better optimized by the compiler? That’s not entirely true (or at least it’s not true if we’re speaking about Roslyn or MSBuild). This post will explore what’s happening under the covers with Roslyn and the just-in-time (JIT) compiler.

In part three of our discussion of PDBs and debugging, we explore an improvement to the debugging experience: SourceLink. Instead of using the symbol server tools to source index our PDBs, we can use an open source, standardized approach to map our symbols back to the files in source control that were used to build our binaries.

It’s not really an exploration of PDBs and debugging without talking about symbol servers. With .NET evolving, has our need for these previously essential systems changed? In this post, we’ll explore what a symbol server is, the role they fill, and their strengths and limitations.

Years ago, John Robbins examined the details of PDB files in PDB Files: What Every Developer Must Know. Since then, a lot has changed about .NET. Despite that, most developers still lack an understanding of how PDBs work or why they are so important. Most times, I see teams trying to prevent PDBs from being created in release code; this is a sure path to future problems. In this post, I’ll provide updated details on the nature of PDBs and how they work.

Most package management systems support some kind of “universal artifacts” storage. Azure Artifacts supports “universal packages”, Artifactory supports “generic repositories”, and Nexus has “raw repositories”. But what about GitHub? From all appearances, it would seem this is an oversight. Although not explicitly documented, it turns out it’s fully supported.

If you’ve ever wanted to integrate an external system or execute parts of the CI process asynchronously, the GitHub Checks API can provide a way to make that happen. In fact, you can even use Checks to allow two workflows to work together, no waiting or polling from the runner required. Today I’ll demonstrate how the API works and provide two workflows that demonstrate how to build a working GitHub Check.

Most people don’t realize that the humble pull request orchestrates surprisingly complex activities behind the scene. GitHub creates test merges and simulated merge branches to test and validate what would happen if the changes were merged into the target branch. This is more complex than most people realize, and it leads to a number of different SHAs being provided to the GitHub workflow. It’s time to understand these SHAs, their purpose, and how to find them.