Last month I added a few more @github.com Actions to the Marketplace and found that it was easy to forget to update my examples as the Action evolved.
So, now I validate the examples against the action.yaml with own action: GitHub Actions Example Checker.
jessehouwing.net/keep-your-ex...
One more crazy @GitHub Actions project! Another one for Actions authors.
This one validates that the examples you use in your docs and action.yaml's description match the implementation.
If you delete or rename (or change the accepted values) inputs, this will warn you.
github.com/marketplace/...
Do you maintain an Azure DevOps Extension? Then I need your help!
The past few days I've completely refactored the Azure DevOps Extension Tasks. They're now available for both GitHub Actions as well as Azure Pipelines and completely cleaned up and PREVIEW!
github.com/jessehouwing...
Ever realised that all the techniques we use to battle hallucinations from LLMs come down to: use more tokens, spend more money?
matthijsvdveer.substack.com/p/battling-h...
Versioning of #GitHub Actions still felt like black magic at certain times, especially with the introduction of Immutable Releases, which does not allow much room for mistakes.
I decided to automate the process of validating all of this: jessehouwing.net/github-actio...
Versioning of #GitHub Actions still felt like black magic at certain times, especially with the introduction of Immutable Releases, which does not allow much room for mistakes.
I decided to automate the process of validating all of this: jessehouwing.net/github-actio...
Always a fun moment... or for an auto-update to kick in during. At least we share the same, reboot within 8hrs policy, so at least you can postpone the inevitable until it may hurt a little less.
I kind of meant this feature instead:
docs.github.com/en/codespace...
Automatically brings those skills to every codespace you open. And easily integrated in a start-up script to pull them into every workstation you work from.
Can you combine that with the dot folder config as well?
Recently someone brought to my attention that you pin your actions, Security Advisories for GitHub Actions do not show up in the Dependency Graph. I set about a solution to solve that problem.
jessehouwing.net/github-actio...
@github #githubactions #supplychainsecurity
Recently someone brought to my attention that you pin your actions, Security Advisories for GitHub Actions do not show up in the Dependency Graph. I set about a solution to solve that problem.
jessehouwing.net/github-actio...
@github #githubactions #supplychainsecurity
Found a funny bug in Garmin... My Fenix 8 had adjusted to local time in San Francisco after my flight yesterday, but also decided it should still apply European Winter Time. So I woke up to my Phone and my Watch being in disagreement. One more manual sync with Connect fixed it.
@garmin.com
Can go in the box in the attic along with its 18 predecessors.
xkcd in 2025
Use this link to learn more about Xebia or book some time with our team.
events.xebia.com/microsoft/-x...
Banner showing my fave and inviting you to connect at universe.
Join me at #githubuniverse! You can find me at the Xebia booth throughout the event. Don't hesitate to ping me if you want to talk about GitHub Enterprise, Actions Security or rolling out GitHub Copilot in your organization.
#xebia π @github.com π Universe
Oh yeah. Even worse. Though we didn't need AI for this stupidity.
Yeah... I've had to paste in `utility --help` into the AI multiple times now so it would trust me some parameter did or did not exist.
Even more fun when it's a "hidden" parameter.
And then to convince another human... ARGH!
You can add custom instructions to auto create a [WIP] ... Commit in case of unsaved changes.
Subtly downgrade a band
U1ΒΎ
Managing Cost Center in GitHub is currently something only an Enterprise or Billing Administrator can do. We wanted Org
Owners and Repo Admins to be able to set this too.
I achieve this by combining Custom Properties and PowerShell in an Actions Workflow.
jessehouwing.net/github-billi...
i donβt think people on bluesky understand the severity of this situation.
i woke up to literally hundreds of texts from friends and family thinking about either moving back home to india or applying to other countries for jobs. this includes me.
Thousands of women are sharing this and saying yes, this was their experience, many of them sharing their own horrific 70s, 80s, 90s, 00s experiences. (And almost everyone sharing it appears to be female.)
Great post John! And it's easy to replace bicep with terraform or another tech. There's also a terraform MCP integration available.
As a temporary solution I got these. That hopefully gives me 100Mbit, which would be enough.
amzn.eu/d/h7SQmir
But I'd rather have a proper plug on the end.
So I cut the connector off a 32/7 AWG UTP cable to feed it through a wall. Turns out I can't find any replacement connectors to put on the cut-off end. Problem is it's a REALLY thin cable. 4mm in total.
Tips anyone?
#networking #ubiquity #unifi
That's a huge compliment coming from you :).
But there are more potential problems in their GitHub actions infrastructure. Things that probably weren't part of this attack chain, but could be abused in the future.
I hope the blog post will help plug the remaining holes as best possible.
All 3 were needed to extract the secret. Had any of these not been there, the attack would have failed immediately.
The rest of the attack chain made assumptions about the safety of the repo itself, which was compromised by the leaking of the valid write token.
It all went down from there.
The default GitHub token permissions being read/write must have been the one thing that would have caused the biggest problem.
Followed by the script injection attack.
Followed by the use of the pull_request_target.
