In this post, we’ll continue the exploration of Gitsign by extracting some of the attestation data from a signed commit and using it to check how the code was built. This will help you understand how you can use the attestation data in your workflows.

Worried about securing your source code supply chain for GitOps and other processes? Learn how to implement automated signing in CI/CD pipelines, verify commit authenticity using transparency logs, and leverage GitHub OIDC tokens with Gitsign for keyless commit signing.

Over the last three months, the GitHub team behind Actions Runner Controller (ARC) has released three updates. These included bug fixes, performance improvements, improved configurability, and a new approach to metrics. In this post, I’ll cover some of the highlights of these releases and what they mean for you.

So many times, teams use “it should work” as the reason why their software or processes don’t require testing. For example, the code is so simple, it should work. Or, the code was tested on Linux, so it should work on Windows. In reality, this can be dangerous at best … and fatal at worst.

For most people, Git Large File Storage (LFS) is a black box. You install it and somehow Git handles large files differently. But how does it manage the files? How does it know how and when to upload the files? And how was this implemented using only native Git extensibility points? This post will uncover its secrets and how it uses Git hooks and filters to manage large files.

Migrating repositories with LFS can be tricky. This is especially true when the repository is configured to use an LFS endpoint that is separate from the Git repository. Learn how to safely migrate repositories that are using .lfsconfig to manage the storage location.

Like any other software lifecycle, infrastructure-as-code solutions can mature over time. But how do we know where we are in our maturity and the steps to take to improve? This post introduces a maturity model that you can use for infrastructure-as-code. It also explores how you can use composition and reusability to improve your solutions and make them more testable.

Historically, there’s been no way to really apply resource requests or limits at the pod level in Kubernetes. Instead, we are forced to apply these configurations at the container level. Thankfully, there is a new feature in Kubernetes that promises to change that.

Since it’s the gift-giving season, it seems like the perfect time to wrap up the posts about how to distribute packages. More specifically, how to distribute dependencies and settings with NuGet packages.

Kubernetes native sidecars can create more reliable deployments. In this post, we’ll explore how to improve the Docker-in-Docker implementation in GitHub Actions Runner Controller (ARC) using native sidecars.