GitHub - Ken Muse

Workspace vs Worktree Isolation in Copilot CLI

Fri, 27 Mar 2026 00:00:00 -0400

Run Copilot CLI sessions in parallel without repo chaos. Learn when to use workspace or worktree isolation, then review, merge, and clean up safely.

Why Focused AI Agents Get Better Coding Results

Thu, 19 Mar 2026 00:00:00 -0400

Learn why focused AI agents outperform generalists. All about why tokens, context windows, progressive disclosure, and splitting planning improves results.

A Chef's Guide to Customizing GitHub Copilot

Sat, 14 Mar 2026 00:00:00 -0400

A kitchen analogy that makes it easier to know when to use Copilot's customization features: instructions, prompts, agents, skills, MCP, hooks, and plugins.

Creating Agent Plugins for VS Code and Copilot CLI

Sat, 07 Mar 2026 00:00:00 -0500

Package and share Copilot customizations with agent plugins -- build a plugin, create a marketplace, and install it in VS Code or the CLI.

GitHub Agentic Workflows Bring AI Agents to Actions

Fri, 13 Feb 2026 00:00:00 -0500

Explore GitHub's new Agentic Workflows -- AI coding agents in GitHub Actions with defense-in-depth security and natural language automation.

What Is MCP and Why Do Developers Care?

Sat, 31 Jan 2026 00:00:00 -0500

Discover Model Context Protocol (MCP), the open standard that lets AI models connect directly to your databases, APIs, and tools for deterministic results.

Configuring GitHub Runners With a Dotfiles Action

Fri, 23 Jan 2026 00:00:00 -0500

Transform your dotfiles repo into a GitHub Action that secures runners without tokens or manual cloning.

Deploying Services on GitHub Runner Custom Images

Fri, 26 Dec 2025 00:00:00 -0500

Deploy persistent services on custom GitHub runner images to speed up builds, reduce egress costs, and cut external dependencies.

Caching Repositories on GitHub Runner Custom Images

Wed, 24 Dec 2025 00:00:00 -0500

Cache large repositories on custom GitHub runner images to speed up clones from minutes to seconds using Git reference clones.

Masking Sensitive Information on GitHub Runner Custom Images

Mon, 22 Dec 2025 00:00:00 -0500

Learn the best way to protect sensitive information from leaking into the logs on GitHub runner custom images during both build-time and run-time.

Using GitHub Custom Images with OIDC

Fri, 19 Dec 2025 00:00:00 -0500

Learn how to use OIDC tokens in GitHub Actions custom images to authenticate with private container registries without storing credentials.

Pre-Caching Docker Images on GitHub Runner Custom Images

Wed, 17 Dec 2025 00:00:00 -0500

Discover how to improve GitHub Actions performance and drastically cut the time and bandwidth required to use Docker images in your workflows.

Using GitHub Custom Images for Workflow Validation

Mon, 15 Dec 2025 00:00:00 -0500

Use pre-job scripts in custom runner images to enforce workflow validation and ensure only approved workflows run on your GitHub Actions runners.

Layering Approaches for Secure Secrets

Fri, 12 Dec 2025 00:00:00 -0500

Learn to layer secret management techniques through practical examples that build defense-in-depth security for GitHub Actions, containers, and more.

Custom GitHub Runner Images With Pre- and Post-Job Scripts

Fri, 05 Dec 2025 00:00:00 -0500

Learn how to capture custom GitHub-hosted runner images, add pre- and post-job hooks, and make them part of your daily workflows.

Using Azure Flexible Federation With GitHub Actions

Tue, 02 Dec 2025 00:00:00 -0500

Use Azure flexible federated identity credentials with GitHub Actions to secure your workflows with custom OIDC claims approval expressions.

The Hidden Danger in Git Ref Names

Fri, 31 Oct 2025 00:00:00 -0400

A Halloween lesson: how a weaponized Git branch name let attackers inject code via a GitHub expression and the simple steps you can take to block it.

The Key to a Secure CI/CD Process

Mon, 20 Oct 2025 00:00:00 -0400

Learn how to create a secure CI/CD pipeline by starting with securing your most important asset: your people.

Restricting IP Access on GitHub-Hosted Runners

Thu, 16 Oct 2025 00:00:00 -0400

Restrict outbound DNS and IP access on GitHub-hosted runners using iptables, ip6tables, and DNS-over-HTTPS blocking to harden your CI/CD.

Restricting DNS Access on GitHub-Hosted Runners

Mon, 13 Oct 2025 00:00:00 -0400

Learn how to restrict DNS resolution and improve CI/CD security on GitHub-hosted runners by using a local Unbound allow list.

Speed Up Git Clones With Local References

Fri, 03 Oct 2025 00:00:00 -0400

Discover how to optimize Git clones by using references to share repository data and Git LFS objects across multiple systems.

Publishing npm Packages to GitHub Packages With Yarn

Sat, 27 Sep 2025 00:00:00 -0400

Trying to publish npm packages to GitHub Packages with Yarn? Learn how to authenticate and publish your GitHub Packages with Yarn v4.

The New DevOps - Why AI Is Not Taking Your Job (Yet)

Thu, 28 Aug 2025 00:00:00 -0400

Exploring why AI tools complement rather than replace developers, and how smart companies use AI to enhance team productivity instead of downsizing talent.

Using Git Worktrees for Concurrent Development

Fri, 08 Aug 2025 00:00:00 -0400

Discover Git worktrees and learn how you can work with multiple branches simultaneously without stashing or committing incomplete code.

Creating a CodeQL Image for ARC With Python 2

Thu, 24 Jul 2025 00:00:00 -0400

Add Python 2 support to your CodeQL Docker image using multistage builds (and some Docker tricks) to support security scanning in ARC.

Creating a CodeQL Image for ARC

Sat, 19 Jul 2025 00:00:00 -0400

Learn how to build a custom Docker image with CodeQL pre-installed for GitHub ARC runners, eliminating download times and ensuring consistent analysis.

Calling Docker From Inside a GitHub Job Container

Sat, 24 May 2025 00:00:00 -0400

Learn to run Docker commands inside a GitHub Actions job container and understand the magic behind how Actions creates and manages job and service containers.

Why Exporting Environment Variables Doesn't Work In Actions

Sat, 10 May 2025 00:00:00 -0400

Ever wondered why you can't just export your environment variables in GitHub Actions? In this post, you'll learn why that happens and what you can do about it.

How to Dynamically Authenticate With Git

Tue, 06 May 2025 00:00:00 -0400

Discover practical techniques for dynamically authenticating with Git using environment variables or secret vaults to retrieve user credentials.

How Does Git Authentication Work?

Sat, 03 May 2025 00:00:00 -0400

Discover the intricacies of Git authentication, how it works, and how to configure credential helpers to allow fine-grained control over authentication.

Retrieving Properties From a Gitsigned Commit

Wed, 16 Apr 2025 00:00:00 -0400

Learn how to extract and validate signed Git commits using the Gitsign certificates and OpenSSL to enhance your software supply chain security.

Using Gitsign for Keyless Git Commit Signing

Sat, 12 Apr 2025 00:00:00 -0400

Use Gitsign and GitHub Actions for keyless Git commit signing to enhance supply chain security and ensure code provenance without managing private keys.

What's New in GitHub Actions Runner Controller

Mon, 31 Mar 2025 00:00:00 -0400

The new version of Actions Runner Controller has performance fixes, improved configurability, and a new approach to metrics. This post reviews those changes.

Migrating Git With An LFS Configuration File

Sat, 18 Jan 2025 00:00:00 -0500

Learn how to configure Git LFS endpoints and to safely migrate repositories that are using .lfsconfig to manage the storage location.

Managing Pod Resource Requests and Limits in Kubernetes

Thu, 02 Jan 2025 00:00:00 -0500

In Kubernetes, we cannot manage resources at the pod level and must resort to setting requests and limits on containers. Learn how that's changing.

Using A Kubernetes Native Sidecar With GitHub ARC

Fri, 20 Dec 2024 00:00:00 -0500

Explore how to modernize the Docker-in-Docker support in GitHub Actions Runner Controller (ARC) using the latest Kubernetes feature: native sidecars.

Migrating Submodules That Use Large File Storage (LFS)

Sat, 09 Nov 2024 00:00:00 -0500

When repositories are migrated, it's easy to break the links to the submodules. In this post, learn why it happens, how to avoid it, and how to fix it.

What Is a GitHub Tool (And Why to Use Them)

Sat, 02 Nov 2024 00:00:00 -0400

GitHub tools make it easier to manage the dependencies of a project and ensure your environment remains consistent and stable. Learn how to use them (and why).

Defining The Process for Securing Your Supply Chain

Sat, 26 Oct 2024 00:00:00 -0400

A company's development practices are only as secure as their supply chain. Learn how to define a process for properly reviewing your supply chain.

How to Handle Step and Job Errors in GitHub Actions

Fri, 06 Sep 2024 00:00:00 -0400

In most cases, we write a workflow where all of the steps succeed. In this post, we'll explore how to create workflows that can handle a failing step or job.

Using Dynamic Environment Variables With GitHub

Sat, 31 Aug 2024 00:00:00 -0400

Learn how to dynamically generate environment variables in GitHub Actions, and learn how this technique can be used to configure Actions themselves.

Implementing Processes for GHAS using GitHub Probot

Fri, 16 Aug 2024 00:00:00 -0400

GitHub Advanced Security helps teams to shift left and secure their development. When its processes don't quite fit the team's approach, it's time for Probot!

Planning Kubernetes Cloud Deployments

Sat, 27 Jul 2024 00:00:00 -0400

Understanding resource allocation is a critical skill for successful Kubernetes cluster deployments. Learn how the cloud providers reserve Kubernetes resources.

Understanding Kubernetes Resource Consumption

Fri, 19 Jul 2024 00:00:00 -0400

Surprised that you can't fit as many pods on a node as you thought? It turns out that there's a lot more to the story of how Kubernetes allocates resources.

The Ultimate Debugging Hack for Developers

Fri, 12 Jul 2024 00:00:00 -0400

Developers usually want to be able to directly connect to a system and start their debugger. What if there's a better way to get the information you need?

Scaling ARC on a Schedule

Wed, 03 Jul 2024 00:00:00 -0400

The Actions Runner Controller (ARC) can't configure the minimum runner count based on a schedule. Learn to use native `CronJob` resources for the task!

The Top 5 Things To Know About ARC

Fri, 21 Jun 2024 00:00:00 -0400

Actions Runner Controller (ARC) is a powerful way to manage ephemeral, self-hosted GitHub runners. There are five keys that can make you successful using it.

The Importance of Kubernetes Logs

Thu, 13 Jun 2024 00:00:00 -0400

If you really want to master your Kubernetes environment, it begins with understanding the value of a logging and how to implement good logging practices.

Strategies for Upgrading ARC

Thu, 30 May 2024 00:00:00 -0400

Understand the best practices for upgrading Actions Runner Controller and minimizing downtime, including when (and if) you can skip a release.

Building Base Images for ARC

Thu, 09 May 2024 00:00:00 -0400

If you're using Actions Runner Controller, the provided base image may not be enough. Learn what's needed in your image to make your workflows run smoothly.

Supply Chain Security in CI/CD Systems

Thu, 02 May 2024 00:00:00 -0400

Your supply chain is frequently the most vulnerable part of your development process. In this post, we'll explore how you can protect your CI/CD systems.

Building GitHub Runner Images With an Action Archive Cache

Fri, 29 Mar 2024 00:00:00 -0400

If you want to make images for GitHub Actions Runner Controller (ARC) that are fast and network-friendly, learn how to include an Action archive cache.

Building GitHub Actions Runner Images With A Tool Cache

Thu, 28 Mar 2024 00:00:00 -0400

If you want to make an efficient image for GitHub Actions Runner Controller (ARC), you need to first understand how to prepopulate the runner's tool cache.

What Is ARC Doing & How Does It Interact With Kubernetes?

Sat, 16 Mar 2024 00:00:00 -0400

Understanding ARC begins with understanding what it does (and does not do) to create runners on Kubernetes. In this post, I explore the basics of the process.

The New DevContainer initializeCommand

Fri, 08 Mar 2024 00:00:00 -0500

The dev container specification was updated to better define the behavior of initializeCommand. Learn what changed and why your scripts should be idempotent.

GitHub Actions and Monitoring

Fri, 23 Feb 2024 00:00:00 -0500

Whether you’re developing drivers, building appliances, or testing system deployments, you need to test your code. For many, this means installing GitHub Actions Runners (or other agents) on the system under test. But is this really the best way to test your code?

For many teams, this doesn’t seem to create any direct issues. By monitoring the system as they deploy, they can directly assess whether the deployment is working correctly. This approach has several significant drawbacks. If you’re testing system drivers (or low-level components), the first issue is obvious: system failures will kill the current agent and the pipeline process. When the system restarts or crashes, the runner or agent is also killed. Because the system is no longer accessible, teams look for ways to reconnect to the environment to query the root cause. The common work around is to treat those as “failures” and then try to assess what happened manually. When manual processes are required, we lose efficiency. We need to be able to assess the outcome and report it as easily as possible in order to enable the problem to be remediated.

Getting User Input When Starting a Dev Container

Fri, 09 Feb 2024 00:00:00 -0500

Sometimes you just need a little human interaction. Thankfully, there is a way to get user input that works with most of the dev container implementations.

Automating Azure OIDC Application Federation

Mon, 22 Jan 2024 00:00:00 -0500

I was recently asked if I knew how to automate creating Azure Entra ID (formerly Active Directory) applications. More specifically, they wanted to know if they could use PowerShell to automate creating the OIDC federation between Azure AD and GitHub. To do this, we just need to use a few PowerShell modules that save us the trouble of crafting several REST calls. These modules work with PowerShell 5.x and 7.x.

More Best Practices for Deploying GitHub ARC

Thu, 11 Jan 2024 00:00:00 -0500

There are some common issues that lead to teams struggling to set up ARC, and nearly all can be avoided with these recommendations.

Best Practices for Deploying GitHub ARC

Fri, 05 Jan 2024 00:00:00 -0500

There are some common issues that lead to teams struggling to set up ARC. Nearly all of them can be avoided with these recommendations.

Why You Should Use Dedicated Clusters For GitHub ARC

Sat, 30 Dec 2023 00:00:00 -0500

I recommend using a dedicated Kubernetes cluster with GitHub Actions Runner Controller (ARC) to get the best performance and security. This post explains why.

GitHub Actions Injection Attacks

Thu, 21 Dec 2023 00:00:00 -0500

Security is important, even in your CI/CD processes. Learn the basics of injection exploits with GitHub Actions and how to avoid them.

The Two GitHub ARCs (and Why You Should Only Use One)

Sat, 16 Dec 2023 00:00:00 -0500

Many teams want to have GitHub self-hosted runners on Kubernetes using ARC, but aren’t aware there are two different versions. This post attempts to explain.

Enabling GitHub ARC Metrics

Sat, 09 Dec 2023 00:00:00 -0500

Learn to enable metrics in GitHub's Actions Runner Controller (ARC) and get visibility into the processing queue and the performance of jobs and runners.

Understanding OIDC and Identity Federation

Fri, 24 Nov 2023 00:00:00 -0500

Adopting OIDC can be challenging for teams that don't understand how the process works. This post explores OIDC and explains what's happening under the covers.

Comparing Azure DevOps and GitHub

Thu, 16 Nov 2023 00:00:00 -0500

It can be challenging too understand the differences between Azure DevOps and GitHub Actions. This article provides a mapping of the features and terminology.

Understanding the SLA of ARC

Sat, 04 Nov 2023 00:00:00 -0400

If you're trying to increase availability by using GitHub Actions Runner Controller. In this post, I'll explain why you can't exceed the 99.9% SLA of GitHub.

Windows Runners on Actions Runner Controller

Thu, 26 Oct 2023 00:00:00 -0400

GitHub's Actions Runner Controller (ARC) does not officially support Windows containers for runners. With a little bit of work, we can make it possible.

Organizing Build Processes

Thu, 05 Oct 2023 00:00:00 -0400

Most automated processes aren't maintainable. There are practices you can use to create CI/CD workflows that are maintainable, testable, and reusable.

Shared Commits and GitHub Checks

Thu, 21 Sep 2023 00:00:00 -0400

Using a pull request to merge the same commit to multiple branches causes GitHub Checks and validations to fail. Learn the technique needed to fix this issue.

Universal Packages on GitHub With ORAS

Fri, 14 Jul 2023 00:00:00 -0400

Most package management systems support "universal artifacts" storage. Although not explicitly documented, GitHub also supports universal packages via ORAS.

Creating GitHub Checks (and Understanding the Checks API)

Thu, 06 Jul 2023 00:00:00 -0400

If you need to integrate an external system or execute parts of the CI process asynchronously, the GitHub Checks API can provide a way to make that happen.

The Many SHAs of a GitHub Pull Request

Fri, 30 Jun 2023 00:00:00 -0400

Executing a GitHub Action for a pull request creates a surprising number of SHA commits. Learn the purpose of the different SHAs and when to use each one.

Why You Should (Not) Prefer Monorepos For Git

Fri, 23 Jun 2023 00:00:00 -0400

Monorepos are often seen as the simple solution to complex collaboration and code management problems. Like with most quick fixes, the devil's in the details.

That Template Repository Trick

Thu, 15 Jun 2023 00:00:00 -0400

Many people are familiar with the idea of the template repository. It provides a great way to centralize configurations for common projects for teams. I can declare a repository, configure it with files and folders, and set up one or more branches. After marking it as a template in the Settings, it becomes available to other team members when they create a repository.

GitHub Actions Workflow Permissions

Thu, 08 Jun 2023 00:00:00 -0400

GitHub Actions provide powerful workflow support but rely on trusting third-party code. Learn how to secure your GitHub Actions workflows using permissions.

Dynamic Build Matrices in GitHub Actions

Thu, 04 May 2023 00:00:00 -0400

GitHub Actions allows you to create matrix builds to execute steps multiple times with different parameters. Learn how to define them programmatically!

GitHub, Maven, and Packages

Thu, 27 Apr 2023 00:00:00 -0400

It's important to understand how to securely access package repositories when doing a Java build. Understand how GitHub Actions supports this process.

Preventing GitHub Actions Injection Attacks

Fri, 07 Apr 2023 00:00:00 -0400

Everything coded can be exploited, including GitHub Actions. The powerful expressions syntax can also break your systems. Learn better ways to handle them.

The Life of a Commit After Git Squash

Fri, 31 Mar 2023 00:00:00 -0400

Explore what happens to files in Git after squashing a set of commits that have a tag applied to them. What happens to the commits and the tag may surprise you!

Understanding Push Triggers and Branches in GitHub

Thu, 23 Mar 2023 00:00:00 -0400

Understand how branches work with the process of triggering Actions workflows in GitHub.

Using New GitHub APIs With Probot

Thu, 16 Feb 2023 00:00:00 -0500

Trying to integrate your custom processes with GitHub doesn’t have to be challenging. One of the easiest ways to implement custom functionality is to create a GitHub App using Probot. The challenge comes if you need to implement a listener for a new webhook event or invoke a new API that Probot hasn’t exposed. The good news – it’s not too difficult. As an example, we’ll explore implementing both the event handling and REST method calls for some of the new Dependabot endpoints.

Implementing Docker Layer Caching in GitHub Actions

Thu, 09 Feb 2023 00:00:00 -0500

Learn how to use the Docker BuildKit gha, inline, and registry layer caching with GHCR, and GitHub Actions to improve build performance.

What Are GitHub Verified Domains?

Thu, 12 Jan 2023 00:00:00 -0500

GitHub has a lot of options for verified domains. Have you ever wondered what they all do, when to use them, and how they help keep your brand secure?

Using Git SSH From Docker With a Local Proxy

Thu, 22 Dec 2022 00:00:00 -0500

Learn the dev container trick for accessing a host port to create a proxy SSH connection to a Git server.

SSH and Multiple Git Credentials

Thu, 15 Dec 2022 00:00:00 -0500

Learn a trick for using SSH to connect to multiple GitHub environments and Git hosts with minimal effort.

Comparing GitHub Commit Signing Options

Fri, 07 Oct 2022 00:00:00 -0400

I recently had an interesting discussion where we tried to explore some of the ways you can sign commits in Git and GitHub. If you’re not familiar with the functionality, Git provides mechanisms for signing commits and tags to ensure authorship. By default, Git trusts that the user name and email that you provide to git config is legitimate. For many organizations, that may be perfectly acceptable. If only limited people have access to the repository, this is often enough.

Coloring Consoles in ANSI

Wed, 13 Jul 2022 00:00:00 -0400

Explore how to use ANSI escape sequences to force PowerShell (and other tools) to colorize console outputs.

Variable Groups in GitHub

Thu, 16 Jun 2022 00:00:00 -0400

Missing your Azure DevOps variable groups? Learn techniques you can use to implement variable groups in GitHub Actions.

Publishing Images With GitHub Actions

Thu, 09 Jun 2022 00:00:00 -0400

Learn how to publish OCI and Docker images to Azure and GHCR using GitHub Actions and OIDC.

Deploying to Azure from Private Container Registries

Thu, 17 Mar 2022 00:00:00 -0400

How to use private registries and GitHub Container Registry with services like Azure Container Instances, Azure App Services, and Azure Container Apps.

Dev Containers, Codespaces, and Bicep, Oh My!

Thu, 16 Dec 2021 00:00:00 -0500

Learn how to create a dev container for editing and deploying Bicep templates to Azure.

Using Development Containers

Tue, 19 Oct 2021 00:00:00 -0400

Learn how to implement development environments using infrastructure-as-code with Dev Containers, Codespaces, and Gitpod!

Reusing GitHub Workflows and Centralized Processes

Thu, 07 Oct 2021 00:00:00 -0400

It’s almost Friday, so we’ll keep today’s post short.

This week, GitHub officially launched the public beta of reusable workflows. Reusable workflows make it easy to treat a workflow like an Action. It can be referenced and executed from other workflows in the caller’s context. This allows teams to share common patterns, to centralize best practices, and to centralize the development of processes.