It took a full day of trial with #AWS #IAM policy permissions, but managed to get #bref updated with fully #TerraForm'ed permissions and #GitHubActions secrets 
Recent searches
Search options
#githubactions
5 posts5 participants0 posts today
New post that shows how you can operationalize fabric-cicd to work with Microsoft Fabric and GitHub Actions.
Since I got asked if this post was available whilst I was helping at the ask the experts panel during The Microsoft Fabric Community Conference. #fabriccicd #GitHubActions #MicrosoftFabric
Kevin Chant · Operationalize fabric-cicd to work with Microsoft Fabric and GitHub Actions - Kevin ChantShows how you can operationalize fabric-cicd to work with Microsoft Fabric and GitHub Actions. After a recent request.
Wow, breaking news! 
Did you know you can use any program as a GitHub Actions shell? 
Next, we'll find out you can set your toaster as a CI/CD pipeline. 
https://yossarian.net/til/post/any-program-can-be-a-github-actions-shell/ #GitHubActions #ToasterCI #CDpipeline #BreakingNews #TechInnovation #HackerNews #ngated
yossarian.netTIL: Any program can be a GitHub Actions shell
More from 
yossarian (1.3.6.1.4.1.55738)
Any program can be a GitHub Actions shell
https://yossarian.net/til/post/any-program-can-be-a-github-actions-shell/
#HackerNews #GitHubActions #Programming #DevOps #CI/CD #Automation
yossarian.netTIL: Any program can be a GitHub Actions shell
More from yossarian (1.3.6.1.4.1.55738)
Check out my latest blog post on how I was able to run a QEMU/KVM virtual machine in a GitHub Actions workflow to test my app EtchDroid.
In the true spirit of DevOps, this setup automates testing of complex interactions with hardware, eliminating the need for manual testing and freeing up valuable time for the fun parts: innovation and development of new functionality.
By bridging virtualization and CI/CD, this work demonstrates how modern DevOps practices can streamline development workflows and improve software quality.
Read more here: https://blog.depau.eu/2025/04/05/android-usb-testing-with-qemu-kvm/
Also check out my app EtchDroid: https://etchdroid.app/
Davide Depau’s Blog · Testing Android apps USB communication on GitHub Actions with QEMU/KVMMany years ago, I started developing EtchDroid as a hobby, free-software project born out of necessity. EtchDroid is a simple app for writing images to USB drives from an Android device without requiring root access. Over the years, it has become popular, proving useful and reliable for many users. I’m really proud of it. Unfortunately, the same can’t be said for Android’s USB APIs, USB drives, USB OTG adapters, USB ports, and Android devices. Some time ago, I decided to address this issue by adding an essential feature: the ability to resume writing whenever the process is interrupted. I’ve rewritten the app’s UI and backend to support this feature. Now, it’s not only prettier and more user-friendly, but it’s also more reliable than ever.
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack – Source: www.securityweek.com https://ciso2ciso.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ApplicationSecurity #SupplyChainSecurity #CyberSecurityNews #securityweekcom #GitHubactions #securityweek #supplychain
CISO2CISO.COM & CYBER SECURITY GROUP · Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack – Source: www.securityweek.comSource: www.securityweek.com - Author: Ionut Arghire Threat actors used a personal access token (PAT) compromised in December 2024 to mount the March 202
Whoa, this is wild: a supply chain attack using GitHub Actions *nearly* nailed Coinbase. Seriously intense stuff!
Turns out, all it took was a swiped Personal Access Token (PAT). If you're wondering, think of a PAT as basically the master key to GitHub... get your hands on one, and you can cause some *major* havoc. 
Speaking from my pentesting experience, it's often the tiny details that lead to the biggest breaches. So, definitely double-check those GitHub Actions workflows and *please*, rotate your PATs regularly! Remember, Security by Design isn't just some fancy term – it's absolutely essential. And let's be clear: automated scans are *not* the same as a real penetration test. Sorry, not sorry.
Anyone else run into similar situations? What tools are you folks using to lock down your CI/CD pipelines? Drop your thoughts below!
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack https://www.securityweek.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack/ #ApplicationSecurity #SupplyChainSecurity #GitHubactions #SupplyChain
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack https://www.securityweek.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack/ #ApplicationSecurity #SupplyChainSecurity #GitHubactions #SupplyChain
"CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL"
Praetorian · CodeQLEAKED - Public Secrets Exposure Leads toSupply Chain Attack on GitHub CodeQLAn exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.
Oh joy, another thrilling exposé on the riveting world of disk I/O in GitHub Actions. Because clearly, what the internet needed was a dissertation on how slow pipelines are a mystery waiting to be solved by the heroes of... *checks notes*... #iostat. Let's sprinkle some cookies and call it a day. 
https://depot.dev/blog/uncovering-disk-io-bottlenecks-github-actions-ci #diskIO #GitHubActions #slowPipelines #techExposé #developerHumor #HackerNews #ngated
DepotUncovering Disk I/O Bottlenecks in GitHub ActionsWhen your CI pipelines are slow, you can only optimize so much. Bottlenecks in CPU, Network, Memory, and Disk I/O can all contribute to slow CI pipelines. Let's take a look at how disk I/O can be a bottleneck in GitHub Actions.
Disk I/O bottlenecks in GitHub Actions
https://depot.dev/blog/uncovering-disk-io-bottlenecks-github-actions-ci
DepotUncovering Disk I/O Bottlenecks in GitHub ActionsWhen your CI pipelines are slow, you can only optimize so much. Bottlenecks in CPU, Network, Memory, and Disk I/O can all contribute to slow CI pipelines. Let's take a look at how disk I/O can be a bottleneck in GitHub Actions.
Just got both Apple Distribution & Installer certs working in GitHub Actions CI for macOS. The only reliable way? Combine them into one .p12.
Full write-up: msicc.net/ci-ready-…
#AppleDev #macOS #CI #GitHubActions #Notarization 
MSicc’s Blog · CI-Ready macOS Signing: Combining Apple Distribution & Installer Certificates for GitHub ActionsSetting up CI/CD for macOS apps on GitHub Actions comes with its own set of gotchas — especially when Apple requires not one, but two certificates for a complete signing workflow. This post documents how I resolved certificate import issues in CI and got everything working for macOS distribution.
#CI #github il est désormais possible d'utiliser des versions "free-threaded" de #Python (sans le global interpreter lock, qui bride la façon de faire de l'exécution concurrente) dans les #githubactions
https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/
Hugo van Kemenade · Free-threaded Python on GitHub Actions
More from 
Hugo van Kemenade
BREAKING: You have 5 days until #DockerHub transforms into the landlord of your worst nightmares. But fear not, if you run your GitHub Actions on overpriced, molasses-slow machines, salvation awaits! Apparently, paying more for less is the 2025 motto. 
️
https://www.blacksmith.sh/blog/you-have-5-days-before-the-new-dockerhub-limits-f-ck-you-over #GitHubActions #TechNews #SoftwareDevelopment #DevOps #HackerNews #ngated
www.blacksmith.shYou have 5 days before the new DockerHub limits f*ck you over.Docker rate limits are getting much stricter on 1st April, 2025, here are some things you can do in the next few days to avoid breakage in your CI and production deployments.
Oh no, not another soul lost in the GitHub Actions Bermuda Triangle 
. Apparently, someone decided it was a great idea to leave the backdoor open to their secret garden of mysteries. Who needs secure coding practices when you can just sprinkle some malicious pixie dust and watch chaos ensue? 
https://alexwlchan.net/2025/github-actions-audit/ #GitHubActions #SecurityBreach #CodingPractices #SoftwareDevelopment #TechHumor #DevOps #HackerNews #ngated
alexwlchan.netWhose code am I running in GitHub Actions?I wanted to know what third-party code I was using in my GitHub Actions. I was able to use standard text processing tools and shell pipelines to get a quick tally.
Nous avons tous nos bonnes pratiques lorsqu'il s'agit de créer un nouveau #projet #Python, avec l'utilisation de patterns et d'outils éprouvés : lint avec #ruff et #mypy, hooks avec #precommit, tests avec #pytest, intégration continue #githubactions : https://github.com/neubig/starter-repo
Libre à chaque personne de faire évoluer le porojet selon ses propres goûts et contraintes.
GitHubGitHub - neubig/starter-repo: An example starter repo for Python projectsAn example starter repo for Python projects. Contribute to neubig/starter-repo development by creating an account on GitHub.
GitHub Actions now supports free-threaded Python!
I wrote up how to add it your workflows so you can start testing free-threaded Python 3.13 and 3.14 with either actions/setup-python or actions/setup-uv.
https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/
Hugo van Kemenade · Free-threaded Python on GitHub Actions
More from Hugo van Kemenade