#githubactions — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #githubactions, aggregated by home.social.
-
フォーク100超のAndroidプロジェクトで、共通基盤の更新取り込みをAIで仕組み化
https://qiita.com/mgre_tanabe/items/0f9a4105cebcc9df6f6e?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
フォーク100超のAndroidプロジェクトで、共通基盤の更新取り込みをAIで仕組み化
https://qiita.com/mgre_tanabe/items/0f9a4105cebcc9df6f6e?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
https://winbuzzer.com/2026/05/26/megalodon-hit-5561-github-repos-through-malicious-workflows-xcxwbn/
Megalodon GitHub Actions Backdoor Campaign Hits 5,561 GitHub Repos
-
https://winbuzzer.com/2026/05/26/megalodon-hit-5561-github-repos-through-malicious-workflows-xcxwbn/
Megalodon GitHub Actions Backdoor Campaign Hits 5,561 GitHub Repos
-
https://winbuzzer.com/2026/05/26/megalodon-hit-5561-github-repos-through-malicious-workflows-xcxwbn/
Megalodon GitHub Actions Backdoor Campaign Hits 5,561 GitHub Repos
-
https://winbuzzer.com/2026/05/26/megalodon-hit-5561-github-repos-through-malicious-workflows-xcxwbn/
Megalodon GitHub Actions Backdoor Campaign Hits 5,561 GitHub Repos
-
https://winbuzzer.com/2026/05/26/megalodon-hit-5561-github-repos-through-malicious-workflows-xcxwbn/
Megalodon GitHub Actions Backdoor Campaign Hits 5,561 GitHub Repos
-
Oh no, GitHub Actions is #down again! 🚨 Quick, everyone act surprised while desperately refreshing your email for OTPs like it's 1999. 🙄 But don't worry, at least you can scroll through an endless list of country codes while you wait! 🌍💡
https://www.githubstatus.com/?today #GitHubActions #Emergency #Refresh #CountryCodes #TechHumor #HackerNews #ngated -
Oh no, GitHub Actions is #down again! 🚨 Quick, everyone act surprised while desperately refreshing your email for OTPs like it's 1999. 🙄 But don't worry, at least you can scroll through an endless list of country codes while you wait! 🌍💡
https://www.githubstatus.com/?today #GitHubActions #Emergency #Refresh #CountryCodes #TechHumor #HackerNews #ngated -
Oh no, GitHub Actions is #down again! 🚨 Quick, everyone act surprised while desperately refreshing your email for OTPs like it's 1999. 🙄 But don't worry, at least you can scroll through an endless list of country codes while you wait! 🌍💡
https://www.githubstatus.com/?today #GitHubActions #Emergency #Refresh #CountryCodes #TechHumor #HackerNews #ngated -
Oh no, GitHub Actions is #down again! 🚨 Quick, everyone act surprised while desperately refreshing your email for OTPs like it's 1999. 🙄 But don't worry, at least you can scroll through an endless list of country codes while you wait! 🌍💡
https://www.githubstatus.com/?today #GitHubActions #Emergency #Refresh #CountryCodes #TechHumor #HackerNews #ngated -
Oh no, GitHub Actions is #down again! 🚨 Quick, everyone act surprised while desperately refreshing your email for OTPs like it's 1999. 🙄 But don't worry, at least you can scroll through an endless list of country codes while you wait! 🌍💡
https://www.githubstatus.com/?today #GitHubActions #Emergency #Refresh #CountryCodes #TechHumor #HackerNews #ngated -
-
-
-
-
-
I've been running Github Actions with custom runner images on a k8s cluster for about year and a half by now - and I could attest that this is absolute shitshow, especially in a last few releases.
Like, since December each upgrade ends in a troubleshooting because of the bugs and just missing changes.
Latest one follow the charge: helm upgrade of controller went ok, the GHA controller got upgraded to the right version; then the runners got upgraded (entities corresponding to the actual pods spawned for jobs); but the listeners (entity responsible for events from Github and represented by listener pod) are still of previous version. Thus action spawns runner pods of previous version.
WAT?
Update for clarity: you may upgrade one component, but you have to uninstall and install again another, while both of them are parts of the same release.
-
I've been running Github Actions with custom runner images on a k8s cluster for about year and a half by now - and I could attest that this is absolute shitshow, especially in a last few releases.
Like, since December each upgrade ends in a troubleshooting because of the bugs and just missing changes.
Latest one follow the charge: helm upgrade of controller went ok, the GHA controller got upgraded to the right version; then the runners got upgraded (entities corresponding to the actual pods spawned for jobs); but the listeners (entity responsible for events from Github and represented by listener pod) are still of previous version. Thus action spawns runner pods of previous version.
WAT?
Update for clarity: you may upgrade one component, but you have to uninstall and install again another, while both of them are parts of the same release.
-
I've been running Github Actions with custom runner images on a k8s cluster for about year and a half by now - and I could attest that this is absolute shitshow, especially in a last few releases.
Like, since December each upgrade ends in a troubleshooting because of the bugs and just missing changes.
Latest one follow the charge: helm upgrade of controller went ok, the GHA controller got upgraded to the right version; then the runners got upgraded (entities corresponding to the actual pods spawned for jobs); but the listeners (entity responsible for events from Github and represented by listener pod) are still of previous version. Thus action spawns runner pods of previous version.
WAT?
Update for clarity: you may upgrade one component, but you have to uninstall and install again another, while both of them are parts of the same release.
-
I've been running Github Actions with custom runner images on a k8s cluster for about year and a half by now - and I could attest that this is absolute shitshow, especially in a last few releases.
Like, since December each upgrade ends in a troubleshooting because of the bugs and just missing changes.
Latest one follow the charge: helm upgrade of controller went ok, the GHA controller got upgraded to the right version; then the runners got upgraded (entities corresponding to the actual pods spawned for jobs); but the listeners (entity responsible for events from Github and represented by listener pod) are still of previous version. Thus action spawns runner pods of previous version.
WAT?
Update for clarity: you may upgrade one component, but you have to uninstall and install again another, while both of them are parts of the same release.
-
I've been running Github Actions with custom runner images on a k8s cluster for about year and a half by now - and I could attest that this is absolute shitshow, especially in a last few releases.
Like, since December each upgrade ends in a troubleshooting because of the bugs and just missing changes.
Latest one follow the charge: helm upgrade of controller went ok, the GHA controller got upgraded to the right version; then the runners got upgraded (entities corresponding to the actual pods spawned for jobs); but the listeners (entity responsible for events from Github and represented by listener pod) are still of previous version. Thus action spawns runner pods of previous version.
WAT?
Update for clarity: you may upgrade one component, but you have to uninstall and install again another, while both of them are parts of the same release.
-
AWS MCP Server が GA になったのでGithub Copilot cloud agentから利用してみる
https://qiita.com/willco21/items/d31c9c32753870d8e563?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
AWS MCP Server が GA になったのでGithub Copilot cloud agentから利用してみる
https://qiita.com/willco21/items/d31c9c32753870d8e563?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
Megalodon: 5.561 repository GitHub compromessi in sei ore con workflow CI/CD malevoli
In sei ore il 18 maggio 2026, la campagna automatizzata Megalodon ha iniettato 5.718 commit malevoli in 5.561 repository GitHub, esfiltrandone credenziali cloud, chiavi SSH e segreti CI/CD verso un C2 esterno. L'operazione, collegata al gruppo TeamPCP, rappresenta uno degli attacchi alla supply chain dello sviluppo software più rapidi mai documentati e ha spinto npm a invalidare migliaia di token di accesso con bypass 2FA. -
Megalodon: 5.561 repository GitHub compromessi in sei ore con workflow CI/CD malevoli
In sei ore il 18 maggio 2026, la campagna automatizzata Megalodon ha iniettato 5.718 commit malevoli in 5.561 repository GitHub, esfiltrandone credenziali cloud, chiavi SSH e segreti CI/CD verso un C2 esterno. L'operazione, collegata al gruppo TeamPCP, rappresenta uno degli attacchi alla supply chain dello sviluppo software più rapidi mai documentati e ha spinto npm a invalidare migliaia di token di accesso con bypass 2FA. -
Megalodon: 5.561 repository GitHub compromessi in sei ore con workflow CI/CD malevoli
In sei ore il 18 maggio 2026, la campagna automatizzata Megalodon ha iniettato 5.718 commit malevoli in 5.561 repository GitHub, esfiltrandone credenziali cloud, chiavi SSH e segreti CI/CD verso un C2 esterno. L'operazione, collegata al gruppo TeamPCP, rappresenta uno degli attacchi alla supply chain dello sviluppo software più rapidi mai documentati e ha spinto npm a invalidare migliaia di token di accesso con bypass 2FA. -
Megalodon: 5.561 repository GitHub compromessi in sei ore con workflow CI/CD malevoli
In sei ore il 18 maggio 2026, la campagna automatizzata Megalodon ha iniettato 5.718 commit malevoli in 5.561 repository GitHub, esfiltrandone credenziali cloud, chiavi SSH e segreti CI/CD verso un C2 esterno. L'operazione, collegata al gruppo TeamPCP, rappresenta uno degli attacchi alla supply chain dello sviluppo software più rapidi mai documentati e ha spinto npm a invalidare migliaia di token di accesso con bypass 2FA. -
Megalodon: 5.561 repository GitHub compromessi in sei ore con workflow CI/CD malevoli
In sei ore il 18 maggio 2026, la campagna automatizzata Megalodon ha iniettato 5.718 commit malevoli in 5.561 repository GitHub, esfiltrandone credenziali cloud, chiavi SSH e segreti CI/CD verso un C2 esterno. L'operazione, collegata al gruppo TeamPCP, rappresenta uno degli attacchi alla supply chain dello sviluppo software più rapidi mai documentati e ha spinto npm a invalidare migliaia di token di accesso con bypass 2FA. -
🦈 Megalodon: Mass GitHub Repo Backdooring via CI Workflows
「 On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window 」
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
-
🦈 Megalodon: Mass GitHub Repo Backdooring via CI Workflows
「 On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window 」
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
-
🦈 Megalodon: Mass GitHub Repo Backdooring via CI Workflows
「 On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window 」
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
-
🦈 Megalodon: Mass GitHub Repo Backdooring via CI Workflows
「 On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window 」
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
-
🦈 Megalodon: Mass GitHub Repo Backdooring via CI Workflows
「 On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window 」
https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/
-
Level up your workflow! 🚀 Learn how to automate builds, deployments, and security checks with GitHub Actions. A quick guide to mastering CI/CD – check it out! 💻 #GitHubActions #CICD #DevOps
-
Level up your workflow! 🚀 Learn how to automate builds, deployments, and security checks with GitHub Actions. A quick guide to mastering CI/CD – check it out! 💻 #GitHubActions #CICD #DevOps
-
Level up your workflow! 🚀 Learn how to automate builds, deployments, and security checks with GitHub Actions. A quick guide to mastering CI/CD – check it out! 💻 #GitHubActions #CICD #DevOps
-
Level up your workflow! 🚀 Learn how to automate builds, deployments, and security checks with GitHub Actions. A quick guide to mastering CI/CD – check it out! 💻 #GitHubActions #CICD #DevOps
-
GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials
A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.
#SupplyChainAttack #GithubActions #CicdCredentials #ImposterCommits #EmergingThreats
-
Shai-Hulud worm infects another npm package
A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.
#Shaihulud #Npm #GithubActions #SupplyChain #MalwareOperations
-
Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistral AI e OpenAI
Tra il 11 e il 14 maggio 2026, il gruppo TeamPCP ha compromesso oltre 160 pacchetti npm e 2 PyPI in un supply chain attack di nuova generazione soprannominato 'Mini Shai-Hulud'. Attraverso l'avvelenamento della cache GitHub Actions, il malware si è auto-propagato nei namespace di TanStack, Mistral AI e UiPath. Il pacchetto node-ipc (822K download settimanali) è stato compromesso separatamente con un payload che rubava 90+ categorie di credenziali. Tra le vittime: due dipendenti di OpenAI. -
Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistral AI e OpenAI
Tra il 11 e il 14 maggio 2026, il gruppo TeamPCP ha compromesso oltre 160 pacchetti npm e 2 PyPI in un supply chain attack di nuova generazione soprannominato 'Mini Shai-Hulud'. Attraverso l'avvelenamento della cache GitHub Actions, il malware si è auto-propagato nei namespace di TanStack, Mistral AI e UiPath. Il pacchetto node-ipc (822K download settimanali) è stato compromesso separatamente con un payload che rubava 90+ categorie di credenziali. Tra le vittime: due dipendenti di OpenAI. -
Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistral AI e OpenAI
Tra il 11 e il 14 maggio 2026, il gruppo TeamPCP ha compromesso oltre 160 pacchetti npm e 2 PyPI in un supply chain attack di nuova generazione soprannominato 'Mini Shai-Hulud'. Attraverso l'avvelenamento della cache GitHub Actions, il malware si è auto-propagato nei namespace di TanStack, Mistral AI e UiPath. Il pacchetto node-ipc (822K download settimanali) è stato compromesso separatamente con un payload che rubava 90+ categorie di credenziali. Tra le vittime: due dipendenti di OpenAI. -
Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistral AI e OpenAI
Tra il 11 e il 14 maggio 2026, il gruppo TeamPCP ha compromesso oltre 160 pacchetti npm e 2 PyPI in un supply chain attack di nuova generazione soprannominato 'Mini Shai-Hulud'. Attraverso l'avvelenamento della cache GitHub Actions, il malware si è auto-propagato nei namespace di TanStack, Mistral AI e UiPath. Il pacchetto node-ipc (822K download settimanali) è stato compromesso separatamente con un payload che rubava 90+ categorie di credenziali. Tra le vittime: due dipendenti di OpenAI. -
Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistral AI e OpenAI
Tra il 11 e il 14 maggio 2026, il gruppo TeamPCP ha compromesso oltre 160 pacchetti npm e 2 PyPI in un supply chain attack di nuova generazione soprannominato 'Mini Shai-Hulud'. Attraverso l'avvelenamento della cache GitHub Actions, il malware si è auto-propagato nei namespace di TanStack, Mistral AI e UiPath. Il pacchetto node-ipc (822K download settimanali) è stato compromesso separatamente con un payload che rubava 90+ categorie di credenziali. Tra le vittime: due dipendenti di OpenAI.
