Ken Muse

For certificates to work, we need a system of trust. We need to know that each certificate is valid and was properly issued. This is the role of the certificate authorities (CAs). In the second part of this series, we’ll explore the role of CAs and how certificates are validated. We’ll also look at creating a private CA using a self-signed certificate.

Despite decades of use, certificates tend to be a mystery to most developers. At their root, they are largely more than a collection of name-value pairs and a public key. The majority of people that work with certificates regularly often run into situations where they need to understand the details of how they work. In this post, we’ll dive into the basics and learn what’s in these files.

Most package management systems support some kind of “universal artifacts” storage. Azure Artifacts supports “universal packages”, Artifactory supports “generic repositories”, and Nexus has “raw repositories”. But what about GitHub? From all appearances, it would seem this is an oversight. Although not explicitly documented, it turns out it’s fully supported.

If you’ve ever wanted to integrate an external system or execute parts of the CI process asynchronously, the GitHub Checks API can provide a way to make that happen. In fact, you can even use Checks to allow two workflows to work together, no waiting or polling from the runner required. Today I’ll demonstrate how the API works and provide two workflows that demonstrate how to build a working GitHub Check.

Most people don’t realize that the humble pull request orchestrates surprisingly complex activities behind the scene. GitHub creates test merges and simulated merge branches to test and validate what would happen if the changes were merged into the target branch. This is more complex than most people realize, and it leads to a number of different SHAs being provided to the GitHub workflow. It’s time to understand these SHAs, their purpose, and how to find them.