#githubactions — Public Fediverse posts

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

"CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss"
https://github.com/graycoreio/github-actions-magento2/discussions/261

#php #magento #composerphp #githubactions

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

🧵👇 #PHP #security

🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🎉 BREAKING: GitHub accidentally leaks its own token in Actions logs! 🎉 It's like they finally decided to play hide and seek, but forgot the 'hide' part. 🤦‍♂️ GitHub devs now busy inventing new ways to accidentally leave the #backdoor open. 🚪🔓
https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2 #GitHubLeaks #GitHubActions #SecurityBreach #DevOps #Failures #HackerNews #ngated

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

RE: https://infosec.exchange/@cidu/116563888871363394

Again, with #github #githubactions at the center of another PR driven compromise?

You would think their wonderful #AI would catch these by now if they're not going to fix the underlying problem.

Is it called #copilot too??

84 npm versions published by an attacker in 12 hours.
Without stealing a single declared token.

On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

→ Misconfigured pull_request_target
→ Arbitrary code execution with internal privileges
→ Poisoned GitHub Actions cache → pivot into the release workflow
→ OIDC token extracted via /proc/mem on the runner
→ Publish under the org's legitimate identity

Outcome: 42 packages compromised, 84 malicious versions live.
External detection in 20 minutes (StepSecurity / carlini).
TanStack's internal monitoring never saw the incident.

Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

→ https://cidu.io/articles/tanstack-npm-supply-chain-2026

#SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

84 npm versions published by an attacker in 12 hours.
Without stealing a single declared token.

On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

→ Misconfigured pull_request_target
→ Arbitrary code execution with internal privileges
→ Poisoned GitHub Actions cache → pivot into the release workflow
→ OIDC token extracted via /proc/mem on the runner
→ Publish under the org's legitimate identity

Outcome: 42 packages compromised, 84 malicious versions live.
External detection in 20 minutes (StepSecurity / carlini).
TanStack's internal monitoring never saw the incident.

Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

→ https://cidu.io/articles/tanstack-npm-supply-chain-2026

#SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

84 npm versions published by an attacker in 12 hours.
Without stealing a single declared token.

On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

→ Misconfigured pull_request_target
→ Arbitrary code execution with internal privileges
→ Poisoned GitHub Actions cache → pivot into the release workflow
→ OIDC token extracted via /proc/mem on the runner
→ Publish under the org's legitimate identity

Outcome: 42 packages compromised, 84 malicious versions live.
External detection in 20 minutes (StepSecurity / carlini).
TanStack's internal monitoring never saw the incident.

Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

→ https://cidu.io/articles/tanstack-npm-supply-chain-2026

#SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

84 npm versions published by an attacker in 12 hours.
Without stealing a single declared token.

On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

→ Misconfigured pull_request_target
→ Arbitrary code execution with internal privileges
→ Poisoned GitHub Actions cache → pivot into the release workflow
→ OIDC token extracted via /proc/mem on the runner
→ Publish under the org's legitimate identity

Outcome: 42 packages compromised, 84 malicious versions live.
External detection in 20 minutes (StepSecurity / carlini).
TanStack's internal monitoring never saw the incident.

Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

→ https://cidu.io/articles/tanstack-npm-supply-chain-2026

#SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

84 npm versions published by an attacker in 12 hours.
Without stealing a single declared token.

On May 11, an operator forked TanStack/router on GitHub, opened a Pull Request, and triggered a three-stage attack chain:

→ Misconfigured pull_request_target
→ Arbitrary code execution with internal privileges
→ Poisoned GitHub Actions cache → pivot into the release workflow
→ OIDC token extracted via /proc/mem on the runner
→ Publish under the org's legitimate identity

Outcome: 42 packages compromised, 84 malicious versions live.
External detection in 20 minutes (StepSecurity / carlini).
TanStack's internal monitoring never saw the incident.

Our full analysis: the attack chain, the Shai-Hulud / tj-actions lineage, and the defensive checklist (workflows, cache, OIDC, ephemeral runners).

→ https://cidu.io/articles/tanstack-npm-supply-chain-2026

#SupplyChain #Cybersecurity #npm #DevSecOps #ThreatIntel #GitHubActions #SOC

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

GitHub Actions' Windows hosted runner migration to Visual Studio 2026 starts from June 8th, 2026!

#GitHub #GHActions #GitHubActions #VS2026 #VisualStudio #TechNews #TechUpdates #csharp #programming #dotnet

https://officialaptivi.wordpress.com/2026/05/12/github-actions-windows-hosted-runner-migration-to-visual-studio-2026-starts-soon/

GitHub Actions’ Windows hosted runner migration to Visual Studio 2026 starts soon

GitHub has recently planned a migration process for those who are using the Windows workflows in their GitHub-hosted Actions instances that migrates the installation of Visual Studio 2022 to the newer Visual Studio 2026. The windows-latest and windows-2025 runner images will use Visual Studio 2026, starting from June 8th, 2026.

The February 2026 announcement post stated that there’s a newer runner image that focuses on using Visual Studio 2026 as a public preview. As the windows-2025 runner image has reached general availability on May 4th, it used Visual Studio 2026 as the integrated development environment instead of Visual Studio 2022.

Starting from June 8th, 2026, the rollout is expected to end by June 15th, 2026. The workflows will gradually shift over to the newer Visual Studio 2026 IDE instead of the older VS2022 version. However, for those who are still depending on the older Visual Studio 2022 IDE, manual adjustments are needed to ensure that the migration to VS2026 is complete without any issues, as things might break during the migration process.

In most situations, you won’t need to do anything, as the migration happens transparently. However, in case things break after migration, you’ll have to perform some changes to ensure that workflows continue to work even after migration.

RE: https://code4lib.social/@acdha/116558806694701121

Do not use pull_request_target.
Do not use caches in publish workflows.
Use dependency cooldowns.
Use Zizmor.
Tell GitHub to make Actions secure by default.
#GitHub #GitHubActions

Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

https://csharp.christiannagel.com/2026/05/10/aspire-update/

#aspire #cloudnative #githubactions #dotnet

Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

https://csharp.christiannagel.com/2026/05/10/aspire-update/

#aspire #cloudnative #githubactions #dotnet

Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

https://csharp.christiannagel.com/2026/05/10/aspire-update/

#aspire #cloudnative #githubactions #dotnet

Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

https://csharp.christiannagel.com/2026/05/10/aspire-update/

#aspire #cloudnative #githubactions #dotnet

Streamline Aspire SDK Updates with GitHub Actions | by Christian Nagel

https://csharp.christiannagel.com/2026/05/10/aspire-update/

#aspire #cloudnative #githubactions #dotnet

RE: https://mastodon.social/@hugovk/116399324188897230

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.

But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.

I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉

Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

RE: https://mastodon.social/@hugovk/116399324188897230

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.

But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.

I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉

Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

RE: https://mastodon.social/@hugovk/116399324188897230

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.

But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.

I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉

Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

RE: https://mastodon.social/@hugovk/116399324188897230

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.

But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.

I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉

Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

RE: https://mastodon.social/@hugovk/116399324188897230

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.

But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.

I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉

Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

"Primer on GitHub Actions Security"

https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses

#security #infosec #ci #githubactions

[Перевод] ИИ. ЦПУ против ГПУ — Данные и Выводы

Для начала — просто гляньте на те фото и видео, которые я сгенерировал, вообще не прикасаясь к мышке или планшету. Конечно, до и после было проделано немало работы, но сам процесс создания цифрового арта не требовал ручного рисования. Так что скажем спасибо моим CPU и GPU — они реально тащили 💪 По ходу этого пути возникли интересные вопросы: когда вообще есть смысл использовать СPU, и как модели разного размера ведут себя при параллельных нагрузках? В целом, результаты получились довольно любопытными. Жми чтоб узнать подробности!

https://habr.com/ru/articles/1032026/

#AI #Infrastructure #GitHubActions #Performance #Optimization #devops

🚨 ALERT 🚨 GitHub has yet another "incident" (shockingly) with their so-called 'Actions' feature. Now you can subscribe to a never-ending stream of email and text notifications 🤖 while you frantically refresh your inbox for an OTP that never arrives. Welcome to DevOps hell, where the only constant is the chaos of GitHub's endless status updates. 😂
https://www.githubstatus.com/incidents/1j40g94rn22j #GitHubActions #DevOpsHell #NotificationChaos #TechHumor #IncidentAlert #HackerNews #ngated

Wie #GithubActions Entwicklerteams langsam tötet #Github #CICD
https://glm.io/206831?n

Publikování npm balíčků pomocí dlouhodobých tokenů uložených v GitHub Secrets je pohodlné, ale riskantní. Od léta 2025 nabízí npm elegantnější řešení: Trusted Publishers s OIDC autentizací, které tokeny zcela nahrazují. Žádné secrets, žádná rotace, žádný únik přihlašovacích údajů z logů. Ukážeme si, jak vše nastavit za pár minut.