How Copilot/AI helps me in my daily work

07 May, 2023
Xebia Background Header Wave

During an innovation day at work, I needed to generate extra code and a new application. I wanted to check out the newly released Deployment Protection Rules that can help you with protecting when a job in GitHub Actions can roll out your application to an environment.

Deployment protection rules need a new GitHub App that can be triggered when an environment is targeted. That App can then run its own checks and report back the status to GitHub with a callback webhook.

To get started I needed a new GitHub App that can receive the webhook from GitHub. Since I already have an Azure Function App up and running, I thought to add another HttpTrigger function to it, so I could log the payload and learn from that (the payload is not documented yet).

AI generated code with the prompt

Image generated with using the following prompt: sketched photo with some realism of an AI generating code.

Usual flow

Normally I would start with searching for the things I need: some documentation for hosting an endpoint to receive the webhook payload, search for creating an app to handle the user login, etc. This can easily take days tinkering around to get things to where it is good enough for a POC. Instead, I used AI tools to help me, and had things up and running in a few hours.

Step 1: Create a new Azure Function

I knew I needed an HttpTrigger and was about to search for it’s declaration, when I remembered I was already testing out GitHub Copilot for Chat, which is in technical preview so I cannot say to much about it. I asked Copilot to write the function definition for me and sure it enough: it proposed the right code, including logging of the incoming payload. Using that code I could publish the function and configure it as a webhook from a new GitHub App.

Screenshot of the Azure function log, showing the deployment_callback_url

The logs show that payload sends in the normal information you would expect, like the context for the trigger (in this case workflow_dispatch was triggered by my user account) and the callback URL that can be used to report back the status of the check. The callback has the following form: <a href="{OWNER}/{REPO}/actions/runs/{RUNID}/deployment_protection_rule"><a href="{OWNER}/{REPO}/actions/runs/{RUNID}/deployment_protection_rule">{OWNER}/{REPO}/actions/runs/{RUNID}/deployment_protection_rule</a></a>.

That means it uses a well defined url, so I can just call that as the GitHub App for testing to see if it works. I’ve configured the Deployment Protection Rule with my new GitHub App based on an existing workflow (Copilot still helped here left and right), and tested it in a workflow to call the callback url.

Step 2: Create a new node.js app for user configuration

An important part for my setup with the GitHub App will be to have the user configure settings for their environment. So that means I need to have a way to host an app that can do the OAuth flow with GitHub and store the settings in a database.

I’m not a JavaScript developer who knows exactly how to get started, but I do have AI tools that can help me with that. The easiest option I have and that is free to use, is the Bing integration in Edge. Here is my prompt: How can I get started with a simple webapplication based on node that uses GitHub authentication for the user to login and then retrieve information as that userScreenshot of the prompt and the result

Here is a part of the resulting app:

Screenshot of the npm code

It even had the steps in there to store the configuration settings from the GitHub App in the .env file. I could just copy that example and add the code to the app.

Screenshot of the .env setup and the login using the 'passport' library

There was an error running the app locally, but I could just copy the error message and search for it following the same conversation on Bing. The first result was the right answer, so I could just copy that again (npm install express-session) and add it to the app.

Example of the error

You can see the working redirect for the user authentication below: Screenshot showing the authorization of the app using GitHub login for my user and App against my localhost:3000 app.

Generated code

The generated was not perfect: it picked up some things from the code it was trained on that can be improved. GitHub Copilot should prevent this kind of security issues when generating code, but I used Bing’s AI to generate this part of the code.

This proves the point that even when using AI to help you generate code, setting up security pipelines is still very important. Luckily GitHub has made Advanced Security features available for free for public repos, allowing me to scan the code using CodeQL:

Screenshot displaying a CodeQL alert on the cookie for the user being send back to the server in plain text

If you want to learn more about GitHub Advanced Security, then check out my LinkedIn Learning Course on it: LinkedIn Learning.

I could then use the generated code to get started, and improve it to make it more secure using the security tools available as well.


And with that, most of my setup (the new Azure Function and the new node.js app) was done with me writing minimal amount of code, and still getting everything to work as I wanted.

Do be aware that I have enough experience with these topics to both know what to look for, and how to spot / find / debug errors in my code. I’m sure that if I was a beginner, I would have had a lot more questions and would have needed to do a lot more research to get to the same result.

I’m really excited to see what the future holds for Copilot and AI in general. I’m sure it will help me and many others to get more done in less time.

Rob Bos
Rob has a strong focus on ALM and DevOps, automating manual tasks and helping teams deliver value to the end-user faster, using DevOps techniques. This is applied on anything Rob comes across, whether it’s an application, infrastructure, serverless or training environments. Additionally, Rob focuses on the management of production environments, including dashboarding, usage statistics for product owners and stakeholders, but also as part of the feedback loop to the developers. A lot of focus goes to GitHub and GitHub Actions, improving the security of applications and DevOps pipelines. Rob is a Trainer (Azure + GitHub), a Microsoft MVP and a LinkedIn Learning Instructor.

Get in touch with us to learn more about the subject and related solutions

Explore related posts