Revolutionizing GitHub Monitoring: Meet Git Probe

In the fast-paced world of software development, staying updated with changes in repositories is crucial. Git Probe emerges as a powerful tool that automates this process, leveraging GitHub Actions to...

https://news.lavx.hu/article/revolutionizing-github-monitoring-meet-git-probe

TIL: how to disable cron for GitHub forks

Quick update to this post: no need to hardcode the repo owner name, which makes it easier to maintain projects across organisations.

https://hugovk.dev/blog/2023/til-how-to-disable-cron-for-github-forks/

New blog post!

My GitHub Actions workflow and using GitHub Pages for my Hugo blog. Useful for those who want to write and resume on multiple devices.

https://www.burgeonlab.com/2025/using-github-actions-to-automate-hugo-static-site-deployment-to-github-pages/

#BurgeonLab
#githubpages #github #git #hugo #staticsite #ssg #hugossg #blog #githubactions

Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site, by @j9t [@frontenddogma]:

https://meiert.com/en/blog/eleventy-github-workflow/

“Optimize cycle time! Get feedback quickly! Reduce the time your integration tests take!“ they said.

Now I'm sitting here with my 15 seconds #GitHubActions build queued for 5 minutes.

I need to do CI with bleeding edge GCC and I finally decided to build the necessary container images for it:

cplusplus-ci/base – Ubuntu 24.04 + GCC 13/14, Clang 20/21
cplusplus-ci/latest – adds GCC 15 & trunk (built from source)

Perfect for matrix builds in GitHub Actions!

Example & details: https://github.com/mattkretz/cplusplus-ci

New Windows Arm64 Hosted Runners for GitHub Actions Accelerates Developer Workflows. buff.ly/mjKTJD3 #windows #arm64 #githubactions #windowsdev #windev

New Windows Arm64 Hosted Runne...

New Windows Arm64 Hosted Runners for GitHub Actions Accelerates Developer Workflows.

https://newsroom.arm.com/blog/windows-arm64-runners-git-hub-actions

Status update: I'm now automatically building and releasing a signed fork of stable moshidon with my patches. #CI is cool!

https://github.com/cactichameleon9/moshidon-fork

Revolutionizing CI/CD: OpenHands AI Action Brings Natural Language Automation to GitHub Workflows

The newly launched OpenHands AI Action empowers developers to automate complex tasks within their GitHub workflows using natural language prompts. By leveraging customizable LLM models and Docker-base...

https://news.lavx.hu/article/revolutionizing-ci-cd-openhands-ai-action-brings-natural-language-automation-to-github-workflows

5 GitHub Actions Every Maintainer Needs to Know, by @github:

https://github.blog/open-source/maintainers/5-github-actions-every-maintainer-needs-to-know/

GitHub Actions now supports Windows on Arm runners for all public repos. buff.ly/SlSo4cm #github #arm64 #windows #githubactions #windowsonarm

GitHub Actions now supports Wi...

GitHub Actions now supports Windows on Arm runners for all public repos.

https://blogs.windows.com/windowsdeveloper/2025/04/14/github-actions-now-supports-windows-on-arm-runners-for-all-public-repos/

"GitHub Actions: macOS 15 and Windows 2025 images are now generally available"
Add `macos-15` and `windows-2025` to use them.
https://github.blog/changelog/2025-04-10-github-actions-macos-15-and-windows-2025-images-are-now-generally-available/
#GitHub #GitHubActions #CI #macOS #Windows

It took a full day of trial with #AWS #IAM policy permissions, but managed to get #bref updated with fully #TerraForm'ed permissions and #GitHubActions secrets

#GitHubActions by Example

https://samirs-organization-6.gitbook.io/github-actions-by-example

Check out my latest blog post on how I was able to run a QEMU/KVM virtual machine in a GitHub Actions workflow to test my app EtchDroid.

In the true spirit of DevOps, this setup automates testing of complex interactions with hardware, eliminating the need for manual testing and freeing up valuable time for the fun parts: innovation and development of new functionality.

By bridging virtualization and CI/CD, this work demonstrates how modern DevOps practices can streamline development workflows and improve software quality.

Read more here: https://blog.depau.eu/2025/04/05/android-usb-testing-with-qemu-kvm/

Also check out my app EtchDroid: https://etchdroid.app/

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack – Source: www.securityweek.com https://ciso2ciso.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ApplicationSecurity #SupplyChainSecurity #CyberSecurityNews #securityweekcom #GitHubactions #securityweek #supplychain

Whoa, this is wild: a supply chain attack using GitHub Actions *nearly* nailed Coinbase. Seriously intense stuff!

Turns out, all it took was a swiped Personal Access Token (PAT). If you're wondering, think of a PAT as basically the master key to GitHub... get your hands on one, and you can cause some *major* havoc.

Speaking from my pentesting experience, it's often the tiny details that lead to the biggest breaches. So, definitely double-check those GitHub Actions workflows and *please*, rotate your PATs regularly! Remember, Security by Design isn't just some fancy term – it's absolutely essential. And let's be clear: automated scans are *not* the same as a real penetration test. Sorry, not sorry.

Anyone else run into similar situations? What tools are you folks using to lock down your CI/CD pipelines? Drop your thoughts below!

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack https://www.securityweek.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack/ #ApplicationSecurity #SupplyChainSecurity #GitHubactions #SupplyChain