Target audience: Experienced developers who want to go beyond the basics and use AI tools as a real productivity lever - not as a gimmick, but as an integral part of their daily development workflow.

Description: Many developers have had their first experiences with ChatGPT, Claude, or Gemini and are wondering how to effectively integrate these tools into their development process. Or they are already using GitHub Copilot - but often they are only tapping into a fraction of its potential. This intensive course goes far beyond “press Tab and hope”: you will learn how to use AI assistants like GitHub Copilot, Claude Code, and Cursor methodically and purposefully. We show you why many teams fail with AI tools and how you can do better.

What sets this course apart from others: We do not work with contrived examples or theoretical scenarios, but develop live on a real project - with real prompts, real challenges, and real results. Every technique presented is immediately demonstrated and validated. While other courses merely hint at AI advantages, here you experience in real time what works, what doesn’t - and above all why.

The workshop covers the entire development cycle: from the design phase with architecture diagrams through implementation to testing, code reviews, and CI/CD as well as the final deployment. You will learn how to make your codebase “AI-ready”, which prompt engineering techniques actually work, and how to deal with the limitations of LLMs - hallucinations, confirmation bias, and the notorious “70% problem”, where AI gets you almost to the finish line but the last steps remain in your hands.

Special focus is on the latest developments: custom instructions, prompt files, skills, agent-based workflows, and the MCP protocol - techniques that are currently changing how teams work with AI assistants. You will learn not only what these features can do, but when and how to use them effectively.

You will leave the workshop with a battle-tested toolkit that you don’t just know about, but have seen live in action - and that you can put to use the very next day. Whether you prefer GitHub Copilot, Claude Code, or another solution - this course teaches tool-agnostic techniques and prepares you for the future of software development.

Learning objectives: After this workshop, you will use AI assistants not randomly, but deliberately and efficiently. You will understand the strengths and limitations of current models, be able to prepare your codebase for optimal AI support, and know which technique is right for which task. The result: noticeably higher productivity while maintaining code quality and architectural control.

Prerequisites: Several years of programming experience in at least one programming language. GitHub Copilot or a comparable tool is pre-installed, and VS Code is available as an IDE. Prior experience with AI assistants is helpful but not strictly required.

Day 1: Fundamentals and Workflow Integration

1. Introduction: AI-Assisted Development

• Current state of AI in software development
• The role of AI: assistance, not replacement
• Why companies fail with AI tools
• What are the strengths and weaknesses of AI tools?
• The “70% problem”: AI gets you 70% of the way
• Motivation: from AI slop to AI enablement

2. Governance, Data Privacy, and Security

• Source code as a sensitive asset
• Security-first mindset for AI-generated code
• European solutions
• Self-hosting open-weight models: possibilities and challenges
• Licensing and data privacy, GDPR compliance
• EU AI Act - implications for development and businesses
• Practical guide: data privacy and security checklist for AI tools

3. Market Overview of Coding Tools & Models

• Overview of popular tools (GitHub Copilot, Claude Code, Cursor, etc.)
• The agony of choice: which model should I use?
• Market overview: relevant models by use case
• Typical usage examples
• Supported languages and frameworks
• Hands-on exercise: create a typical website with different tools & compare

4. Using Copilot Effectively in VS Code

• Configuration options, settings
• Shortcuts: slash commands, chat participants, and context variables
• Difference: inline completion, block completion, and chat
• Hands-on exercise: implement “empty” methods with the help of GitHub Copilot

5. Context Engineering: Steering AI Through Context Building and Modes

• Context: what information is used? How can I influence this deliberately?
• Building context: comments as a steering instrument
• Inline suggestions vs. chat interface
• Ask vs. Edit vs. Plan vs. Agent: which mode when and for what
• Iteration and refinement of suggestions
• Agent mode: holistic support (file system, terminal, screenshots, …)
• Hands-on exercise: create a new workspace with a Hello World REST API (endpoint: /hello-world)

---

Day 2: Introducing a Methodology for Consistently Good Results

6. Beyond Prompt Engineering: A Case for a Paradigm Shift

• From trial & error to methodology: why “press Tab and hope” is not enough
• Introducing a methodology
• Brainstorming & requirements with Copilot
• Text as a universal interface, demonstrated with Mermaid JS diagrams
• Plan mode: designing and executing step-by-step implementation plans
• Tests as an integral part of development with AI support
• Generating unit and integration tests
• Generating test data with Copilot
• Hands-on exercise: discussion on implementing a Todo REST API
• Hands-on exercise: creating a README and endpoint documentation for the Todo REST API
• Hands-on exercise: creating architecture and design diagrams for the Todo REST API
• Hands-on exercise: creating and implementing a plan for a Todo REST API
• Hands-on exercise: unit and integration tests for the REST API, plus generating test data with Copilot and integrating them into the test suite
• Hands-on exercise: adding more functionality while creating tests and updating/extending the documentation
• Hands-on exercise: creating a CI/CD pipeline with Copilot to automatically run tests and automate releases/deployments

7. Prompt Engineering for Developers

• Efficient prompt design & techniques for improving suggestion quality (e.g., more precise prompts, code structuring)
• Iteratively improving prompts
• Zero-shot & multi-shot prompting
• Prompt chaining and chain-of-thought prompting
• Generated-knowledge prompting
• System, user, agent: “Copilot roles” and the persona pattern
• Prompt optimization: progressively improving prompts to increase suggestion quality
• AI makes mistakes too: examples of errors and solution approaches
• Recognizing and avoiding hallucinations
• Recognizing and avoiding sycophancy / confirmation bias
• Hands-on exercise: iteratively improving prompts for implementing a new API endpoint

---

Day 3: Advanced Techniques and Enterprise Adoption

8. LLM Fundamentals for Developers

• Fundamentals: tokens, context, probabilities
• Understanding input and output limits
• Strategies for working around context limits
• Cost-conscious usage: dealing with rate limits, premium requests, etc.

9. Prompt Customization & Advanced Techniques

• Using custom instructions effectively
• Prompt files: reusing prompts as “functions”
• Agent skills: creating and using specialized capabilities
• Custom agents: creating custom “chat modes” and tool orchestration
• Hands-on exercise: creating prompt customization files with the help of AI
• Hands-on exercise: validating, debugging, and optimizing prompt customization files with the help of AI

10. AI-Friendly Codebase

• Prerequisites for an AI-friendly codebase
• Clean code principles as an AI enabler
• Documentation as a context source
• README, Architecture Decision Records (ADRs)
• Tests as specification
• Type system and clear APIs
• Anti-patterns: what hinders AI
• What makes an “AI-friendly” codebase?

11. The MCP Protocol

• How does MCP work?
• MCP architecture
• Server primitives
• Client primitives
• What can MCP be used for?
• Which MCP servers exist? Where can I find them?
• Developing custom MCP servers

Target audience: Experienced software developers and architects who want to modernize legacy applications or migrate them to a modern architecture.

Description: A three-day workshop that teaches strategies, techniques, and best practices for migrating legacy applications using AI-assisted tools like GitHub Copilot. At the same time, the workshop conveys proven strategies and techniques for migrating legacy systems that can be applied with or without AI support. The fundamental question of whether pure modernization through refactoring is sufficient or whether a complete rewrite might be more sensible is explicitly addressed and re-evaluated in the context of AI assistance.

As a common thread, an exemplary legacy system is analyzed and then modernized and migrated to a modern architecture. Various migration strategies are covered, including the Strangler Fig Pattern, modularization of a monolithic application (“Modulith”), and splitting into microservices. For corporate training, specific legacy systems and architectures can be used as practical examples upon request, including NDA-protected systems. As a participant, you will learn how to effectively use AI-assisted tools to accelerate the migration process, reduce errors, and improve code quality.

Migrations span various areas, including backend, frontend, databases, infrastructure, and documentation. We cover a wide range of use cases and migration scenarios to give participants a broad spectrum of applications in each of these areas.

Demo legacy system: A simple legacy system called “Acme Invoice Manager” is used as a demo system to practically demonstrate the migration strategies and techniques.

This system includes:

• a monolithic backend application based on Java Servlets with traditional three-tier architecture
• an outdated frontend with server-side rendering of JSP templates and minimal interactivity based on jQuery
• a relational database with cryptic table names and poor design, queries are executed directly in the code
• a simple infrastructure with manually managed servers and deployments
• inadequate documentation consisting mainly of Word documents and code comments

The target system should have the following properties:

• Modularized API backend application based on FastAPI (Python)
• Modern, reactive frontend based on React and Tailwind CSS
• Well-designed relational database (PostgreSQL) with clear tables in normal form and use of an ORM (SQLAlchemy)
• Containerized infrastructure with Docker, automated CI/CD pipeline via GitHub Actions
• Comprehensive documentation in Markdown plus inline documentation in the code

Possible migration examples for corporate training A small selection of possible migration examples:

Backend:

• WordPress website -> Astro (Static Site Generator)
• Spring JSF with XML configuration -> Spring Boot with annotations

Frontend:

• Desktop with Swing UI -> web application
• HTML, JS & jQuery and CSS spaghetti -> React with TypeScript and Tailwind

Mobile:

• Android / iOS -> React Native
• Android -> Jetpack Compose
• Android Java -> Android Kotlin

Databases:

• Oracle/DB2 -> Postgres
• MySQL -> Postgres
• MySQL -> MariaDB

Infrastructure:

• Jenkins -> GitLab CI
• Apache & Tomcat -> Docker/Kubernetes with Traefik or nginx
• SVN -> Git

Documentation:

• Word, PDF, PowerPoint -> Markdown
• Visio, yEd, draw.io -> Markdown
• Visio -> Mermaid

Prerequisites: GitHub Copilot is installed and configured, VS Code is available as an IDE. Docker is installed and configured. The demo legacy application is provided via Docker - basic knowledge of Docker is helpful but not strictly required. Familiarity with GitHub Copilot as well as at least one programming language and basic software architecture is expected. Experience with legacy systems is an advantage but not strictly necessary.

Day 1: Fundamentals & Analysis of Legacy Systems

1. Overview of Legacy Migration & Essential Literature

• What is legacy code? Definition and typical characteristics
• Essential literature: Michael Feathers’ “Working Effectively with Legacy Code”, Martin Fowler’s “Refactoring”, Domain-Driven Design by Eric Evans, and others
• Rewrite vs. refactoring: decision criteria and trade-offs
• When does a complete rewrite make sense?
• How does AI assistance change this decision?

2. Migration Strategies Overview

• Big Bang vs. incremental migration
• Strangler Fig Pattern in practice
• Modularization of a monolithic application (“Modulith”)
• Microservices: when sensible, when not?
• Pros and cons of the various approaches
• Technical debt: identification, assessment, and prioritization

3. Copilot Fundamentals for Legacy Migration

• Copilot modes overview: Ask, Edit, Plan, Agent
• Which mode for which migration task?
• Workspace setup: bringing old and new systems together
• Context engineering: building context deliberately
• Dealing with token limits in large legacy codebases
• Text first: using text-based resources and documentation as context
• Practical demonstration: analyzing the “Acme Invoice Manager” with Copilot

4. Code Archaeology with Copilot

• Understanding legacy code: reverse engineering with missing documentation
• Dealing with cryptic code and “magic numbers”
• Identifying undocumented business rules
• Extracting business logic and finding edge cases
• Using Copilot for code explanations and understanding relationships
• Hands-on exercise: analyzing a legacy component in the “Acme Invoice Manager”

5. Tests as Safety Nets During Migrations

• Seams: identifying boundaries in the code
• Sensing vs. separation
• Characterization tests: tests for untested legacy code
• Testing strategies with missing test coverage
• Why tests are essential in AI-assisted migrations
• Using Copilot for test generation
• Hands-on exercise: creating characterization tests for a legacy module

6. Domain-Driven Design as a Foundation

• Bounded contexts as migration boundaries
• Aggregates, entities, and value objects
• DDD and seams: understanding the connections
• Migration plans based on domain models
• Hands-on exercise: creating a domain model for the “Acme Invoice Manager”

---

Day 2: Prompt Engineering & Migration Planning

7. Prompt Engineering for Legacy Migrations

• Efficient prompt design for migration tasks
• Zero-shot & multi-shot prompting
• Prompt chaining and chain-of-thought
• Generated knowledge prompting
• Avoiding hallucinations and confirmation bias
• Prompt templates and reusability
• JSON & XML for structuring prompts
• Prompts as living documentation: documenting migration decisions
• Hands-on exercise: creating effective prompts for various migration scenarios

8. Migration Planning with Copilot

• Creating an overall migration plan
• Planning step-by-step migration of individual components
• Identifying seams and migration boundaries with Copilot
• Prioritizing migration steps (business value vs. risk)
• Risk management: data loss, downtime, rollback strategies
• Feature flags for incremental migration
• Hands-on exercise: creating a migration plan for a module

9. Backend Migration in Practice

• From Java Servlets to FastAPI (Python)
• Performing code transformation with Copilot
• Extracting and porting business logic
• Dealing with breaking changes and outdated dependencies
• Custom-built solutions vs. standard libraries
• API design and REST endpoint migration
• Hands-on exercise: migrating a backend module

10. Database Migration

• Analyzing and improving database schemas
• From cryptic table names to meaningful schemas
• Introducing an ORM (SQLAlchemy)
• Simple export/import with the same technology
• Outlook: data quality, normalization, zero-downtime strategies
• Hands-on exercise: schema migration of a table with ORM

---

Day 3: Frontend, Documentation & Deployment

11. Frontend Migration

• From JSP/jQuery to React and Tailwind CSS
• Server-side rendering vs. client-side framework
• Building component-based architecture
• State management in the new frontend
• Using Copilot for UI code generation
• Hands-on exercise: migrating a view to React

12. Documentation & Knowledge Transfer

• Documenting legacy findings with Copilot
• Automatically generating Architecture Decision Records (ADRs)
• Markdown documentation from legacy Word documents
• Creating diagrams with Mermaid
• Inline documentation in the migrated code
• Building persistent Copilot knowledge for the team
• Code reviews of the migrated code with Copilot
• Hands-on exercise: creating documentation for a migrated module

13. Dockerization & CI/CD

• Generating Dockerfiles for the migrated system
• Docker Compose for local development
• Building a CI/CD pipeline with GitHub Actions
• Deployment strategies for migrated applications
• Hands-on exercise: Docker setup and CI/CD pipeline for a migrated module

14. Anti-Patterns, Pitfalls & Best Practices

• Avoiding typical anti-patterns in legacy migrations
• Copilot-specific pitfalls and how to avoid them
• Security aspects of AI-generated code
• Performance comparisons: old vs. new
• Monitoring and observability after migration
• Outlook: MCP (Model Context Protocol) for large codebases

Target audience: Software developers and architects who want to correctly use encryption, signatures, and secure communication in their applications — whether backend, cloud, or embedded.

Description: Which encryption mode is the right one? How do I manage keys securely? What do I need to consider for digital signatures under eIDAS? And how do I prepare for quantum computers? This workshop — continuously refined and evolved over more than 15 years — gives you well-founded answers — from the basics of symmetric and asymmetric cryptography through TLS and PKI to post-quantum migration.

Learning objectives: You will be able to securely use stream ciphers, block ciphers, and authenticated encryption. You will understand how key management and password-based key derivation work. You will be familiar with digital signatures and the European standards (CAdES, XAdES, PAdES). You will understand the TLS handshake, be able to verify certificate chains, and know the NIST and BSI recommendations for post-quantum cryptography.

Prerequisites: The workshop is practice-oriented and does not require deep mathematics — basic school-level math is sufficient. Programming experience is helpful to follow along with the code examples. For those who want to dive deeper into the mathematical aspects, we offer additional resources.

---

Day 1: Fundamentals of Cryptography

1. Fundamentals

• Kerckhoffs’ principle
• How encryption is defined
• Definition: “What does secure mean?”
• Definition of “perfect secrecy” and “semantic security”

2. Stream Ciphers and CSPRNGs

• Stream ciphers
• Cryptographically secure pseudorandom number generators (CSPRNGs)
• Stream ciphers in practice: RC4, Salsa20, ChaCha20
• CSPRNGs in practice: Fortuna, Yarrow, /dev/urandom
• Criticism of RC4 and why it should no longer be used
• Criticism of /dev/urandom and why it is still secure enough in practice
• Criticism of CSPRNGs in general and why they are still necessary

3. Block Ciphers

• Block ciphers
• Encryption modes (ECB, CBC, CTR, …)
• What is an “initialization vector”?
• Pros and cons of the various encryption modes
• Padding schemes

Day 2: Symmetric & Asymmetric Cryptography, Digital Signatures

4. Hash Functions & MACs

• Authenticated encryption: motivation for message authentication codes
• Hash functions
• Message authentication codes (MACs)
• Authenticated encryption
• Salsa20/Poly1305 as a modern stream cipher with authenticated encryption
• AES-GCM as a modern block cipher with authenticated encryption

5. Key and Password Management

• Key lengths
• Key generation and exchange
• Key management
• Entropy
• Password-based key derivation
• Storing and managing passwords

6. Asymmetric Encryption

• Key exchange: motivation for asymmetric encryption
• Diffie-Hellman key exchange
• What is a “public/private key” used for?
• RSA
• PKCS#1 padding vs. PKCS#1 v2.0 (RSA-OAEP)
• Elliptic curves
• Recommendations for key lengths and secure curves
• Why asymmetric encryption is not used to encrypt data
• The three use cases for asymmetric encryption: key exchange, digital signatures, authentication protocols

7. Digital Signatures

• Motivation for digital signatures
• Comparison with handwritten signatures
• The European signature regulation (eIDAS) and its requirements for digital signatures
• The European signature standards CAdES, XAdES, and PAdES
• What are seals, AdES, QES?
• Digital signatures using RSA
• Digital signatures using elliptic curves: ECDSA
• Free EU service for validating signatures
• Recommended algorithms and key lengths for digital signatures

Day 3: TLS, PKI, and Post-Quantum Cryptography

8. The TLS Protocol

• Data in transit vs. data at rest
• Why TLS is usually the solution for data in transit
• What TLS can and cannot do
• TLS 1.3 — improvements, advantages, risks
• The record protocol
• The handshake protocol
• Encrypted records
• TLS best practices
• Tools for evaluating TLS server configurations
• Tools for debugging TLS connections: OpenSSL, Wireshark

9. Public Key Infrastructure (PKI)

• Motivation for PKI
• What alternatives to PKI exist?
• Certificates and certificate authorities (CAs)
• The role of certificates in PKI
• Certificate chains and trust anchors
• Certificate validation
• Revoking certificates: CRLs & OCSP
• Key usages and extended key usages — implications & risks
• Let’s Encrypt — advantages, risks, ACME protocol
• Tools for validating certificates
• OpenSSL cheat sheet with the most important commands

10. Post-Quantum Cryptography

• Why quantum computers pose a threat to cryptography
• Which cryptographic algorithms are threatened by quantum computers?
• What approaches exist for post-quantum-safe cryptography?
• Hybrid cryptography: combining classical and post-quantum-safe algorithms
• Scaremongering or legitimate concern? Assessing the threat landscape
• NIST Post-Quantum Cryptography: standards and final candidates in FIPS 202-206, NIST SP 800-208
• NIST SP 1800-38A-C — the official NIST migration recommendations
• TR-02102: BSI recommendations for post-quantum cryptography
• Practical recommendations: concrete steps to prepare for the post-quantum era

Target audience: Software developers, architects, and IT security professionals who want to prepare their systems for the post-quantum era in time.

Description: Harvest Now, Decrypt Later — attackers are already collecting encrypted data today to decrypt it with future quantum computers. This workshop gives you the knowledge to realistically assess the threat and systematically modernize your cryptographic infrastructure — from the new NIST standards through hybrid schemes to concrete migration steps.

Learning objectives: You will understand why quantum computers threaten classical asymmetric cryptography and which algorithms are affected. You will know the new NIST post-quantum standards and the BSI recommendations. You will understand how hybrid cryptography works and be able to design a migration strategy for your organization.

Prerequisites: A basic understanding of asymmetric cryptography (public/private keys, signatures, TLS) is helpful. The workshop covers the necessary fundamentals, so participants without deep cryptographic knowledge can follow along. No mathematical background is required.

---

Day 1: Post-Quantum Cryptography

1. Understanding the Quantum Threat

• How quantum computers attack classical cryptography: Shor’s and Grover’s algorithms
• Which cryptographic algorithms are affected — and which are not?
• Symmetric algorithms (AES, SHA): why they remain largely secure
• Asymmetric algorithms (RSA, ECC, DH): why they will be broken
• Harvest Now, Decrypt Later: why the threat is already real today
• Scaremongering or legitimate concern? A realistic assessment of the threat landscape
• Timeline: when are cryptographically relevant quantum computers expected?

2. Fundamentals of Post-Quantum-Safe Algorithms

• Which mathematical problems are considered quantum-resistant?
• Lattice-based cryptography: the foundation of most new standards
• Hash-based signatures: proven security with a long history
• Code-based cryptography: McEliece and related schemes
• Multivariate cryptography: approaches and challenges
• Pros and cons of the different approaches compared

3. The New NIST Standards

• The NIST standardization process: from 69 submissions to the final standards
• ML-KEM (FIPS 203, formerly CRYSTALS-Kyber): the new standard for key exchange
• ML-DSA (FIPS 204, formerly CRYSTALS-Dilithium): the new standard for digital signatures
• SLH-DSA (FIPS 205, formerly SPHINCS+): hash-based signatures as an alternative
• LMS and XMSS (NIST SP 800-208): stateful hash-based signatures for firmware and embedded systems
• FN-DSA (formerly FALCON): compact lattice-based signatures
• Key and signature sizes compared to RSA and ECC
• Performance comparison: how fast are the new algorithms?

4. Regulatory Requirements and Recommendations

• NIST SP 1800-38A-C: the official recommendations for post-quantum migration
• TR-02102: BSI recommendations for post-quantum cryptography
• European perspective: ENISA and SOG-IS recommendations
• Industry-specific requirements: financial sector, healthcare, critical infrastructure
• Compliance deadlines and transition periods

5. Hybrid Cryptography and Migration Strategy

• Hybrid cryptography: combining classical and post-quantum-safe algorithms
• Why hybrid? A safety net against weaknesses in new algorithms
• Hybrid key agreement in TLS 1.3
• Hybrid signatures in certificates and documents
• Crypto-agility: designing systems so that algorithms can be swapped out
• Inventory: cataloging the cryptographic algorithms used in your organization
• Prioritization: which systems need to be migrated first?
• Migration path: concrete steps from analysis to implementation
• Common pitfalls during migration and how to avoid them

Target audience: This seminar is aimed at developers who already have basic Git knowledge and want to deepen it. Those transitioning from other version control systems like SVN who want to build a deep understanding of Git are also welcome.

Description: Git has established itself as the standard for version control and is an indispensable tool in open-source and commercial IT projects. With platforms like GitHub, GitLab, and Bitbucket, Git is not only widely used but also an integral part of modern development methods like GitOps. This seminar provides deep insights into advanced Git techniques that go far beyond everyday commands. You will learn how Git works in detail, how to solve complex problems, and how to make your workflow and your team’s workflow more efficient. Practical exercises with GitLab (optionally GitHub or Bitbucket) allow you to immediately put what you’ve learned into practice.

Learning objectives: In this training, you will deepen your Git knowledge and learn advanced concepts to make your workflow more efficient. You will be able to confidently master complex scenarios, apply deeper Git features, and quickly find solutions in problem situations. You will learn how to optimize your own Git workflow, make team processes more efficient, and quickly fix common mistakes. After this seminar, you will be well equipped to work successfully with Git even in large projects.

Prerequisites: A solid command of basic Git commands (add, commit, pull, push) and experience with creating and managing branches are required.

Day 1: Under the Hood, Project Organization, Optimizing Your Own Workflow

1. Under the Hood: A Short Journey Through the .git Directory

• Practical exploration: the .git directory (objects, refs, HEAD, config, hooks)
• Objects - Git’s data structures: commits, trees, blobs
• The commit history as a directed acyclic graph (DAG)
• SHA-1 hashes: why hashes instead of sequence numbers?
• HEAD: where am I right now?
• Visualization: HEAD → refs/heads/main → Commit → Tree → Blobs
• Branches and tags as pointers to commits
• Refs
• Demo: exploring Git internals with low-level commands (git cat-file, git hash-object)
• git checkout / git switch: what happens during a branch switch?

2. Project and Repository Organization

• Monorepo vs. multirepo
• Pros and cons of both approaches
• Decision-making: which structure fits my project?
• Git submodules as a hybrid solution
• Working with large and/or monorepos: sparse checkout & partial clone

3. Commit Etiquette: Writing Good Commit Messages

• What belongs in a good commit message?
• Structure: subject, body, footer
• Conventional Commits as a standard
• Why are meaningful commit messages important?

4. Optimizing Your Own Git Workflow

• Using the staging area effectively: git add -p, git reset -p
• Working in parallel with git worktree
  • git worktree: running multiple AI agents simultaneously in one repository
• git rebase: when and how to use it?
  • Squashing or splitting commits with interactive rebase
  • git rebase --onto: understanding and applying advanced rebase options
  • Troubleshooting rebase issues
• git cherry-pick vs. git merge vs. git rebase: differences and trade-offs
  • Anti-pattern: “Cherry-Pick Everywhere” - why merge should remain the default
• Git hooks
  • Optimization possibilities: style guides, linting, Prettier, whitespace, code analysis
  • Frameworks for Git hooks: pre-commit and Husky
  • Server-side hooks and their capabilities
• Hands-on exercise: “Git Workflow Bootcamp” - we clean up a repository together

Day 2: Optimizing Team Workflow and Undo Strategies

5. Workflows: From Chaos to Order

• Criss-cross merge: why you shouldn’t merge “everyone from everyone” on demand
• Git workflows: why discipline and order matter
• Central/SVN workflow: problems and limitations
  • The simplest possible (“non”-)workflow
  • Bottleneck problem with push: “first come, first served”
  • “Russian roulette” with pull
• Demo: experiencing the central workflow and its problems
• GitHub/GitLab flow: feature branches + pull/merge requests
  • Feature branches: concept and motivation
  • Code review process
  • From feature branch to merge request
• Hands-on exercise: complete PR workflow in GitLab
• Git Flow: the good, the bad, and the ugly
  • Feature branches, develop, master, release branches, hotfixes
  • Pros and cons of Git Flow
  • When is Git Flow sensible?
  • From savior to ugly duckling: why Git Flow can be too cumbersome
• Outlook: developing custom workflows - what matters?

6. Optimizing Git in a Team

• Merging in a team: best practices and potential problems
  • Dealing with stale pull requests and conflicts
  • Advanced merge strategies: ort, recursive, ours/theirs
  • Dealing with merge conflicts: strategies and tools: git mergetool, diff3, git rerere
• Repository management via the web interface: permissions, default branches, protected branches
• Tags and releases: best practices
• .gitattributes: when core.autocrlf is not enough
• Using Git offline: bare repositories and bundles
• Dealing with binary files and Git LFS
• Hands-on exercise: “Mastering Merge Conflicts” - we simulate conflicts and resolve them together using various strategies and tools

7. Undo Recipes: Fixing Mistakes by Escalation Level

• General: common pitfalls and how to avoid them
• Level 1: undoing changes in the working copy
  • git restore, git checkout
• Level 2: unstaging changes from the staging area
  • git restore --staged, git reset
• Level 3: undoing a commit (local)
  • git reset --soft, git reset --mixed, git reset --hard
• Level 4: amending a commit (local)
  • git commit --amend
• Level 5: squashing multiple commits (local)
  • Interactive rebase, squash
• Level 6: undoing a commit (remote/public)
  • git revert
• Level 7: rescuing a broken repository
  • git reflog and recovery strategies

8. Debugging and Forensics with Git

• git bisect: finding the commit that introduced a bug
• git blame: who changed what and why?
• git diff: changes between commits, branches, working directory
• git log: finding and filtering commits
• git grep: text search in the code history
• git show: viewing details of a commit
• git filter-branch / git filter-repo: rewriting history, e.g., to remove secrets
• Hands-on exercise: “Git Forensics” - finding a bug in the history with git bisect

Target audience: Developers who want to learn Git from scratch, as well as decision-makers who want to gain a solid overview of the de facto standard of modern software development. Those transitioning from other version control systems (especially SVN and TFS) are also very welcome.

Description: This two-day course teaches Git not as a mere collection of commands, but as a well-designed system with clear concepts - the way I have been continuously refining and evolving it for over 15 years. The concept-based approach ensures that you don’t just master individual commands, but understand why Git works the way it does - and what happens behind the scenes. For didactic reasons, I deliberately use the command line (Git Bash or Bash on Linux/Mac): typing the commands engages “muscle memory”, and the commands are remembered much more effectively. In two compact days, the course spans from the absolute basics - local architecture, commits, remote repositories - to branches, merging, and an overview of proven team workflows. Theoretical foundations and practical exercises interlock seamlessly.

Learning objectives: After this course, you will see Git with different eyes: you will know the underlying concepts and data structures, be able to trace what actually happens with each Git command, and navigate confidently between working copy, staging area, and repository. You will work confidently with local and remote repositories, master branches and merging - including conflict resolution - and know proven team workflows. Git will no longer be a “black box”, but a well-understood tool that gives you orientation even in unfamiliar situations.

Prerequisites: Basic familiarity with the command line is helpful. Programming knowledge is an advantage but not strictly required. No prior knowledge of Git or other version control systems is expected.

Day 1: Git Fundamentals, Architecture, Local vs. Remote Repository

1. Introduction: Concepts Before Commands

• Why Git should be taught differently: concepts before commands
• The philosophy behind Git: decentralized, distributed, data-integrity-driven
• Basic configuration: setting up username and email

2. Understanding the Local Git Architecture: The Three Areas

• Working copy, staging area (index), and local repository
• Visual model: where are changes located at which point in time?
• git init: creating a new repository
• git add: staging changes for saving
• git commit: persistently saving changes in the local repository
• The different states of files: untracked, modified, staged, committed
• .gitignore: excluding files from the repository
• The difference between local and remote repository
• Git remembers the state of remote repositories locally
• Key insight: almost everything in Git is local
• Hands-on exercise: first steps with init, add, commit

3. Commit Etiquette: Writing Good Commit Messages

• What belongs in a good commit message?
• Structure: subject, body, footer
• Conventional Commits as a standard
• Why are meaningful commit messages important?
• Hands-on exercise: writing good commit messages

4. Undoing Changes: The Basics

• git restore: discarding changes in the working copy
• git reset: undoing a commit
• git commit --amend: modifying a commit after the fact

5. Understanding the Remote Git Architecture: Remote Repositories

• A remote is just another repository
• git remote: setting up a remote repository
• git push: sending changes to a remote repository
• git fetch: retrieving changes from a remote repository
• git pull: retrieving changes from a remote repository and integrating them
• When to fetch instead of pull?
• Remote-tracking branches: origin/main vs. main
• git clone: obtaining a repository
• Hands-on exercise: observing fetch and pull in detail

6. Forensics: Examining Current Changes and the History

• git status: understanding the current state
• git diff: examining changes in detail
• git show: analyzing individual commits
• git log and its options
• Visualizing the commit history
• Comparing changes between commits
• Hands-on exercise: examining and understanding changes

Day 2: Remote Repositories, Branches, and Merging

7. Branches: Isolated Lines of Development

• Branches as isolated lines of development
• Enables “simultaneous” work on features and bugfixes
• Creating and managing branches: git branch, git checkout, git switch
• Merging branches back together: git merge
• git stash: temporarily shelving changes
• git tag: setting immovable markers in the history
• Hands-on exercise: creating, switching, and merging branches

8. Under the Hood: How Git Stores & Organizes Data

• Practical exploration: the .git directory (objects, refs, HEAD, config, hooks)
• Objects - Git’s data structures: commits, trees, blobs
• The commit history as a directed acyclic graph (DAG)
• SHA-1 hashes: why hashes instead of sequence numbers?
• HEAD: where am I right now?
• Visualization: HEAD → refs/heads/main → Commit → Tree → Blobs
• Branches and tags as pointers to commits
• Refs
• Demo: exploring Git internals with low-level commands (cat-file, hash-object)
• git checkout / git switch: what happens during a branch switch?

9. git merge: Understanding Merging in Detail

• Fast-forward merge vs. three-way merge
• When fast-forward merges are and aren’t desirable
• The merge algorithm in detail
• Visualizing different merge scenarios
• When do conflicts arise? How can I deliberately avoid them?
• Which situations can Git resolve on its own?
• Anatomy of a conflict
• Step-by-step conflict resolution
• Hands-on exercise: merging with conflicts

10. git rebase as an Alternative to Merge

• What is rebasing and how does it work?
• Why rebase? When is it sensible?
• Rebase vs. merge: pros and cons
• The golden rule: never rebase pushed commits

11. Workflows: An Overview - From Chaos to Order

• Criss-cross merge: why you shouldn’t merge “everyone from everyone” on demand
• Git workflows: why discipline and order matter
• Central/SVN workflow: problems and limitations
• GitHub/GitLab flow with pull/merge requests as the recommended entry-level workflow
• Git Flow as an established workflow for more complex projects
• Hands-on exercise: complete PR workflow in GitLab

Target audience: Developers who want to learn Git from scratch or deepen their existing knowledge. Also suitable for those transitioning from other version control systems (SVN, TFS, CVS).

Description: This intensive 3-day workshop teaches Git not as a mere collection of commands, but as a well-designed system with clear concepts. You will learn to understand the underlying principles on which modern software development processes are built. Through the concept-based approach, you will develop a deep understanding of Git and be able to use it confidently and effectively. The workshop combines theoretical foundations with practical exercises and prepares you to use Git in a team context with feature branches, pull requests, code reviews, and modern release management.

Learning objectives: After this workshop, you will understand Git not just superficially, but know the underlying concepts and data structures. You will be able to use Git confidently in your daily development process and no longer hesitate before more complex operations like rebase or reset. You will understand what actually happens with each Git command, be able to implement modern team workflows, and know which strategies are suitable for which situation. Making backup copies before Git operations will be a thing of the past.

Prerequisites: Basic programming knowledge and familiarity with the command line. Prior exposure to version control is helpful but not strictly required.

Day 1: Git Fundamentals, Architecture, Local vs. Remote Repository

1. Introduction: Concepts Before Commands

• Why Git should be taught differently: concepts before commands
• The philosophy behind Git: decentralized, distributed, data-integrity-driven
• Overview: what will we learn in three days?
• Basic configuration: setting up username and email

2. Understanding the Local Git Architecture: The Three Areas

• Working copy, staging area (index), and local repository
• Visual model: where are changes located at which point in time?
• git init: creating a new repository
• git add: staging changes for saving
• git commit: persistently saving changes in the local repository
• The different states of files: untracked, modified, staged, committed
• The difference between local and remote repository
• Git remembers the state of remote repositories locally
• Key insight: almost everything in Git is local
• Hands-on exercise: first steps with init, add, commit

3. Commit Etiquette: Writing Good Commit Messages

• What belongs in a good commit message?
• Structure: subject, body, footer
• Conventional Commits as a standard
• Why are meaningful commit messages important?
• Hands-on exercise: writing good commit messages

4. Understanding the Remote Git Architecture: Remote Repositories

• A remote is just another repository
• git remote: setting up a remote repository
• git push: sending changes to a remote repository
• git fetch: retrieving changes from a remote repository
• git pull: retrieving changes from a remote repository and integrating them
• When to fetch instead of pull?
• Remote-tracking branches: origin/main vs. main
• git clone: obtaining a repository
• Hands-on exercise: observing fetch and pull in detail

5. Forensics: Examining Current Changes and the History

• git status: understanding the current state
• git diff: examining changes in detail
• git show: analyzing individual commits
• git log and its options
• Visualizing the commit history
• Comparing changes between commits
• Hands-on exercise: examining and understanding changes

6. Branches: Isolated Lines of Development

• Branches as isolated lines of development
• Enables “simultaneous” work on features and bugfixes
• Creating and managing branches: git branch, git checkout, git switch
• Merging branches back together: git merge
• Hands-on exercise: creating, switching, and merging branches

Day 2: Remote Repositories, Branches, and Merging

7. Under the Hood: How Git Stores & Organizes Data

• Practical exploration: the .git directory (objects, refs, HEAD, config, hooks)
• Objects - Git’s data structures: commits, trees, blobs
• The commit history as a directed acyclic graph (DAG)
• SHA-1 hashes: why hashes instead of sequence numbers?
• HEAD: where am I right now?
• Visualization: HEAD → refs/heads/main → Commit → Tree → Blobs
• Branches and tags as pointers to commits
• Refs
• Demo: exploring Git internals with low-level commands (cat-file, hash-object)
• git checkout / git switch: what happens during a branch switch?

8. git merge: Understanding Merging in Detail

• Fast-forward merge vs. three-way merge
• When fast-forward merges are and aren’t desirable
• The merge algorithm in detail
• Visualizing different merge scenarios
• When do conflicts arise? How can I deliberately avoid them?
• Which situations can Git resolve on its own?
• Anatomy of a conflict
• Step-by-step conflict resolution
• Hands-on exercise: merging with conflicts

9. Rebase as an Alternative to Merge

• What is rebasing and how does it work?
• Why rebase? When is it sensible?
• Rebase vs. merge: pros and cons
• The golden rule: never rebase pushed commits
• Hands-on exercise: comparing rebase vs. merge

10. Undo Recipes: Fixing Mistakes by Escalation Level

• General: common pitfalls and how to avoid them
• Level 1: undoing changes in the working copy
  • git restore, git checkout
• Level 2: unstaging changes from the staging area
  • git restore —staged, git reset
• Level 3: undoing a commit (local)
  • git reset —soft, —mixed, —hard
• Level 4: amending a commit (local)
  • git commit —amend
• Level 5: squashing multiple commits (local)
  • Interactive rebase, squash
• Level 6: undoing a commit (remote/public)
  • git revert
• Level 7: rescuing a broken repository
  • git reflog and recovery strategies

Day 3: Git in Teams, Workflows, and Undo Strategies

11. Workflows: From Chaos to Order

• Criss-cross merge: why you shouldn’t merge “everyone from everyone” on demand
• Git workflows: why discipline and order matter
• Central/SVN workflow: problems and limitations
  • The simplest possible (“non”-)workflow
  • Bottleneck problem with push: “first come, first served”
  • “Russian roulette” with pull
• Hands-on exercise: experiencing the central workflow and its problems

12. GitHub/GitLab Flow: Pull/Merge Requests

• Branches as snapshot isolation
• Feature branches: concept and motivation
• What are pull/merge requests?
• Code review process
• From feature branch to merge request
• Best practices for code reviews
• Hands-on exercise: complete PR workflow in GitLab

13. Release Management with Git

• Versioning with tags
• Semantic versioning: major.minor.patch
• Feature freeze and release branches
• Automatically generating release notes with git log
• Outlook: Conventional Commits & semantic-release for automatic versioning

14. The Complete Development Cycle at a Glance

• From requirements to deployment
• Issue tracking with GitLab Issues
• Creating feature branches
• Writing and committing code
• Creating merge requests
• Conducting code reviews
• Resolving merge conflicts
• Creating and tagging releases

Target audience: Developers DevOps & administrators Team leads & project managers

Description: You know the basics of Git and now want to take the next step toward automation, stability, and efficiency.

You want to seamlessly integrate continuous integration and continuous deployment with GitLab CI/CD into your development and operations processes. You want to reliably package your builds into containers to achieve reproducible results and roll out your deployments automatically or at the push of a button.

Imagine every change being checked, tested, packaged, and made ready for deployment - without manual rework, without unpleasant surprises when the application goes to production. Your pipelines build images, store them in the registry, test security aspects, and deploy to different environments - all with a single commit.

Once set up, your pipeline remains easily extensible and reusable. New team members can become productive without lengthy preparation - your infrastructure stays consistent and traceable. Not a utopia, but GitOps in practice - with GitLab CI and Docker. A comprehensive course on modern GitLab CI/CD practices and Docker containerization.

Learning objectives: Learn how to use GitLab CI/CD as a central tool for your GitOps strategy and develop pipelines that fully automate builds, tests, security checks, and deployments. You will understand how to effectively integrate Docker into your workflows, version container images, and manage them securely.

You will use reusable templates, self-managed runners, and the GitLab Registry to perfectly tailor your CI/CD environment to your team’s needs. Along the way, you will learn modern best practices for branching, secrets management, static analysis, and infrastructure-as-code.

This way, you automate your development and operations processes from code change to secure, traceable deployment - reliably, reproducibly, and team-friendly.

Prerequisites: Basic knowledge of Git is required. You should be comfortable working with commits and branches, and pull requests and merges should not be unfamiliar to you. We use Git on the command line (Git Bash) during the course; minimal command line knowledge is sufficient. Docker knowledge is helpful but not required.

Day 1: GitLab CI and Docker Fundamentals

1. GitLab CI/CD Fundamentals

• Syntax & semantics of .gitlab-ci.yml
• Stages vs. jobs, default stages
• Success or failure of a job
• Structuring the execution order of jobs
• Conditional job execution
• Hands-on exercise: “GitLab CI No Code” - exploring GitLab CI without any code

2. What Belongs in a CI/CD Pipeline?

• Integrating tests
• Generating and making artifacts available
• Predefined CI/CD variables
• Custom CI/CD variables and secrets
• Environments
• Using the “Pages” job to automatically make artifacts available online
• GitLab Runner: what is it and how does it work?
• Shared runner vs. self-managed runner
• GitLab Runner and Docker
• What to do when the base image alone isn’t enough? When additional software is needed?
• Live demo: setting up a private, self-managed runner
• Hands-on exercise: a minimalist but fully functional project that integrates typical pipeline tasks (tests, code coverage, linting, style guides, documentation, …)

3. Introduction to Docker

• Docker fundamentals: containers, images, Dockerfiles
• Podman as an alternative to Docker
• Why Docker and GitLab CI are a perfect match
• GitLab CI with Docker and the GitLab Docker Registry
• Reusable template for a Docker-based CI pipeline
• Hands-on exercise: dockerizing our minimalist application

Day 2: GitLab CI with Docker

4. GitLab CI with Docker & Docker Compose

• Templates for gitlab-ci.yml
• GitLab CI/CD Editor: editing & validating gitlab-ci.yml online
• Testing gitlab-ci.yml locally
• Docker-in-Docker (DinD)
• Container Registry & cleanup policies
• Hands-on exercise: dockerizing our CI pipeline
• Docker Compose: defining multi-container applications with ease
• Developing with Docker & Docker Compose
• Goal for GitLab CI with Docker: a Docker-based standard pipeline that can be reused without modifications
• Hands-on exercises:
  • Live reload - developing our application with Docker Compose
  • Docker Compose-ifying our CI pipeline

5. GitLab CI Advanced

• Integrating additional artifacts in the pipeline
  • Unit test reports
  • Code coverage reports
• Hands-on exercise: extending our pipeline with test and code coverage reports
• Advanced pipeline concepts
  • Triggered pipelines
  • Child/parent pipelines
  • Pipeline schedules
  • Manual jobs & approvals
  • Environments / deployments
  • Rollbacks & canary deployments
  • Creating and managing releases with GitLab CI and glab (GitLab CLI)
  • Hands-on exercise: creating a release with GitLab CI
• Integrating GitLab-provided jobs into your own pipeline:
  • Code Quality
  • SAST (Static Application Security Testing)
  • Secret Detection
  • Container Scanning
  • Visualizing results in the context of merge requests
• Hands-on exercise: extending our pipeline with Code Quality and Secret Detection

Target audience: Software developers and architects who want to learn Kotlin from scratch or transition from Java — whether for backend development with Spring Boot, Android apps, or multiplatform projects.

Description: Why are more and more teams choosing Kotlin? How do you idiomatically use null safety, extension functions, and coroutines? And how do you make the switch from Java without throwing away existing code? This workshop provides well-founded answers — from language basics through object-oriented and functional programming to advanced features like coroutines and DSLs.

Learning objectives: You can use Kotlin idiomatically and safely. You know the type system with null safety, understand classes, interfaces, sealed classes, and generics. You master functional concepts like lambdas and collection operations, can write asynchronous code with coroutines, and know how to seamlessly combine Kotlin with existing Java code. After the workshop, you’ll be able to independently set up, test, and productively use Kotlin projects.

Prerequisites: Programming experience in an object-oriented language (ideally Java, but also C#, TypeScript, or similar). Experience with an IDE (IntelliJ IDEA recommended). Java knowledge is helpful for the interoperability topics but not strictly required.

---

Day 1: Getting Started with Kotlin — Language, Type System, and Basics

1. Why Kotlin?

• What is Kotlin? History and philosophy
• Kotlin’s relationship to Java: evolution, not revolution
• Use cases: server, Android, multiplatform, scripting
• The Kotlin toolchain: compiler, REPL, IntelliJ IDEA
• Your first Kotlin program: from Hello World to your first project
• Hands-on exercise: setting up the development environment and writing your first program

2. Variables, Types, and Control Structures

• val vs. var — immutability as a core principle
• Basic types: Int, Long, Double, Boolean, Char, String
• Type inference: why explicit type annotations are often unnecessary
• String templates and multiline strings
• Control structures as expressions: if, when, try
• when — Kotlin’s powerful replacement for switch/case
• Loops: for, while, ranges, and progressions
• Hands-on exercise: leveraging Kotlin’s expression-oriented syntax

3. Functions in Kotlin

• Function declaration and named parameters
• Default parameter values
• Single-expression functions
• Local functions and their use cases
• Varargs and the spread operator
• Hands-on exercise: using functions idiomatically

4. Null Safety — Kotlin’s Answer to the Billion-Dollar Question

• The problem with null in Java
• Nullable and non-nullable types
• Safe calls (?.), Elvis operator (?:), and non-null assertion (!!)
• Smart casts and the let scope function
• Null safety in practice: strategies for null-free code
• Hands-on exercise: applying null safety consistently

---

Day 2: Object Orientation, Collections, and Functional Programming

5. Classes and Objects

• Classes and constructors: primary constructor and init block
• Properties instead of getters/setters
• Data classes: less boilerplate, more expressiveness
• Enum classes and their capabilities in Kotlin
• The object keyword: singletons and companion objects
• Hands-on exercise: domain model with data classes and enums

6. Inheritance, Interfaces, and Sealed Classes

• Inheritance in Kotlin: open, abstract, override
• Interfaces with default implementations
• Sealed classes and sealed interfaces: restricted hierarchies
• when expressions with sealed classes: exhaustive pattern matching
• Delegation with by — composition over inheritance
• Hands-on exercise: modeling and matching sealed class hierarchies

7. Extension Functions and Scope Functions

• Extension functions: extending existing classes without modifying them
• Extension properties
• Scope functions in detail: let, run, with, apply, also
• Which scope function when? Decision guide and best practices
• Hands-on exercise: making APIs more readable with extension functions

8. Collections and Functional Operations

• Kotlin’s collection hierarchy: List, Set, Map — mutable vs. immutable
• Lambda expressions and higher-order functions
• The most important collection operations: map, filter, flatMap, groupBy, associate
• Lazy evaluation with sequences
• Destructuring declarations
• Hands-on exercise: transforming data with functional collection operations

---

Day 3: Advanced Topics and Kotlin in Practice

9. Generics

• Generic classes and functions
• Variance in Kotlin: in, out, and type projections
• Reified type parameters in inline functions
• Type-bound constraints (where)
• Hands-on exercise: implementing generic data structures

10. Coroutines — Asynchronous Programming with Kotlin

• Why coroutines? Motivation and comparison with threads
• suspend functions and coroutine builders: launch, async, runBlocking
• Structured concurrency and coroutine scopes
• Flow for asynchronous data streams
• Error handling in coroutines
• Hands-on exercise: solving asynchronous tasks with coroutines

11. Interoperability with Java

• Calling Kotlin code from Java and vice versa
• Annotations for Java interoperability: @JvmStatic, @JvmField, @JvmOverloads
• Handling Java nullability in Kotlin (platform types)
• Gradual migration: Java and Kotlin in the same project
• Hands-on exercise: extending an existing Java project with Kotlin

12. Kotlin in Everyday Projects

• Project setup with Gradle (Kotlin DSL) and Maven
• Testing with Kotlin: JUnit 5, AssertJ, and Kotest
• Documenting Kotlin code with KDoc
• Overview of useful libraries: kotlinx.serialization, Ktor, Arrow
• Domain-specific languages (DSLs) with Kotlin: why Kotlin is well-suited for them
• Outlook: Kotlin Multiplatform and current developments
• Hands-on exercise: setting up a small project with tests and build configuration

Target audience: Software developers and architects who want to build modern backend applications with Spring Boot — whether getting started with Spring or migrating from older Spring Boot versions.

Description: How does dependency injection in Spring actually work? How do I build a clean REST API with validation and error handling? How do I integrate databases without falling into JPA pitfalls? And what do virtual threads, native images, and the new observability features actually deliver in practice? This workshop provides well-founded answers — from Spring fundamentals through Spring MVC and Spring Data JPA to production topics like security, testing, and deployment.

Learning objectives: You can independently develop production-ready Spring Boot 4 applications. You understand dependency injection and auto-configuration in detail, build REST APIs with Spring MVC, integrate databases with Spring Data JPA, and know how to secure, test, and operate your application. You’re familiar with the innovations in Spring Boot 4 and Spring Framework 7 and can modernize existing projects in a targeted way.

Prerequisites: Solid Java skills (Java 17 or later). Experience with an IDE (IntelliJ IDEA recommended). A basic understanding of HTTP and relational databases is helpful. No prior Spring experience required.

---

Day 1: Spring Fundamentals and REST APIs

1. Introduction to Spring Boot

• Spring vs. Spring Boot — what’s what?
• The philosophy: convention over configuration
• What’s new in Spring Boot 4 and Spring Framework 7?
• Jakarta EE: the migration from javax to jakarta
• Setting up a Spring Boot project: start.spring.io and Spring Boot Starters
• Project structure and anatomy of a Spring Boot application
• Hands-on exercise: creating and starting your first Spring Boot project

2. Dependency Injection and Spring Beans

• Inversion of control and dependency injection: concepts and motivation
• Spring beans: declaration, lifecycle, and scopes
• Component scan and autowiring
• @Configuration and explicit bean declaration
• Constructor injection as a best practice
• Conditional configuration with @ConditionalOn...
• Spring Boot auto-configuration: what happens at startup?
• Identifying and resolving dependency resolution problems
• Hands-on exercise: defining and injecting beans, tracing auto-configuration

3. Configuration and Profiles

• application.properties vs. application.yml
• External configuration: environment variables, command-line arguments, config files
• Type-safe configuration with @ConfigurationProperties
• Profiles: environment-specific configuration (dev, staging, prod)
• Hands-on exercise: implementing configuration with profiles and @ConfigurationProperties

4. REST APIs with Spring MVC

• @RestController and request mapping
• Implementing HTTP methods: GET, POST, PUT, DELETE
• Path variables, query parameters, and request bodies
• JSON serialization with Jackson
• Controlling responses: ResponseEntity and HTTP status codes
• Error handling with @ExceptionHandler and Problem Details (RFC 9457)
• Hands-on exercise: implementing a complete CRUD REST API

---

Day 2: Database Integration, Validation, and Testing

5. Spring Data JPA

• Overview: JPA, Hibernate, and Spring Data — who does what?
• Modeling entities: @Entity, @Id, relations
• Spring Data repositories: CRUD without boilerplate
• Queries: derived queries, @Query, and projections
• Pagination and sorting
• Relations in practice: @OneToMany, @ManyToOne, lazy vs. eager loading
• Hands-on exercise: implementing entities and repositories for the REST API

6. Database Management and Validation

• Configuring the database connection: HikariCP connection pool
• Database migrations with Flyway
• Seed data for development
• Bean validation with Jakarta Validation: built-in and custom constraints
• Validation in the REST API: @Valid and meaningful error messages
• Transaction management with @Transactional: pitfalls and best practices
• Hands-on exercise: adding migrations, validation, and transactions

7. Testing Spring Boot Applications

• The test pyramid in Spring Boot: unit, integration, and end-to-end tests
• Unit tests for services and beans
• Sliced tests: @WebMvcTest, @DataJpaTest — focused integration tests
• @SpringBootTest: full integration tests
• MockMvc: testing REST APIs without a server
• Testcontainers: using real databases in tests
• Hands-on exercise: writing tests for the API and data layer

8. Security Fundamentals with Spring Security

• Authentication vs. authorization
• Integrating and configuring Spring Security
• Understanding the security filter chain
• HTTP Basic and form-based authentication
• Securing endpoints: roles and authorities
• CORS and CSRF in practice
• Hands-on exercise: securing the REST API with Spring Security

---

Day 3: Advanced Topics and Production

9. Reactive Spring and WebFlux

• Blocking vs. non-blocking I/O: when do I need what?
• Introduction to Project Reactor: Mono and Flux
• Spring WebFlux: reactive REST APIs
• The reactive WebClient for external HTTP calls
• Declarative HTTP clients with HTTP Interface
• When WebFlux, when Spring MVC? A decision guide
• Hands-on exercise: integrating an external service with WebClient and HTTP Interface

10. Virtual Threads and Performance

• Virtual threads (Project Loom): what changes for Spring applications?
• Enabling and using virtual threads in Spring Boot 4
• Virtual threads vs. reactive: when to use which?
• GraalVM native images: faster startup, less memory
• AOT processing: how Spring Boot supports native images
• Hands-on exercise: configuring an application with virtual threads

11. Observability and Actuator

• Spring Boot Actuator: health, info, metrics
• Micrometer and observability: metrics, tracing, and logging in one
• Implementing custom health indicators and metrics
• Securing Actuator endpoints
• Structured logging in Spring Boot
• Hands-on exercise: setting up health checks and custom metrics

12. Production and Deployment

• Packaging and delivering the application as a JAR
• Building Docker images with Spring Boot Buildpacks
• Managing configuration across environments
• Graceful shutdown and startup probes
• Overview: Spring Boot with Kubernetes
• Outlook: Modulith — modular monoliths with Spring
• Hands-on exercise: building a Docker image and setting up production configuration

Target audience: Experienced Java developers and architects who are familiar with Java 8 but want to catch up on or deepen their understanding of the innovations from recent years — whether for greenfield projects or modernizing existing codebases.

Description: Many Java teams still work with Java 8-era idioms, even though the language has fundamentally evolved since then. Records replace boilerplate classes, sealed classes enable closed type hierarchies, pattern matching makes type checks elegant, and virtual threads revolutionize concurrency. This workshop systematically guides you through all practice-relevant features from Java 9 to 25 — with a clear focus on what you can start using in your projects tomorrow.

Learning objectives: You will know all essential language features, APIs, and runtime improvements from Java 9 to 25. You can idiomatically use records, sealed classes, and pattern matching, understand the module system and know when it’s worthwhile. You master virtual threads and structured concurrency for modern concurrency and are familiar with the new APIs for HTTP, data processing, and native interoperability. After the workshop, you’ll write Java code that leverages the full expressive power of the modern language.

Prerequisites: Solid Java experience (at least Java 8, ideally including experience with streams and lambdas). An IDE with support for current Java versions (IntelliJ IDEA recommended). A basic understanding of concurrency (threads, synchronization) is helpful for day 3.

---

Day 1: Language Evolution — From Java 9 to 17

1. Java After 8: The New Release Cadence

• The 6-month cycle: feature releases, LTS versions, and what this means for projects
• Preview features and incubator APIs: how Java trials new features
• Which Java version should I use today?
• JShell: the interactive Java REPL for experimentation
• Hands-on exercise: using JShell and getting your Java version up to date

2. The Module System (JPMS)

• Motivation: why the classpath is no longer sufficient
• Declaring modules: module-info.java, requires, exports
• Strong encapsulation: what modules do better than packages
• Automatic modules and the unnamed module: migrating existing projects
• When is the module system worthwhile — and when is it not?
• Hands-on exercise: modularizing an existing application

3. Small Language Improvements (Java 9–16)

• var — local variable type inference (Java 10): rules and best practices
• Private methods in interfaces (Java 9)
• Improved try-with-resources (Java 9)
• Switch expressions: from statement to expression (Java 14)
• Text blocks: multiline strings without escape chaos (Java 13/15)
• Helpful NullPointerExceptions: finally understandable error messages (Java 14)
• Instanceof pattern matching: type check and cast in one step (Java 16)
• Hands-on exercise: refactoring existing Java 8 code with modern features

4. Records and Sealed Classes

• Records: immutable data classes without boilerplate (Java 16)
• Compact constructors and custom methods in records
• When records — and when not? Distinguishing from traditional classes
• Sealed classes and sealed interfaces: closed type hierarchies (Java 17)
• The permits clause and allowed subtypes
• Sealed classes as the foundation for exhaustive pattern matching
• Combining records and sealed classes: algebraic data types in Java
• Hands-on exercise: designing a domain model with records and sealed classes

---

Day 2: Pattern Matching, New APIs, and Modern Java

5. Pattern Matching in Depth

• Instanceof patterns (review and deep dive)
• Pattern matching in switch: type patterns, guarded patterns (Java 21)
• Record patterns: destructuring nested records (Java 21)
• Exhaustiveness: why the compiler now checks for complete coverage
• Unnamed patterns and variables: _ for intentionally ignored values (Java 22)
• Primitive patterns in instanceof and switch (Java 23+)
• Pattern matching as a paradigm shift: from if-cascades to declarative code
• Hands-on exercise: processing complex data structures with pattern matching

6. New and Improved APIs

• Collections API additions: List.of(), Map.of(), List.copyOf(), sequenced collections (Java 21)
• Stream API: toList(), mapMulti(), teeing(), and stream gatherers (Java 24)
• Optional improvements: ifPresentOrElse(), or(), stream()
• String improvements: strip(), indent(), transform(), string templates (outlook)
• Process API and ProcessBuilder improvements (Java 9)
• The new HTTP Client API: modern HTTP communication without third-party libraries (Java 11)
• Hands-on exercise: using the HTTP client and new collection/stream APIs

7. Tooling and Runtime Improvements

• Simpler programs: void main() and implicit classes (Java 24)
• Multi-file source-code programs: running Java files directly without compilation
• jlink: building lean custom Java runtimes
• jpackage: creating native installers for Java applications
• Garbage collection: from G1 to ZGC to Shenandoah — when to use what?
• Application class-data sharing (AppCDS): faster startup
• Hands-on exercise: packaging an application with jlink as a custom runtime

---

Day 3: Concurrency, Native Interoperability, and Migration

8. Virtual Threads

• The problem with platform threads: why a million threads was never a good idea
• Virtual threads: lightweight threads on the JVM (Java 21)
• Thread.ofVirtual(), Executors.newVirtualThreadPerTaskExecutor()
• Virtual threads in practice: what changes — and what doesn’t
• Pinning: when virtual threads get blocked and how to avoid it
• Thread-local vs. scoped values: why ThreadLocal is problematic with virtual threads
• Hands-on exercise: migrating a blocking application to virtual threads

9. Structured Concurrency and Scoped Values

• Structured concurrency: concurrency with clear structure (Java 24/25)
• StructuredTaskScope: starting, joining, and cancelling parallel tasks
• Strategies: ShutdownOnSuccess, ShutdownOnFailure
• Error handling and cancellation in structured concurrency
• Scoped values: safely passing context data through virtual threads (Java 24/25)
• Scoped values vs. ThreadLocal: when to use which?
• Hands-on exercise: orchestrating parallel API calls with structured concurrency

10. Foreign Function & Memory API

• Motivation: why JNI is no longer fit for purpose
• The Foreign Function & Memory API (FFM): calling native libraries from Java (Java 22)
• MemorySegment, Arena, and Linker: the building blocks of the FFM API
• Security model: restricted methods and --enable-native-access
• jextract: automatically translating C headers into Java bindings
• Hands-on exercise: calling a native C library from Java

11. Migration and Modernization

• From Java 8 to Java 21+: the key pitfalls
• Removed and deprecated APIs: Nashorn, Security Manager, finalization
• Migration path for libraries and frameworks: what’s compatible?
• Modularizing existing projects: step by step or big bang?
• Modernizing Java 8 idioms: before/after comparisons
• Recommendations: which features deliver the greatest value
• Hands-on exercise: migrating and modernizing a Java 8 project to Java 25

Target audience: Software developers and architects who want to build modern web applications with Ruby on Rails — whether getting started with Rails or transitioning from other frameworks.

Description: How does convention over configuration work in practice? How do I model database relations with Active Record without falling into N+1 query traps? How do I build forms, authentication, and background jobs? And what do the new Rails 8 features like Solid Queue and Kamal deliver? This workshop provides well-founded answers — from Ruby basics through MVC architecture and Active Record to testing, Turbo, and deployment.

Learning objectives: You can independently develop production-ready Rails applications. You understand the interplay of routes, controllers, models, and views, master Active Record for database work, and can build modern, reactive interfaces with Hotwire. You know how to test, secure, and deploy your application. After the workshop, you’ll be able to take Rails projects from idea to go-live.

Prerequisites: Programming experience in any language. A basic understanding of HTML and HTTP is helpful. No prior Ruby knowledge required — the necessary fundamentals are covered on day one.

---

Day 1: Ruby Basics and the Rails Architecture

1. Ruby — The Essentials for Rails

• Why Ruby? Philosophy and language design
• Everything is an object: classes, methods, blocks
• Strings, symbols, arrays, hashes
• Control structures and iterators
• Blocks, procs, and lambdas — Ruby’s functional side
• Modules and mixins: code reuse without inheritance chains
• Hands-on exercise: exploring Ruby basics interactively in IRB

2. Getting Started with Ruby on Rails

• What is Rails? History and philosophy
• Convention over configuration and don’t repeat yourself
• What’s new in Rails 8?
• The Rails project structure in detail
• The request lifecycle: from HTTP request to response
• Generators: getting productive quickly with rails generate
• Hands-on exercise: creating a new Rails application and understanding the structure

3. Routing and Controllers

• RESTful routing: resources and the seven standard actions
• Nested routes and custom routes
• Controller actions: parameters, responses, redirects
• Strong parameters: accepting input safely
• Filters: before_action, around_action, after_action
• Hands-on exercise: implementing routes and controllers for a CRUD application

4. Active Record — The Heart of Rails

• Active Record as an ORM: conventions and configuration
• Migrations: managing the database schema with version control
• Validations: built-in validations and custom validators
• Callbacks: hooks in the model lifecycle
• CRUD operations: create, read, update, delete
• Hands-on exercise: creating models with validations and migrations

---

Day 2: Data Modeling, Views, and Modern Frontend

5. Active Record — Relations and Queries

• Associations: belongs_to, has_many, has_many :through, polymorphic relations
• Scopes: defining reusable queries
• Eager loading vs. lazy loading: identifying and avoiding N+1 queries
• The query interface in detail: where, joins, includes, group, having
• Seed data and fixtures for development
• Hands-on exercise: modeling relations and writing performant queries

6. Views and Layouts

• ERB templates: embedding Ruby in HTML
• Layouts, partials, and content blocks
• View helpers: forms, links, formatting
• The form builder in detail: form_with and nested forms
• Asset Pipeline vs. Propshaft: integrating CSS and JavaScript
• Hands-on exercise: building views with partials and forms

7. Hotwire — Modern Frontend Without a JavaScript Framework

• Turbo Drive: fast navigation without full-page reloads
• Turbo Frames: selectively updating parts of the page
• Turbo Streams: real-time updates from the server
• Stimulus: lightweight JavaScript for interactivity
• When is Hotwire enough — and when do I need an SPA framework?
• Hands-on exercise: building an interactive interface with Turbo Frames and Streams

8. Authentication and Authorization

• Rails 8 Authentication Generator: authentication out of the box
• Sessions, cookies, and secure password storage with has_secure_password
• Authorization: controlling access in controllers and views
• CSRF protection and security best practices
• Hands-on exercise: implementing login, logout, and role-based access control

---

Day 3: Testing, Background Jobs, and Deployment

9. Testing Rails Applications

• The test pyramid in Rails: model, controller, and system tests
• Minitest vs. RSpec: overview and decision guide
• Model tests: testing validations, scopes, and business logic
• Controller and integration tests with ActionDispatch
• System tests with Capybara: end-to-end testing in the browser
• Fixtures and factories: managing test data efficiently
• Hands-on exercise: writing tests for models, controllers, and a user story

10. Background Jobs and Email

• Active Job: background processing in Rails
• Solid Queue: the new default adapter in Rails 8
• Typical use cases: emails, imports, notifications
• Action Mailer: sending and testing emails
• Action Mailbox: processing incoming emails
• Hands-on exercise: implementing a background job with email delivery

11. Caching, Performance, and APIs

• Solid Cache: caching without Redis in Rails 8
• Fragment caching and Russian-doll caching
• Optimizing database queries: explain, the bullet gem, indexing strategies
• Rails as an API backend: --api mode and JSON serialization
• API authentication with tokens
• Hands-on exercise: setting up caching and building an API endpoint

12. Deployment and Production

• Kamal: Rails 8 deployment without platform lock-in
• Deployment workflow: from local development to the server
• Database migrations in production: strategies and risks
• Environment configuration: credentials and encrypted secrets
• Logging, monitoring, and error handling in production
• Outlook: Action Cable for WebSockets, Solid Cable, and the Rails roadmap
• Hands-on exercise: deploying the workshop application with Kamal