Michael Johnson | Senior Software Engineer

How this website is built

The build pipeline, shared platform, and delivery patterns this site runs on.

Static generation, no runtime

A small Crystal generator in src/sitegen.cr reads YAML content and renders ECR templates into a fully static dist directory. The deployed site has no runtime, no database, and no per-request server code—every URL is a pre-built file, which keeps the operational surface area near zero.

Versioned design system on a CDN

Tokens, shell, and primitives are pinned under static.michaelj43.dev/v1/ (published from the static-assets repo): Terraform-defined S3 plus CloudFront with Origin Access Control, immutable caching for versioned assets, and a short-lived cache policy on index.html. One centralized visual system, many consumer subdomains, no re-bundling.

Decoupled auth shell

The top navigation is injected at runtime by m43-auth-header.js, which resolves session state against the auth platform via api.michaelj43.dev. The portfolio stays fully static—sign-in concerns never bleed into the build—so the HTML remains straightforwardly cacheable.

Telemetry to a shared API platform

Page events post to a versioned /analytics/events endpoint on api.michaelj43.dev, backed by shared-api-platform: API Gateway, Lambda, and DynamoDB, deployed via GitHub Actions with AWS OIDC. CI gates the OpenAPI contract (Spectral lint and drift checks), and CloudWatch alarms watch production. This site identifies itself as portfolio-pages via data-m43-app.

Terraform-defined, OIDC-delivered

The runtime surfaces this page depends on—the static-assets CDN and shared-api-platform API—are Terraform-defined with S3 plus DynamoDB-locked remote state. Their deploys, plus iac-builder, card-game, kubernetes-mono-app, and local-ai-worker, authenticate to AWS via GitHub OIDC into scoped roles, so long-lived cloud credentials do not live in repository secrets.

CI/CD with ephemeral PR previews

GitHub Actions builds and publishes on every push to main with single-flight concurrency. Each pull request gets its own preview folder on gh-pages (for example preview/pr-42/), surfaced via a sticky bot comment and removed when the PR closes—the same ephemeral-environment idea as iac-builder (PR-isolated Terraform on AWS) and card-game (preview multiplayer stacks).

Skills

YAML-driven technical depth and workplace collaboration skills, grouped for quick scanning.

Technical

Languages

Python
TypeScript
Java
Go
Groovy
Kotlin
PowerShell
Bash
Rust
HCL (Terraform)
Crystal
YAML

Cloud and infrastructure

AWS
Microsoft Azure
Infrastructure as Code
Multi-region deployment
Virtual machines and containers
CDN and static asset delivery

DevOps and automation

CI/CD pipeline design
Release management
Automated test workflows
Developer enablement
Process automation
Cross-team delivery

Product and platform engineering

TypeScript applications
Cross-platform desktop tools
API integration
Auth flows
Shared UI systems
Static site generation

Systems and observability

Rust async tooling
Go concurrency
Streaming pipelines
New Relic dashboards and alerts
Slack alert integration
Performance-minded services

Security

Identity and access management
Secrets management and rotation
Encryption at rest and in transit
CI/CD & supply chain security
IaC policy & guardrails
Vulnerability management

Code & dependency scanning

SonarQube / SonarCloud
Mend (WhiteSource) & SCA
SAST & quality gates in CI
Repo secret scanning
Image & binary scanning
SBOM & dependency policy checks

Workplace & collaboration

Productivity suites

Microsoft 365
Google Workspace
Spreadsheet analysis & reporting
Presentation design & narrative

Delivery & agility

Agile, Scrum, or Kanban
Iteration planning
Backlog refinement
Release coordination

Collaboration & leadership

Stakeholder alignment
Technical writing & runbooks
Mentorship & knowledge sharing
Data-informed prioritization

Work tracking & communication

Jira & Azure DevOps
Confluence & internal docs
Slack & Microsoft Teams
Incidents & change requests

AI productivity tooling

ChatGPT, Copilot, & Gemini for drafting & review
Cursor, Windsurf, & Claude for agentic work
Structured prompting & evaluation
Guardrails & safety framing
AI-assisted workflows

Distributed team operations

Async-first communication
Offshore & cross-timezone handoffs
Meeting hygiene & agendas
Decision logs & follow-ups

Selected work

Echo

GitHub

michaelj43/echo TypeScript Rust
- Tauri desktop apps
- API client UX
- Auth workflows
- CI/CD and PR previews
Cross-platform desktop app for exploring HTTP APIs—collections, environments, auth, and request/response views—built with Tauri. The public site at echo.michaelj43.dev is the marketing and documentation surface, with automated deploys and PR previews for contributor-friendly iteration.
card-game

GitHub

michaelj43/card-game TypeScript HCL
- React + TypeScript UI
- Multiplayer REST + WebSocket APIs (AWS)
- WebRTC data channel + signaling
- DynamoDB + Lambda room services
- Terraform + custom domain hosting
Browser card table with many YAML-driven games, AI seats, and online play. An AWS multiplayer stack handles rooms, JWT-gated signaling over WebSocket, and optional TURN scheduling; peers sync authoritative table state over WebRTC while Terraform defines the infrastructure. The live app is on a custom domain so friends and reviewers can try builds without cloning.
kubernetes-mono-app

GitHub

michaelj43/kubernetes-mono-app Go TypeScript HCL
- EKS-oriented Kubernetes
- Argo CD GitOps
- Terraform (VPC, EKS, OIDC)
- Kustomize + ALB Ingress
- GitHub Actions (CI, images, bootstrap)
- CloudNativePG and Redis patterns
Portfolio mono-repo with a Go API, static portal (apex landing plus public /status for Argo health), GitOps Application CRs, Terraform for VPC/EKS and GitHub OIDC roles, Kustomize overlays with ACM discovery for TLS, and Actions for tests, GHCR images, and Argo bootstrap—oriented toward reproducible bring-up on AWS.
iac-builder

GitHub

michaelj43/iac-builder Go TypeScript
- React + Vite wizard UI
- Optional OpenAI BYOK assist (auditable prompts)
- Optional encrypted AWS profiles + VPC/subnet discovery
- Terraform-style generation + code preview drawer
- Go API with SQLite and preview pipeline
- Docker Compose; AWS serverless hosting (GitHub Actions)
Guided Infrastructure-as-Code generator: a React wizard fronts a Go API that produces previewable Terraform-style output in a code drawer, with sensible defaults, optional encrypted AWS credential profiles for discovery, and optional OpenAI BYOK suggestions under operator-controlled guardrails. Local runs use Docker Compose; production paths cover S3, CloudFront, and Lambda with documented Terraform and CI deploy/destroy workflows.
spiffy-trader (Github)

michaelj43/spiffy-trader TypeScript
- External API integration
- Model-assisted evaluation
- Automation
- Reproducible workflows
Kalshi trading experiments that combine model-assisted signals with structured evaluation and clear boundaries between research and production concerns. The repository tracks orchestration, API usage, and how results are recorded so ideas stay reproducible and reviewable over time.
local-ai-worker

GitHub

michaelj43/local-ai-worker Rust
- Rust async
- Local AI runtimes
- Service boundaries
- Performance-minded tooling
Rust worker for local or self-hosted AI workflows, oriented toward performance and clear boundaries when talking to model runtimes. It shows how I lean on the type system and async tooling in Rust to keep integration code small and testable.
adaptive-pipe (Github)

michaelj43/adaptive-pipe Go
- Go concurrency
- Streaming pipelines
- CLI and service building blocks
- Small interfaces
Go project for adaptive streaming or piping between components, useful for composable CLI and service edges. The code favours small interfaces, straightforward concurrency, and building blocks that are easy to reason about in larger systems.