Hi everyone! We've just released Chrome Stable 111 (111.0.5563.72) for iOS; it'll become available on App Store in the next few hours.
This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Harry Souders
Google Chrome
Hi everyone! We've just released Chrome Stable 111 (111.0.5563.72) for iOS; it'll become available on App Store in the next few hours.
This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Harry Souders
Google Chrome
Posted by Mario Tapia, Product Marketing Manager, Google Workspace
In today's fast-paced and ever-changing world, it is more important than ever for developers to be able to work quickly and efficiently. With so many different tools and applications available, it can be difficult to know which ones will help you be the most productive. In this blog post, we will discuss five different DevOps application integrations for Google Chat that can help you improve your workflows and be more productive as a developer.
PagerDuty helps automate, orchestrate, and accelerate responses to unplanned work across an organization. PagerDuty for Google Chat empowers developers, DevOps, IT operations, and business leaders to prevent and resolve business-impacting incidents for an exceptional customer experience—all from Google Chat. With PagerDuty for Google Chat, get notifications, see and share details with link previews, and act by creating or updating incidents.
Asana helps you manage projects, focus on what’s important, and organize work in one place for seamless collaboration. With Asana for Google Chat, you can easily create tasks, get notifications, update tasks, assign them to the right people, and track your progress.
Jira makes it easy to manage your issues and bugs. With Jira for Google Chat, you can receive notifications, easily create issues, assign them to the right people, and track your progress while keeping everyone in the loop.
Jenkins allows you to automate your builds and deployments. With Jenkins for Google Chat, development and operations teams can connect into their Jenkins pipeline and stay up to date by receiving software build notifications or trigger a build directly in Google Chat.
GitHub lets you manage your code and collaborate with your team. Integrations like GitHub for Google Chat make the entire development process fit easily into a developer’s workflow. With GitHub, teams can quickly push new commits, make pull requests, do code reviews, and provide real-time feedback that improves the quality of their code—all from Google Chat.
These are just a few of the many different application integrations that can help you be more productive as a developer, check out the Google Workspace Marketplace for more integrations you or the team might already be using. By using the right tools and applications, you can easily stay connected with your team, manage your tasks and projects, and automate your builds and deployments.
To keep track of all the latest announcements and developer updates for Google Workspace please subscribe to our monthly newsletter or follow us @workspacedevs.
Rebecca Gutteride and Madona Wambua, Co-Hosts of #TheAndroidShow
One of the coolest moments for hardware enthusiasts was last week at Mobile World Congress, where Android device makers from around the world gather to unveil the latest innovations. It was an especially big year for foldables in particular, with a number of compelling devices coming out. We had the opportunity to catch up with three Android partners and see their latest hardware: the Oppo Find N2 Flip, the HONOR Magic Vs, and the Tecno Phantom V Fold. These launches bring new, high-quality devices into the foldable category, giving users more options as they look for their next mobile device and signaling an investment in foldables across the Android ecosystem. For developers, foldables can present unique opportunities (and challenges); large screen devices like foldables and tablets can challenge assumptions that you might have made in the past around configuration changes, cameras, and the shape and size of the screen - or screens. On devices with more screen real estate and folds, users are expecting better multi-tasking and more content-rich app experiences that adapt to these form factors.
As this category continues to expand, we want to make large screen optimization as easy as possible for you. We’ve established tiered quality guidelines to help prioritize which behaviors are the most important to focus on across screen sizes and, late last year, we announced new guidance and updated tools to help you update your app to meet those guidelines. To make it easier to quickly test apps on a variety of representative devices, we have a growing collection of resizable, foldable, tablet and desktop emulators, and updated Material adaptive design guidance for these devices with more specific Canonical Layout designs!
To get started, check out the gallery page to get inspired with high fidelity mockups, links to material design guidance, implementation guides, and case studies from apps like yours. Then, test your app for large screens using the resizable emulator in Android Studio to see how your app looks today!
Our latest MAD skills series deep-dives into Compose layouts and modifiers. The initial episodes cover layout fundamentals including what out-of-the-box APIs Compose offers, how you can use modifiers to stylize your composables, and the different phases in Compose. We then dive deeper into modifier chaining and building custom layouts for complex use cases. The series culminates in a live Q&A–happening right now, where we'll be answering the questions you've been asking us using #AskAndroid. You can view the YouTube playlist to rewatch the videos in the series.
The Android Developer community is at the heart of everything we do and at the core of this is our Android Google Developer Experts. Spanning all over the world, the community comes together to share best practices through speaking, open-source contributions, workshops, and articles, and gets involved in early access Android releases - providing valuable feedback to make improvements for developers everywhere! Tune in to #TheAndroidShow to hear from six GDEs about their journey as an Android Developer and Google Developer Expert and what this role means to them.
In 2022 we released Android Studio’s App Quality Insights (AQI) which helps you discover, investigate, and reproduce issues reported by Crashlytics within the context of your local Android Studio project. In this segment we go behind the scenes with David Motsonashvili, a Software Engineer on the Firebase team, to learn more about where the idea came from. We also explore how crash management has evolved throughout the years with Annyce Davis, VP of Engineering at Meetup and GDE. Tune into #TheAndroidShow to watch the segment, read the AQI documentation to learn more, and download the latest version of Android Studio to try it out.
Now in Android is your ongoing guide to what’s new and notable in the world of Android development, and this week we covered the second Android 14 Developer Preview, Google Play policy changes around Wear OS app quality, the release of the full Android Basics with Compose course, Advanced Compose Layout Concepts, Drawing in Compose, Multi-Window and Activity Embedding, TensorFlow Lite in Google Play Services, and more.
#TheAndroidShow is your conversation with the Android developer community, this time hosted by Rebecca Gutteridge and Madona Wambua. Tweet us your questions, and let us know what you’d like to hear in future videos from the Android team. It’s all happening right now – and you can rewatch it at any time!
As application developers, we achieve amazing results quickly by leveraging a rich ecosystem of freely available libraries, modules and frameworks that provide ready-to-use capabilities and abstract away from underlying complexity. This is so foundational to how we work that we'll nonchalantly build and publish an app that pulls in hundreds of dependencies without even thinking about it. And it's only fairly recently, in the wake of some very high profile and high impact compromises, that we've started to reckon with the fact that this wonderful ecosystem is also a security quagmire. All of the dependencies that feed into your build make up your software supply chain, and supply chains need to be secured. In this post, we'll show how an increasingly popular open source CI/CD system, Tekton, implements the OpenSSF SLSA framework to provide you with supply chain security guarantees.
A software supply chain is anything that goes into or affects your code from development, through your CI/CD pipeline, until it gets deployed into production. Increasingly, the software supply chain has become a vector for attacks. The recent Log4j, SolarWinds, Kaseya, and Codecov hacks highlight vulnerable surface areas exposed by an insecure software supply chain.
Between 2020 and 2021, there has been a 650% Surge in OSS supply chain attacks, and Gartner projects that 45% of organizations worldwide will have experienced software supply chain attacks by 2025.
The Supply chain Levels for Software Artifacts (SLSA) framework is a check-list of controls to prevent tampering, improve integrity, and increase security in the packages and infrastructure used by projects, businesses or enterprises. SLSA formalizes criteria around software supply chain integrity to help the industry and open source ecosystem secure the software development life cycle at all stages.
As part of the framework, SLSA has multiple levels of assurances. These levels contain industry-recognized best practices to create four levels of increasing assurance.
 |
SLSA provides a set of requirements that needs to be met for an artifact to be considered for a particular SLSA level.
Tekton is a powerful and flexible, open source, cloud-native framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems. Tekton consists of several subprojects which are relevant to SLSA:
Tekton build processes are defined as tasks and pipelines. A Task is a collection of Steps that are defined and arranged in a specific order of execution as part of a continuous integration flow.
A Pipeline is a collection of Tasks defined and arranged in a specific order of execution as part of a continuous integration flow.
A TaskRun is an instantiation of a Task with specific inputs, outputs and execution parameters while a PipelineRun is an instantiation of a Pipeline.
A Task/Pipeline can define a set of Results. TaskRuns and PipelineRuns create Results as defined in the Task/Pipeline. Results are used to communicate to Tekton Chains run specifics like the uri and the digest of the built artifact.
Tasks, Pipelines, TaskRuns and PipelineRuns are defined through yaml files. The entire build is defined by the set of yaml files which define Tekton Tasks, Pipelines, TaskRuns and PipelineRuns. These yaml files can be checked in as code and run directly from the code repository.
For an artifact to be SLSA L1 compliant it should satisfy the following:
Tekton Tasks, TaskRuns, Pipelines and PipelineRuns are specified in yaml files. These yaml files can be considered as scripts and can even be checked in into a code repository. These could also be run from code repositories. Tekton Chains provides a way to generate provenance in in-toto SLSA format. As such, Tekton can easily make builds which satisfy the SLSA L1 requirements.
Let's follow through with an example, which has the following files:
 |
Tekton Chains observes TaskRuns and PipelineRuns in a Kubernetes cluster. Once the runs are done, Chains collects information (provenance) about the Run or the build process and the artifact created by the Run. It signs the provenance and stores the signed provenance. The provenance generated for the example build complies to the SLSA provenance schema and is explained further below.
Note that every step of the build has been recorded and can be reconstructed by following the steps in the provenance.
SLSA requires that for a build to be SLSA L2 compliant it should satisfy the following
Every change to the source is tracked in a version control system
Tekton does not explicitly enforce that the source is version controlled. Tekton users can enforce that the source is version controlled by writing an appropriate Task which will check for version control. The source should also be communicated by Tekton Pipelines to Tekton Chains through a result variable that is suffixed with -ARTIFACT_INPUTS.
All build steps were fully defined in some sort of “build script”. The only manual command, if any, was to invoke the build script.
This is a requirement for SLSA L1 as well and as explained above, Tekton provides a way to script the build through yaml files. The build is defined as a Pipeline (or Task) which can be saved as a yaml file and submitted into source control. The build instance which is defined as a PipelineRun (or TaskRun) can resolve the Pipeline (or Task) yaml from source control and use it for the current instance of the build.
All build steps ran using some build service, not on a developer’s workstation.
Tekton can be hosted on a cloud provider or on a hosted Kubernetes cluster and run as a build service. The build scripts can be submitted into source control (like GitHub) and Tekton can read the scripts directly from source control.
Provenance should be available
This is a requirement for SLSA L1 and as explained above Tekton Chains provides build provenance.
Provenance should be signed and Authenticated
As can be seen in the example, Tekton Chains creates and signs the build provenance. The signature can be verified anytime to ensure that the provenance has not been tampered after the build and the provenance is really created by the build process that claims to have built it. The signing is done according to the SLSA specification using the DSSE format.
Tekton Chains creates the provenance and signs it using a secure private key. Chains then uploads the signed provenance to a user-specified location, one of which is Google Cloud’s Container Analysis, which implements the open standard Grafeas API for storing provenance.
 |
Provenance should be generated by a Service
Note that the provenance in the example is generated by the Tekton Chains service and it cannot be modified after it has been generated, which is guaranteed by the signature.
All images below are extracted from the provenance of the example build. These can be verified by re-running the example.
 |
 |
 |
 |
SLSA aims to secure the software supply chain by providing guidelines on how the software build should be done. Tekton pipelines and Tekton chains implement those guidelines and help in securing the software supply chain.
By Prakash Jagatheesan (team: TektonCD), Brandon Lum (team: GOSST)
Posted by Yasmine Evjen, Community lead, Android DevRel
The community of Android developers is at the heart of everything we do. Seeing the community come together to build new things, encourage each other, and share their knowledge encourages us to keep pushing the limits of Android.
At the core of this is our Android Google Developer Experts, a global community that comes together to share best practices through speaking, open-source contributions, workshops, and articles. This is a caring community that mentors, supports each other, and isn’t afraid to get their hands dirty with early access Android releases, providing feedback to make it the best release for developers across the globe.
We asked, “What do you love most about being in the #AndroidDev and Google Developer Expert community?”
Gema Socorro,”I love helping other devs in their Android journey,” and Jaewoog Eum shares the joy of “Learning, building, and sharing innovative Android technologies for everyone.”
We also sat down with Ahmed Tikiwa, Annyce Davis, Dinorah Tovar, Harun Wangereka, Madona S Wambua, and Zarah Dominguez - to hear about their journey as an Android Developer and GDE and what this role means to them - watch them on The Android Show below.
Annyce, VP Engineer Meetup shares, “the community is a great sounding board to solve problems, and helps me stay technical and keep learning”
Does the community inspire you? Get involved by speaking at your local developer conferences, sharing your latest Android projects, and not being afraid to experiment with new technology. This year, we’re spotlighting community projects! Tag us in your blogs, videos, tips, and tricks to be featured in the latest #AndroidSpotlight.
Active in the #AndroidDev community? Become an Android Google Developer Expert.
 |
.png)
Google for Startups Black Founders Fund recipients in Europe share application tips and program benefits.
Posted by Leticia Lago, Developer Marketing
This International Women’s Day, we’re dedicating our latest #WeArePlay stories to the inspirational women founders creating apps and games businesses on Google Play. Like Ania from Victoria in Canada, who is making mental health support more accessible worldwide.
When Ania was a student, she started experiencing debilitating panic attacks. Realizing there wasn’t much help readily available on mobile, she took it upon herself to do her own research and learn how to manage her anxiety. After feeling more confident again, she wanted to share what she had learned and help people, so began developing Rootd.
The app provides in-the-moment relief: with lessons to understand panic attacks, breathing exercises, and ways to make short-term and long-term changes to reduce anxiety. She is growing the app’s reach by expanding to different countries, with the hope it will eventually become one of the most widely used tools to overcome panic attacks in the world.
Alongside Ania, there are many other women founders doing incredible work in the apps and games space: like Bria from USA - founder of Honey B Games and creator of bubble tea game Boba Story, Lauren and Christina from Australia - co-founders of Lumi Interactive and their wellbeing app Kinder World: Cozy Plants, and Jelena from Montenegro - CEO of games studio 3Hills.
Check out their stories now at g.co/play/weareplay.
How useful did you find this blog post?
