If you need to verify the ID of the OAuth application, check the number at the end of the url like github.com/orgs/<org>/policies/applications/145909 coming from the github.com/organizations/<org>/settings/oauth_application_policy page.
chrismo (@the_chrismo)Sat, 16 Apr 2022 02:42 +0000
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.
If you haven't signed up for the preview of the new GitHub code search you're missing out - I use it every day now, being able to execute complex searches (including regular expression matches!) against every line of code on GitHub is absurdly useful cs.github.com
Simon Willison (@simonw)Mon, 28 Mar 2022 04:51 +0000
It was MySQL, with the resource contention, in the database cluster
How to use the OpenSSF Scorecards GitHub Action to audit your GitHub and GitHub Actions configuration, and a breakdown of some of the issues raised by it.
This is great for anyone using Actions, as this was seen to be a vulnerability for getting past code review
Recommended read: GitHub Actions: Prevent GitHub Actions from approving pull requests | GitHub Changelog https://github.blog/changelog/2022-01-14-github-actions-prevent-github-actions-from-approving-pull-requests/
Announcing the publishing of readme.jvt.me as well as automagically updating READMEs in my GitLab and GitHub profiles.
Often OSS developers make the world keep the lights on but aren't compensated for their time. Marak was struggling, asked help. Got nothing. In protest, removed his code and github suspended his account for removing something he owned the rights to.
Sam (@metruzanca)Fri, 07 Jan 2022 01:07 GMT
How to set up per-organisation notification settings so your personal email doesn't get work-related notifications.
Huh! When did that happen? Today I learned that GitHub supports light/dark mode images with within markdown. ``` ![Logo](./dark.png#gh-dark-mode-only) ![Logo](./light.png#gh-light-mode-only) ``` Video alt: Example showing a markdown image adapting to user preferences.
Stefan Judis (@stefanjudis)Tue, 30 Nov 2021 20:13 GMT
https://github.com/github/feedback/discussions/8149 is discussing this right now 👍🏽
Recommended read: GitHub's commitment to npm ecosystem security | The GitHub Blog https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Not a great leading indicator when the person in charge of the hostile product decision gets promoted to lead up the whole dev division, including GitHub. One of the worst parts of devrel is when management decides to ring the register and sell off the earned developer trust.
The recent open source moves by Microsoft are interesting. On one hand, I love the power of a vocal community; on the other, I hate to see community/devrel teams left to clean up after a bonehead decision from an executive who is clearly disconnected from the reality of the work.
Brandon West (@bwest)Sun, 24 Oct 2021 15:22 +0000
Brandon West (@bwest)Wed, 03 Nov 2021 18:37 GMT
How measuring how long code review took as a team lead to being able to change our processes, and then deliver much more effectively.
Listing Which GitHub Pull Requests are in a Project (2 mins read).
How to list the PRs inside a Project on Github, for example, via a Ruby client.
GitHub isn't Open Source, and it's acquisition by Microsoft was not proof of their commitment to Open Source as a movement. There are other things that indicate a meaningful change in respect of the movement. ASOP is an "Open Source Project" in name and software license only.
Matthew S. Wilson (msw) (@_msw_)Sun, 24 Oct 2021 18:15 +0000
Recommended read: Bypassing required reviews using GitHub Actions | by Omer Gil | Cider Security | Oct, 2021 | Medium https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
Recommended read: Postmortem: Removing all users from github.com/trivago · trivago tech blog https://tech.trivago.com/2021/10/05/postmortem-removing-all-users-from-github.com/trivago/
Does this include breaking down unethical uses of software by organisations like ICE?
So with the recent discovery that GitHub Actions create an OIDC identity per run, it's possible to configure Vault to allow auth w/ Actions identities and subsequently use that to get access to... anything. Some cleanup required but this is very promising! (c/o @grantorchard)
Mitchell Hashimoto (@mitchellh)Mon, 20 Sep 2021 21:02 +0000
Recommended read: AWS federation comes to GitHub Actions | Aidan Steele’s blog (usually about AWS) https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html
Recommended read: GitHub’s Journey From Monolith to Microservices https://www.infoq.com/articles/github-monolith-microservices/
You're currently viewing page 1 of 3, of 122 posts.