Ken Muse
GitHub Actions Workflow Permissions
GitHub Actions Workflows can provide a great abstraction layer for creating or orchestrating build and release processes. Since we’re running code – in some cases, from third-parties – it’s important to understand how to secure the environment from malicious Actions. This is where permissions can help.

Read more

Dynamic Build Matrices in GitHub Actions

Dynamic Build Matrices in GitHub Actions

GitHub Actions allows you to create matrix builds to execute steps multiple times with different parameters. Fun tip – those parameters can be dynamic. You can define them programmatically!

Read more

GitHub, Maven, and Packages
Java makes it surprisingly easy to manage and package complex projects using Apache Maven. One question I’m frequently asked – how does this integrate with GitHub Actions? Turns out that the answer is “surprisingly well!”

Read more

GitHub Actions Injection
If you can code it, someone will find a way to exploit it ( accidentally or intentionally). Anytime development efforts are involved, it’s important to minimize security risks and bugs. This is also true with GitHub Actions, which allows you to script advanced automation solutions. Because of this, it’s important to understand where injection can occur and how to avoid it.

Read more

Life After Git Squash

Life After Git Squash

Git has some interesting behaviors built into it. For example, it makes it easy to squash a set of commits into a single commit. This creates a very simple history. But what happens if that history that you’re eliminating has a tag applied to it? Does that tag get eliminated? Does it point to the newly squashed commit? Today’s article explores what to expect in that situation … and why.

Read more