I wouldn’t walk away from developer-led, line-by-line code review, because:

1. For a review to be actually good, it needs multiple perspectives: technical correctness, adherence to coding standards, business correctness (logic), and architecture. I doubt a single prompt can cover all of that.

2. To do a proper review, an AI agent would have to analyze dependencies, understand requirements, build code/logic diagrams, and then review—otherwise you’d need to dump half the repo into context and it’ll blow up in your face. As the saying goes: “It’s a recipe for disaster.”

I see AI review as support—maybe even a replacement for small changes—but it won’t replace the eyes of an experienced developer who knows the domain and the system.

The bigger problem I see is organizational culture. AI spits out code in large volumes, and (generally) devs won’t thoroughly review PRs. And we, as developers, will be—are—pushed harder and harder to produce more and more code, faster, using AI. Today we’re told to use one agent; soon we’ll be expected to run at least five in parallel.

Doing it right? Still hard. It still requires knowledge and skills. But it’s easier than ever.

I put together a few practical tips for builders of new era.

Presentation

Download PDF

Fast tips for you

Security

• Keep API keys secret: Never hardcode keys in your app. Store secrets in environment variables or a free secrets manager to keep them safe. 1Password has some interesting features that are worth looking at!
• Scan for vulnerabilities: Run a free Snyk scan (or enable GitHub Dependabot) to catch known security flaws in your code/dependencies early.
• HTTPS everywhere: Always serve your app over HTTPS. Tools like Let’s Encrypt give free SSL certificates!
• Lock your accounts: Enable 2-factor authentication on critical services (GitHub, cloud platforms, AI tools etc.). It’s free and prevents easy hacks on your accounts.
• Set hard budget limits in all tools that charge for usage, like Chat-GPT. It might save you a lot of money!

Version Control

• Stop emailing zip files: Use Git for version control. It tracks every change so you can undo mistakes and never lose code again.
• Free cloud backup: Push your code to GitHub or GitLab (free private repos) for safekeeping. If your laptop crashes, your code stays safe in the cloud.
• Branch for safety: Experiment on a new branch instead of directly on main. Merge when it’s working, or delete it if not — no harm done to your main codebase.
• GitHub Desktop helps: If the command line scares you, use the free GitHub Desktop app. It’s a point-and-click way to commit, push, and pull code – no terminal needed. Most coding editors have already build-in graphic interface for GIT.
• Automate testing & deploys: Use GitHub Actions (free) to run checks or deploy your app on every push. Automation catches issues early and saves manual effort.

Deployment

• One-click hosting: Deploy your app on platforms like Railway Vercel. You just push code and chill.
• No server? No problem: Firebase offers hosting, database, and auth with a free plan. Great way to get backend features without managing any servers.
• Static site hero: Use Netlify, Vercel, or GitHub Pages for a static website or frontend app. They’re free – just connect your repo or drop your files to go live.
• Continuous deploy: Link your code repo to your host (Railway, Vercel, etc.). Every time you push changes, the service auto-deploys your app. No more manual uploads!
• Serverless functions: Need a bit of backend logic? Use cloud functions on a free tier (Firebase Functions, Vercel, Netlify, AWS, GCP, Azure). Your code runs on demand.

Rules

• Split project into smaller tasks – Easier to manage, debug, and parallelize.
• Write detailed documentation first – Force model/agent to follow it. Include goals, edge cases, and examples.
• Monitor token and compute costs – Large files or loops can explode usage. If your app is using AI, then integrate your app with LangSmith or a similar observability tool.
• Limit workspace scope – Restrict to relevant directories or files only for each task.
• Define clear input/output format – Avoid ambiguity. Keep structure strict and predictable. Define all details and rules in each prompt.
• Use isolated test cases – Help the model validate logic step-by-step. Ask the model to create tests according to BDD (Behavior Driven Development).
• Fail fast, retry smart – Catch issues early, and design fallback or retry logic.

Wrap-up

I hope the article at least intrigued you, you learned something new. If you would like to see more of such articles, please let me know!

Contact

Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

After the last presentations, I felt tired of PowerPoint and decided to do something different.

Why I got tired of PowerPoint

Form, form, form. I was tired of the form. PowerPoint forces to focus on form, layouts, colors, and pixels etc. I don’t like frontend development, I’m not a designer. I prefer to focus on the content, not the layout, pixels. I a presentation that was simple and minimalistic.

Marp - a simple solution

I used Markdown - a text format for creating presentations. Without using any AI :P

It’s simple because all you need is a Markdown text file and a tool to display such a file, such as the Marp for VS Code plugin. Then you can export the presentation to HTML, PDF. IF you don’t use visual studio code, then you can use for example CLI to generate a presentation in PDF/HTML format.

The simplicity of this solution convinced me.

Example of Marp presentation

---
marp: true
theme: default
paginate: true
backgroundColor: #fff
style: |
  .columns {
    display: grid;
    grid-template-columns: repeat(2, minmax(0, 1fr));
    gap: 1rem;
  }
  .small-text {
    font-size: 0.75em;
  }
  .center {
    text-align: center;
  }

  header,
  footer {
    padding:20px
  }

  img {
    max-width: 100%;
    max-height: 100%;
  }
---

# :popcorn:Dependabot: Automated Dependency Updates
![bg right](./dp_logo.png)

<small>
Michał Mazur
</small>

---
<!-- headingDivider: 0-->


# What is Dependabot? 🤖

Imagine having a dedicated team member who:

- Never sleeps and its fully automated
- Checks your dependencies 24/7
- Creates perfect pull requests
- Knows about security issues before you do
- Supports multiple ecosystems:
  - github actions, npm, pip, Maven, NuGet, Bundler...

---

# Short Live Demo Time! 🎬

In a result you can get sth like that in PDF format: pdf

Links

• Marpit: https://marpit.marp.app/
• Marp for VS Code: https://marketplace.visualstudio.com/items?itemName=marp-team.marp-vscode

Wrap-up

I hope the article at least intrigued you, you learned something new.

Contact

Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

I was recently working on signing Docker images and found a performance issue. In order to sign the image, I had to pull the image from the registry, calculate the hash and create the signature file, and push the new tag to artifactory. This process took a lot of time, especially if the image was large. I was looking for a way to optimise this process. I found a hack to remotely create new tags on JFrog and AWS ECR docker repositories without pulling and pushing the image. It’s a simple trick, but it can save you a lot of time. I will show you an example of how to do it on Github Actions

Classic method

docker pull artifactory.example.com/my-image:1.0.0
docker tag artifactory.example.com/my-image:1.0.0 artifactory.example.com/my-image:1.0.1
docker push artifactory.example.com/my-image:1.0.1

JFrog

Below exampl pipeline steps uses JFrog API to fetch the image manifest and add new tag to the image $ tagged $.

Pipeline configuration

env:
  DEVHUB_REGISTRY_URL: artifactory.example.com # JFrog registry url
  DEVHUB_REPO_NAME: docker # JFrog docker repository name
  IMAGE_NAME: my-image # Docker image name
  SEMVER: 1.0.0 # Current image tag
  TARGET_SEMVER: 1.0.1 # New image tag

Secrets:

• ARTIFACTORY_USERNAME
• ARTIFACTORY_TOKEN

Pipeline steps

AWS ECR

Pipeline configuration

env:
  AWS_REGION: "" # AWS region name i.e us-east-1
  AWS_WORKFLOW_ROLE: "" # AWS role arn
  AWS_ROLE_SESSION_NAME: "" # AWS role session name

  IMAGE_NAME: my-image # Docker image name
  SEMVER: 1.0.0 # Current image tag
  TARGET_SEMVER: 1.0.1 # New image tag

Pipeline steps

Warning: Authentication with AWS ECR requires AWS credentials. Please make sure you have configured AWS credentials in your pipeline. My example uses one of the possible methods to configure AWS credentials in GitHub Actions.

Wrap-up

I hope the article at least intrigued you, you learned something new.

Contact

Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

As I was diving into “The Software Engineer’s Guidebook,” by Gergely Orosz I stumbled upon a game-changing tip: keeping a work log.

This practice has been a revelation for me—it’s more than just tracking daily tasks. A work log helps you:

✅ Track Your Progress: Stay on top of your projects and see how far you’ve come.

🎉 Celebrate Wins: Big or small, every achievement counts. Documenting them keeps your morale high.

🔄 Learn from Mistakes: Reflect on challenges and turn them into growth opportunities.

💼 Prepare for Promotions: When it’s time to discuss your next career move, having a detailed record of your contributions is invaluable.

Want to start your own work log? I’ve put together a simple template to get you going:

My weekly template

- What work do I feel most proud of?
- Are there themes in these projects I should be thinking about? What’s the big picture of what I’m working on? (am I working a lot on security? localization?).
- What do I wish I was doing more / less of?
- Which of my projects had the effect I wanted, and which didn’t? Why might that have been?
- What could have gone better with project X? What might I want to do differently next time?

# Developer Work Log

## Week of [Month Day, Year]

### Goals
- [ ]
- [ ]
- [ ]


### Monday, [Date]
#### Tasks
- [ ]

#### 🚀 Achievements
-

#### 🛠️ Challenges
-

#### 💡 Learnings
-

#### 🎯 Goals for Tomorrow
-


### Tuesday, [Date]
#### Tasks
- [ ]

#### 🚀 Achievements
-

#### 🛠️ Challenges
-

#### 💡 Learnings
-

#### 🎯 Goals for Tomorrow
-



### Wednesday, [Date]
#### Tasks
- [ ]

#### 🚀 Achievements
-

#### 🛠️ Challenges
-

#### 💡 Learnings
-

#### 🎯 Goals for Tomorrow
-

### Thursday,  [Date]
#### Tasks
- [ ]

#### 🚀 Achievements
-

#### 🛠️ Challenges
-

#### 💡 Learnings
-

#### 🎯 Goals for Tomorrow
-


### Friday, [Date]
#### Tasks
- [ ]

#### 🚀 Achievements
-

#### 🛠️ Challenges
-

#### 💡 Learnings
-

#### 🎯 Goals for Tomorrow
-


---

## Weekly Summary

### 🎯 Weekly Goals
- [Goal 1]
- [Goal 2]
- [Goal 3]

### 🚀 Achievements
- [Major achievement 1]
- [Major achievement 2]
- [Major achievement 3]

### 🛠️ Challenges
- [Significant challenge 1]
- [Significant challenge 2]
- [Significant challenge 3]

### 💡 Learnings
- [Key learning 1]
- [Key learning 2]
- [Key learning 3]

### 📅 Planning for Next Week
- [Objective 1]
- [Objective 2]
- [Objective 3]

Hello ✋, I was tasked with integrating a Java class for data generation into our CI/CD pipeline. The goal was to create a shaded JAR that could run directly from the pipeline.

The challenge was that the class was in the tests directory, which Maven doesn’t support for building JARs. I resolved this by using the maven-shade-plugin and maven-resources-plugin to build a shaded JAR, including necessary resources like SQL schema files.

I hope this example saves you time during development! 🚀

Code

Maven

This Maven configuration uses two key plugins to build and run a JAR file with an executable Java class (MainTest) in the tests directory: the Maven Shade Plugin and the Maven Resources Plugin.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>eu.cybershu</groupId>
  <artifactId>mvn-test-jar</artifactId>
  <version>1.0-SNAPSHOT</version>

  <properties>
    <maven.compiler.source>17</maven.compiler.source>
    <maven.compiler.target>17</maven.compiler.target>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  </properties>

  <profiles>
    <profile>
      <id>test-jar</id>
      <build>
        <plugins>
          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-shade-plugin</artifactId>
            <version>3.6.0</version>
            <executions>
              <execution>
                <goals>
                  <goal>shade</goal>
                </goals>
                <configuration>
                  <shadedArtifactAttached>true</shadedArtifactAttached>
                  <transformers>
                    <transformer implementation=
                                   "org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                      <mainClass>eu.cybershu.MainTest</mainClass>
                    </transformer>
                  </transformers>
                </configuration>
              </execution>
            </executions>
          </plugin>

          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-resources-plugin</artifactId>
            <version>3.3.1</version>
            <executions>
              <execution>
                <id>copy-test-classes</id>
                <phase>process-test-classes</phase>
                <goals>
                  <goal>copy-resources</goal>
                </goals>
                <configuration>
                  <outputDirectory>${project.build.outputDirectory}
                  </outputDirectory>
                  <resources>
                    <resource>
                      <directory>${project.build.testOutputDirectory}
                      </directory>
                      <includes>
                        <include>**/*.class</include>
                      </includes>
                    </resource>
                  </resources>
                </configuration>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>
  </profiles>
</project>

Maven Shade Plugin

The Maven Shade Plugin is used to package the project into an executable JAR file. This plugin performs several tasks, such as combining dependencies into a single JAR and modifying the manifest file to specify the main class.

Shading phase packs the project into a JAR file that includes dependencies.

Configuration:

• shadedArtifactAttached: When set to true, this ensures the shaded JAR is attached as an additional artifact.
• transformers: This section modifies the JAR manifest. The ManifestResourceTransformer is used to specify the main class ( eu.cybershu.MainTest).

Maven Resources Plugin

The Maven Resources Plugin is employed here to ensure that the compiled test classes are included in the final build output. This is necessary because the main class (MainTest) resides in the tests directory.

Key Elements:

• Execution ID (copy-test-classes): Identifies this specific execution of the plugin.
• Phase (process-test-classes): Specifies when this plugin should run during the build lifecycle.

Configuration:

• outputDirectory: Specifies where the resources should be copied to, typically the main output directory of the build.
• resources: Defines which resources to copy. Here, it includes all .class files from the test output directory.

By configuring this plugin, the build process ensures that the compiled test classes (including MainTest.class) are copied to the main output directory. This step is crucial for including the MainTest class in the final shaded JAR file.

Java

MainTest.java - Executable Class

public class MainTest {
  public static void main(String[] args) {
    System.out.println("Let's print a file......");

    BufferedReader reader = new BufferedReader(new InputStreamReader(
      MainTest.class.getClassLoader().getResourceAsStream("any_file.txt")));
    reader.lines().forEach(System.out::println);
  }
}

Build and running

How to build:

mvn package -P test-jar

How to run:

java -jar ./target/mvn-test-jar-1.0-SNAPSHOT-shaded.jar

Contact

I hope you find this useful! 😊 Please leave comments or contact me directly if you have any questions:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

Check out more of my posts on my second blog: Geekowojażer.pl

Method 1: Bad

Let’s say you want to copy and change a shell script into a Dockerfile. The solution below won’t work because of the line RUN . /venv/bin/activate. The virtual environment is activated, but it won’t be available in subsequent commands because RUN commands run in separate processes.

FROM alpine:latest

RUN apk add --no-cache python3 py3-pip

# Create and use a virtual environment
RUN python3 -m venv /venv

# This is wrong!
RUN . /venv/bin/activate

COPY . .

RUN pip install -r ./requirements.txt
RUN python main.py

I get build error:

#0 building with "default" instance using docker-container driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 276B done
#1 DONE 0.0s

#2 [internal] load metadata for docker.io/library/alpine:latest
#2 DONE 0.2s

#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [1/7] FROM docker.io/library/alpine:latest@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
#4 resolve docker.io/library/alpine:latest@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b done
#4 DONE 0.0s

#5 [internal] load build context
#5 transferring context: 91B done
#5 DONE 0.0s

#6 [2/7] RUN apk add --no-cache python3 py3-pip
#6 CACHED

#7 [3/7] RUN python3 -m venv /venv
#7 CACHED

#8 [4/7] RUN . /venv/bin/activate
#8 CACHED

#9 [5/7] COPY . .
#9 CACHED

#10 [6/7] RUN pip install -r ./requirements.txt
#10 0.587 error: externally-managed-environment
#10 0.587
#10 0.587 × This environment is externally managed
#10 0.587 ╰─>
#10 0.587     The system-wide python installation should be maintained using the system
#10 0.587     package manager (apk) only.
#10 0.587
#10 0.587     If the package in question is not packaged already (and hence installable via
#10 0.587     "apk add py3-somepackage"), please consider installing it inside a virtual
#10 0.587     environment, e.g.:
#10 0.587
#10 0.587     python3 -m venv /path/to/venv
#10 0.587     . /path/to/venv/bin/activate
#10 0.587     pip install mypackage
#10 0.587
#10 0.587     To exit the virtual environment, run:
#10 0.587
#10 0.587     deactivate
#10 0.587
#10 0.587     The virtual environment is not deleted, and can be re-entered by re-sourcing
#10 0.587     the activate file.
#10 0.587
#10 0.587     To automatically manage virtual environments, consider using pipx (from the
#10 0.587     pipx package).
#10 0.587
#10 0.587 note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
#10 0.587 hint: See PEP 668 for the detailed specification.
#10 ERROR: process "/bin/sh -c pip install -r ./requirements.txt" did not complete successfully: exit code: 1
------
 > [6/7] RUN pip install -r ./requirements.txt:
0.587     deactivate
0.587
0.587     The virtual environment is not deleted, and can be re-entered by re-sourcing
0.587     the activate file.
0.587
0.587     To automatically manage virtual environments, consider using pipx (from the
0.587     pipx package).
0.587
0.587 note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
0.587 hint: See PEP 668 for the detailed specification.
------
Dockerfile:13
--------------------
  11 |     COPY . .
  12 |
  13 | >>> RUN pip install -r ./requirements.txt
  14 |     RUN python main.py
  15 |
--------------------

The system Python environment is triggered when importing dependencies from requirements.txt, not the created /venv/!

Method 2: Ugly

You can directly call /venv/’s Python and pip. It’s a better solution, but it still has caveats. First, you need to do tedious work adding the prefix path. Secondly, when Python triggers a subprocess, it won’t have access to /venv/ dependencies. So, can we do better?

FROM alpine:latest

RUN apk add --no-cache python3 py3-pip

# Create and use a virtual environment
RUN python3 -m venv /venv

COPY . .

RUN /venv/bin/pip install -r ./requirements.txt
RUN /venv/bin/python main.py

Method 3: Good

Yes, we can. The good solution is to add /venv/bin to the system PATH environment variable.

FROM alpine:latest

RUN apk add --no-cache python3 py3-pip

# Create and use a virtual environment
RUN python3 -m venv /venv
ENV PATH="/venv/bin:$PATH"

COPY . .
RUN pip install -r ./requirements.txt
RUN python main.py

As a result, we achieve an elegant solution!

The virtualenv documentation even states that activating the environment is “purely a convenience.”

If you read the code for activate, it does several things:

1. Figures out what shell you’re running.
2. Adds a deactivate function to your shell, which can interfere with pydoc.
3. Changes the shell prompt to include the virtualenv name.
4. Unsets the PYTHONHOME environment variable, if it was set.

5. Sets two environment variables: VIRTUAL_ENV and PATH.

6. From Docker’s perspective, points 1-4 are irrelevant. We only need to take care of VIRTUAL_ENV and PATH, which we can define manually.

Wrap-up

I hope what I wrote is useful :). Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

In this article, we will explore the use of Kaniko and JFrog with GitHub Actions to build and push a Docker image to JFrog Artifactory. This solution addressed issues I encountered while working on a project in my company. I hope it proves useful for you as well.

Prerequisites

You must have:

• GitHub project with Dockerfile
• JFrog Artifactory account with created docker repository

Assumptions

Your artifactory repository is called docker-local and you have created a user with username docker and password(api token) docker-password. Full path is https://artifactory.example.com/artifactory/docker-images and you want to build and push image with name my-image:latest.

Configuration

I use kaniko action to build and push image to JFrog Artifactory.

Example Github action job file:

  name: Build and push Docker image to JFrog Artifactory
  jobs:
  container-test-job:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Kaniko build
        uses: aevea/action-kaniko@master
        with:
          image: docker-images/my-image
          registry: artifactory.example.com
          username: "docker"
          password: "docker-password"
          tag: latest
          path: Dockerfile
      - run: docker images ls

you can alternatively use docker build command:

  name: Build and push Docker image to JFrog Artifactory
  jobs:
  container-test-job:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: docker build
        uses: docker/build-push-action@v5
        with:
          push: false
          tags: my-image:latest
          file: Dockerfile
      - name: Login to DevHub Docker Hub
        uses: docker/login-action@v3
        with:
          registry: "artifactory.example.com"
          username: "docker"
          password: "docker-password"
      - run: docker image ls
      - run: docker tag my-image:latest artifactory.example.com/docker-images/my-image:latest
      - run: docker push artifactory.example.com/docker-images/my-image:latest

Contact

I hope what I wrote is useful :). Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

A few months ago, I came across an interesting tool for process automation. In its functionalities, it is very similar to Zapier, IFTT, or make.com. It’s called N8N.

I base my automations, such as an “AI” assistant or managing Todoist, which I use for task and project management, on n8n. Some processes are still kept on make.com. What sets it apart from make.com is its free self-hosted version. It means that if you have your server, you can install and use it for free. Make can become very costly after exceeding a certain number of operations per month, and there is also a privacy aspect because the data is kept by them.

In the article, I’m going to show how to use docker compose to set up the application for yourself. It will require basic skills in Linux administration and Docker. You can also use any other platform where Docker images will work or a virtual machine.

Screenshot one of my automations

1. Install docker

Follow below links: Ubuntu: https://docs.docker.com/engine/install/ubuntu/ Debian: https://docs.docker.com/engine/install/debian/ other platforms: https://docs.docker.com/engine/install/

2. Create docker-compose.yml file

Create docker-compose.yml file in one of directories. I file in my case is located in /var/lib/n8n/docker-compose.yml

version: '3.1'

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: unless-stopped
    container_name: n8n
    ports:
      - "5678:5678"
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=foo-user
      - N8N_BASIC_AUTH_PASSWORD=very-long-password
      - N8N_HOST=[host IP or domain]
      - N8N_PORT=5678
      - WEBHOOK_URL=[your webhook url]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./n8n:/home/node/.n8n

where: foo-user - is your username
very-long-password - is your password
[host IP or domain] - is your server IP i.e 127.0.0.1 or domain
[your webhook url] - is your webhook url i.e https://n8n.domain.com

3. Configure reverse proxy (nginx)

N8n config file path: /etc/nginx/sites-available/n8n.conf

server {
    server_name [server name];
    location / {
        proxy_pass [server ip with port 5678];
        proxy_http_version 1.1;

        # WebSocket support
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400; # This can be set higher, necessary for WebSocket

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Other settings
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/n8n.cybershu.eu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/n8n.cybershu.eu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = n8n.cybershu.eu) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

I use certbot to generate and manage ssl certificates. You can find more information here: https://certbot.eff.org/instructions

Run docker-compose

docker-compose up -d

Enable n8n proxy service

cd sites-enabled
sudo ln -s ../sites-available/n8n.conf .
ls -l

and restart nginx

sudo systemctl restart nginx

Login to your n8n instance

Go to https://n8n.domain.com and login with your credentials.

Useful links

• https://docs.n8n.io/hosting/
• https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/
• https://community.n8n.io/t/websockets-and-sse-connection-lost/27137/6

Wrap-up

I hope the article at least intrigued you, you learned something new. I

Contact

Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl

I’m starting a new challenge on the blog. I’m reading a great book “System design interview” and I came up with the idea for a series of posts dedicated to system design. A necessary skill for seniors, especially those applying for more important decisions.

I found an interesting page https://www.architecturalkatas.com/kata.html, where you can draw a system that we will design.

I drew:

Hot Diggety Dog!

Local hot dog stand merchant wants a point-of-sale system for his hot dog stand operators

Requirements: must be lightweight in size--laptop is too unwieldy to use efficiently when making hot dogs on the street; allow for discounts; track sales by time and location; send inventory updates to mobile inventory-management staff (who drive to the location with supplies); provide a social-media integration so customers can be notified when a hot dog stand is nearby

Users: fifty or so hot dog stand operators, thousands of customers in the local area (via social-media)

I decided to use Chat-GPT to be my client, who by asking about business requirements will design the details of the system.

I used the following prompt to support the design process:

You are to assume the role of a system design interviewer for a prominent IT company, assessing a candidate's expertise for the role of system architect. Maintain a friendly demeanor while being thorough and detail-oriented. Aim for succinct answers and focus on critical system aspects to gauge the candidate's system design proficiency. Correct any factual or logical errors in the candidate's questions or answers, providing realistic figures when required. Engage in active conversation, asking for specific details and adopting the candidate's language. Answer in user language

Scenario: A local hot dog stand merchant needs a point-of-sale system for their operators.

Requirements:
1. Lightweight and portable, as laptops are too unwieldy for street use
2. Allows for discounts
3. Tracks sales by time and location
4. Sends inventory updates to mobile inventory-management staff
5. Integrates with social media to notify customers of nearby hot dog stands

Users: Around 50 hot dog stand operators and thousands of local customers (via social media)

Your goal is to test the user's system design knowledge and skills.

Temperature: 0.2 Model: GPT-4

Questions

What payment systems should the application support?

The application should process both card and cash payments.

What discount management features should the system include? Does this include rules for individual customers, specials, discount codes? Can the point add its own promotions?

Yes, the system should allow for managing different types of discounts. Here are some features that might be useful:

1. Ability to create discount codes that customers can enter during payment.
2. Ability to set time-based discounts, for example, on certain days of the week or hours.
3. Ability to set discounts on specific products.
4. Ability to set discount rules for individual customers, for example, based on the frequency of their purchases.

Yes, point of sale operators should be able to add their own promotions.

How can a user place an order online?

Online orders can be made through a dedicated mobile app. The user should be able to browse the menu, choose products, add them to the cart, enter discount codes, and make payments. After placing an order, the user should receive an order confirmation and an estimated waiting time.

How many customers and orders can we expect in a day? How many orders can there be in peak hours?

The number of customers and orders can vary significantly depending on the location, day of the week, and time of day. For a small local business, such as a hot dog stand, we can assume that they can serve about 100-200 customers per day on average.

During peak hours, for example at lunchtime or during local events, this number can increase to 30 orders per hour from a single point.

Should the operator be constantly connected to the internet?

Ideally, the operator should always have access to the Internet - this would allow for real-time data transmission, conveying information about sales and inventory status, thus contributing to efficient process management. However, such a solution is not always possible, especially if the operator works in places with poor network coverage.

Therefore, it would be beneficial if the system could also operate offline, and as soon as an Internet connection is available, it would automatically synchronize, sending the data stored on the device.

When should sales and inventory reports be generated? What are the analytical needs? Do we need to process them in real time or is it enough to perform a batch at a certain time?

This is an excellent question. Depending on business needs, reports can be generated and processed in real time or at specific intervals.

For daily operations, such as tracking sales and inventory status, batch processing every few hours or at the end of the day would probably suffice. This would allow for ongoing monitoring of the situation and decision-making based on the latest data.

On the other hand, for more strategic decisions, such as order planning or sales trend analysis, we might need reports generated in real time. This would allow us to quickly respond to market changes and optimize our operations.

What exactly should we track and record about sales in real time in terms of time and location?

The system should track and record the following data:

1. Sales time: The exact date and time when the transaction was made. This will allow for the analysis of sales patterns and identification of peak sales periods.

2. Sales location: The exact location where the transaction was made. This will allow for the identification of the most profitable locations.

3. Transaction details: What products were sold, their quantity, the price of each product, whether any discounts were applied, etc.

This data should be available in real time for point-of-sale operators and management staff.

Is there a preferred inventory management system for integration with the POS system?

Yes, the point should have access to the inventory management system.

How would point operators use the inventory management system?

Operators could scan product barcodes using the built-in camera on their device to update inventory quantities after each sale. The system should also send notifications to operators when the inventory level reaches a critical point so they can place orders in time.

We could also integrate the system with a similar POS system to automatically update inventory based on sales.

What if the operator didn’t have time to update the inventory status and immediately proceeded with order fulfillment? Operators usually work under difficult conditions, they have to improvise.

This is an important point to consider. In an ideal scenario, the POS system would be designed to automatically update the inventory status after each sales transaction. This would minimize the need for the operator to manually update the inventory status. However, I understand that in reality there may be situations that prevent direct and automatic updates.

In such a case, the system should be designed to allow operators to manually update inventory status at any time. It should be accessible on mobile devices, so that operators can easily update stock levels whenever they find the time. Additionally, we should anticipate a notification system that would remind operators of the need to update inventory status if the system notices that there has been no update for a certain period of time, especially if orders were being fulfilled despite shortages in inventory.

Features such as low stock level notifications, product demand forecasts, and order recommendations can also help operators manage inventory effectively despite challenging working conditions.

It is important that the system is intuitive and easy to use, even for people who do not have much experience with technology. Operators should also be trained in how to use the system so that they can make the most of its features.

What are the expectations regarding system availability? Does the system need to be available 24/7, or are downtime periods for maintenance, etc., acceptable?

For a point of sale system, like the one we are discussing, high availability is expected. Hot dog stands may operate at different hours, and some may even operate 24/7. Therefore, it is important that the system is available whenever operators need it.

Does the system need to be real time? What is the tolerance for delay when placing an order?

Yes, the point of sale system should be able to process transactions in near real time. When a customer places an order, they expect immediate confirmation that the order has been accepted and is being processed.

As for tolerance for delays, ideally, the system's response time should be as short as possible, usually below a few seconds. Longer delays can lead to customer frustration and can affect the performance of the stand operators.

Is there a specific platform - smartphone, website, POS terminal for stand operators?

For hot dog stand operators, the most practical solution would be to use a mobile application on smartphones or tablets. This way, operators could easily conduct transactions, track sales, and manage inventory directly from their stand.

Are there any security or privacy requirements in mind, for example, in relation to storing customer and transaction data?

Yes, security and privacy are key aspects in any system that stores customer and transaction data. The system should comply with privacy regulations, such as GDPR in Europe.

In relation to transaction data, the system should comply with PCI DSS (Payment Card Industry Data Security Standard), which is a security standard for organizations that handle card payments.

Some of the requirements include:

1. Data encryption: All data, including personal data and transaction data, should be encrypted during transmission and storage.
2. Authorization and authentication: Only authorized individuals should have access to system data.
3. Regular security audits: The system should be regularly checked for potential security gaps.

**How often and when should the user receive notifications so that they are not annoying?**

This is a very important question. Too frequent notifications can be annoying for users and lead to them starting to ignore notifications or even stop following the stand on social media.

One approach could be to send notifications only when the user is within a certain radius of the stand and only during the hours when the stand is open. Users could also be given the option to customize notification settings, for example, allowing them to choose how often they want to receive notifications.

Additionally, it's worth remembering that not all notifications have to be location-related. For example, you can send notifications about special promotions, new products, etc.

What kind of notifications about nearby points do users receive? Push notifications from the app, a message from a chatbot, push notifications from FB & Twitter apps, a post on FB & Twitter newsfeed?

For this particular scenario, push notifications from the app may prove to be the most effective. These notifications can be sent directly to users' smartphones when they are near a hot dog stand. These notifications can contain information about the location of the stand, available products, special promotions, etc. When designing and implementing this geolocation-based functionality, GDPR/RODO compliance should be kept in mind.

Additionally, customers can subscribe to our social media to receive geo-fence notifications about the nearest points or updates on location changes of the points.

When does the customer pay for the order?

The customer always pays in advance when placing the order. For orders placed through the app, they pay using a payment gateway.

Project Requirements

🤖🔧 Functional

• the point operator’s application must work in both online and offline mode
• payments are made in cash, by credit card, or through a gateway
• the user can receive notifications about location changes of operators in a specific region e.g. district, city.
• the operator should be able to update the inventory status by manually adding products.
• the operator must accept the order upon receipt. They also receive information about the current inventory status and whether they can fulfill it.
• the user can view the nearest operator points in the app.
• both the company and the operator can define a wide range of promotions such as combined products e.g. hot-dog + cola - 20% cheaper, discounts, promotional codes.

📈 Non-functional

• We will not store customers’ credit card data. We will use payment terminals and payment processors like Stripe/PayU/PayPal
• scalability - the system should adapt to the changing number of orders throughout the day
• low latency - the customer expects quick confirmation and execution of the order
• persistence - every change in order status should be recorded in the database, especially important in the case of payments.
• reliability - the system should be available and reliable. The operator should be able to use the system, even if they do not have internet access.
• secure - customer, operator, and transaction data must be protected, the system should comply with GDPR/RODO standards.

🧮 Back of the envelope estimations

• 50 service points
• an average of 100 customers from each point, which comes out to 5000 transactions per day (3.5 transactions per minute).
• During peak hours we have about 50*40=2000 orders per hour (0.5 transactions per second).

According to the calculations, we are dealing with a small system. I would design it in a modular monolith architecture to reduce production and maintenance costs. If the business scaled up significantly, to hundreds of transactions per second, microservices could be separated for key modules of the critical path.

🏗️ Proposed architecture

System components:

• API gateway: - it is a window to the backend world, intermediates in connections between mobile/web applications and the rest of the system. It performs several functions: connection authentication, provides connection metrics, aggregates APIs from all system services.
• Inventory - responsible for storing and updating the inventory status of data points. Operators update the inventory status using requests.
• Notifications system - based on the entered locations of current and future operators, geolocation notifications for customers are sent via social media, entries are added to social media with updated locations e.g. “today in AK park from 9 am a HotDog is waiting for you. Only today from 11:15 to 13 a 30% discount on the set with the code ‘AK_HOT’ when purchasing through the application”
• CRM - manages user data: registration, change of personal data,
• Transactions - updates the transaction status based on online payments, card or cash. The transaction must be completed correctly for the order to be directed to the chef for preparation.
• Orders - orchestrates the order, checks the inventory status whether the order can be executed. The order placed through the mobile application must be accepted by the operator.
• Operators - manages current operator data e.g. location, opening hours, menu.

External integrations:

• Social media - social media platforms like FB, X
• Payment processor: - payment processing system like Paypal, PayU, GooglePay. It’s a generic name for a few integrations. One processor should be used to handle many cashless payment methods.
• SMS provider: - SMS provider, a system that can send short messages to operators and customers. It should be able to receive SMS-es from providers and forward their answers to the backend. It’s an important part of offline mode.
• Email provider: - an external system for sending emails to operators and customers. It can be used for transactional and marketing emails. I decided to make it an external integration to ensure reliable email deliverability.

Connecting the operator and customer applications with the backend

For communication of the operator and customer applications with the backend, I would use WebSockets. Information about new orders, changes in order statuses or operations would be handled in this way. This would give a great benefit in the form of information about the current state of the mobile connection at the seller.

Part of the client application queries may look like this:

The client has placed an order. Sends one request per second to check if the order is ready.
0 second: Is the food ready? (Client)
0 second: No, please wait. (Server)
1st second: Is the food ready? (Client)
1st second: No, please wait. (Server)
2nd second: Is the food ready? (Client)
2nd second: No, please wait. (Server)
3th second: Is the food ready? (Client)
3th second: Yes, here is your order. (Server)

For communication, you can also use HTTP pooling or HTTP long pooling, but this is a more resource-demanding solution e.g. websockets.

If the operator is online (heartbeat positive in the last few minutes) and has auto-confirmation enabled plus the inventory status is consistent (according to the inventory and the update was within e.g. 1h), the order is automatically confirmed.

If a customer has placed an order for e.g. a hot dog in a gluten-free bun and there is no such bun in stock, they should be offered a hot dog in a different bun. The system should use alternative products to ensure sales instead of abandoning the customer.

Offline mode

Offline mode is a very important functionality from the point of view of operators and customers. The operator should be able to continue operations in case of loss of stable internet access. In the meantime, he can make sales, handle orders from the application.

The backend should be “aware” of the connection status with the operator’s mobile application. This can be achieved by using a constant websocket channel with the mobile application. During the connection with the server, the channel is maintained by the application. The last connection status (timestamp, connection data, whether it’s LTE, GPRS, transfer speed) can be stored in the Redis database. If the last connection was, for example, 5 minutes ago, the operator is marked as offline and sales through client applications must operate differently.

Operator’s Offline Mode

When designing the application, we assume that it must work in offline mode. The operator should be able to continue operations in case of loss of stable internet access. In the meantime, they can make sales, handle orders from the application. To achieve this, we need to save in memory the history of events such as new orders, goods deliveries, payments, etc. If the operator is offline, the application should save events in the device’s memory. When the operator returns to the network range, the application should synchronize events with the server. There are various approaches to designing offline mode. One of them is using a database for offline mode e.g. Firebase/Realm, PouchDB, which would automatically synchronize differences after regaining a stable connection. I decided not to recommend this solution due to the coupling of the mobile application with the database schema. Any change in the database e.g. adding new fields in the order table would require updating all user applications, which can take weeks. We lose agility and speed in delivering new features. I decided on a solution where the mobile application has something like an event store, to which events are saved. These events then need to be synchronized with the backend.

Offline Order Flow

My proposal for handling orders through the client application when the operator is offline, assuming that they are within the range of the telephone network and can receive/send SMS messages.

The customer orders online, if there was no recent connection via websocket with the operator, it sends them an SMS with a request for confirmation by sending a return SMS plus a QR code with order data (user id, order id, transaction id, order json) necessarily heavily compressed.

1. The customer places an order through the application/web.
2. The order service checks whether the operator is online/offline, using the saved connection status in Redis.
3. An SMS/MMS is sent to the operator with information about the order, e.g. order id, what is included in the order, who ordered, etc. The application, using permissions, can parse such an SMS and update the status in the application.
4. The operator can call/send an SMS with confirmation/rejection of the order.
5. Thanks to the use of the SMS provider’s API, the backend receives the operator’s response.
6. The customer receives confirmation/rejection of the order. If the time for the seller’s response has passed, the customer should be informed about it. Additionally, the customer will not have up-to-date information about the order, so they may receive a message that they simply have to go to the sales point now if it can be realized.
7. The customer shows the QR code of the order. It is read by the reader and is validated in the seller’s application.

C4 Container system diagram

You can find example C4 diagram of Hot Dog System below.

Wrap-up

I think I touched on the system design quite superficially. It could be further expanded with additional levels of the C4 diagram, or attempt event storming to separate business domains. In case the system was to be developed, it would be worth doing so.

I hope the article at least intrigued you, you learned something new. If you have any comments, let me know in the comment. If you want me to write about a specific topic, also let me know. Until next time!

Contact

I hope what I wrote is useful :). Please leave any comments to let me know. If you have any questions, please feel free to contact me directly on:

• Twitter: https://twitter.com/MichalMzr
• LinkedIn: https://www.linkedin.com/in/michmzr/

You can also find my posts on my second blog Geekowojażer.pl