Ever found yourself stuck mid-feature when a production bug demands immediate attention? What about when a colleague asks if you can take a quick look at some code? We’ve all been there, trying to safely commit incomplete work or juggling stashes so we can switch between Git branches. What if I told you Git has had a solution for over a decade (and that VS Code just added support)? Learn how Git worktrees can reduce your friction!

Ready to finish crafting your CodeQL Actions runner image? Following up on my previous post, it’s time to add Python 2 support to the Docker image. You’ll add to the multistage build, learn how to preserve symbolic links, and learn a trick for unpacking archives without needing to copy the archive into the image first.

Have you struggled with running CodeQL analysis on your own runners? You’re not alone. I figured that it was probably time to tackle this challenge to show you how to build the image, a few advanced Docker tricks, and a way to incorporate the scripts that the Actions team uses to build the official hosted runner VM images.

A common question I’ve heard is “how do I run Docker commands from within a GitHub Actions job container?” In this post, I’ll explore how GitHub Actions implements job and service containers using Docker, and how you can use that to run your own Docker commands from inside a job container.

Ever wondered why you can’t just export your environment variables in GitHub Actions? I mean, it’s a Bash script, right? Well, it turns out that the way GitHub Actions works makes exporting them across steps impossible. Let’s dive into the details and learn how to properly set environment variables in your workflows.

Need to authenticate with different Git repositories using various credentials? This post explores how to dynamically authenticate with Git using credential helpers, environment variables, and secret management systems.

Ever wondered how Git actually authenticates with remote repositories? Ever needed to configure different credentials to access different repositories? This article dives into the inner workings of Git authentication, exploring the role of credential helpers, how they are implemented, and how to customize them for your needs.

In this post, we’ll continue the exploration of Gitsign by extracting some of the attestation data from a signed commit and using it to check how the code was built. This will help you understand how you can use the attestation data in your workflows.

Worried about securing your source code supply chain for GitOps and other processes? Learn how to implement automated signing in CI/CD pipelines, verify commit authenticity using transparency logs, and leverage GitHub OIDC tokens with Gitsign for keyless commit signing.

Over the last three months, the GitHub team behind Actions Runner Controller (ARC) has released three updates. These included bug fixes, performance improvements, improved configurability, and a new approach to metrics. In this post, I’ll cover some of the highlights of these releases and what they mean for you.