Sylwit

Semgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromised Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.

Are you using this popular github action tj-actions/changed-files ? A malware was introduced yesterday. Rotate your secrets semgrep.dev/blog/2025/po... #security

One day you discover that #aws ALB sends traffic to all instances of the Target Group even if ALL of them are unhealthy. That was fun to debug. #til

Update on Support for Amazon Chime AWS is discontinuing Amazon Chime communication service, with support ending on February 20, 2026, and recommending customers transition to alternative collabo...

Ever used #aws chime ? It is now deprecated. Honestly even with aws support we were switching to meet. I'm not sure this service was really used outside of aws. aws-news.com/article/0195...

mentoring/programs/lfx-mentorship/2025/01-Mar-May at main · cncf/mentoring 👩🏿‍🎓👨🏽‍🎓👩🏻‍🎓CNCF Mentoring + CommunityBridge + Summer of Code - cncf/mentoring

Mentee applications are now open for the next #LFX Mentorship term. Applications are open until Tuesday Feb 18! You won't want to miss this. Start you #OpenSource #career

No, runs stay forever. If you refer to the repo I'm thinking of, it was auto clean up because we had a weekly action cleaning them up ;)

Why would it be ?
Useful when you rename a workflow and you want to avoid confusion. Or when you test a workflow but you don't want to keep it because it just overloads the list of workflows.

#github is still missing an easy way to delete all runs of a workflow so here is a one liner

`gh run list --workflow my-workflow.yaml --json databaseId -q '.[].databaseId' | xargs -I{} gh run delete {}`

$ go install golang.org/dl/go1.24.0@latest $ go1.24.0 download Downloaded 0.0% ( 0 / 74636413 bytes) ... Downloaded 50.0% (37318206 / 74636413 bytes) ... Downloaded 100.0% (74636413 / 74636413 bytes) Unpacking go1.24.0.linux-arm64.tar.gz ... Success. You may now run 'go1.24.0' $ go1.24.0 version go version go1.24.0 linux/arm64

🥳 Go 1.24.0 is released!

📰 Release notes: go.dev/doc/go1.24

📦 Download: go.dev/dl/#go1.24.0

#golang

GitHub - SummitRoute/aws_breaking_changes: List of changes announced for AWS that may break existing code List of changes announced for AWS that may break existing code - SummitRoute/aws_breaking_changes

Do you want to know if some #aws services you use will be deprecated? Here is a nice repo that tracks them github.com/SummitRoute/...

To promote your #opensource project I would recommend to have a repo that immediately explains what problem it is solving. Then something you can just clone and run, have a clear doc and then promote it on social media, blogs etc...

Preventing unintended encryption of Amazon S3 objects | Amazon Web Services January 17, 2025: We updated this post to highlight the importance of using short-term credentials to mitigate the risk of unauthorized techniques such as the one detailed in this blog. At Amazon Web ...

#aws recommend to disable s3 SSE-C encryption if you don't need it. aws.amazon.com/blogs/securi... #security #cloud

A convenient resource time_sleep to deal with inconsistency in #terraform or #opentofu. When you create a github_repo and you want to add some rulesets, the repo isn't immediately accessible. Same goes for #S3 buckets. registry.terraform.io/providers/ha... #IaC

Nice cheat sheet on #netcat
#security

Can't wait to see it available for private repos. @github.com any ETA for that ?

Enhance Job Duration Tracking in CircleCI and GitHub Actions When working with CI/CD tools like CircleCI and GitHub Actions, you might have noticed that the reported total duration of a pipeline isn’t…

If you want to improve #github action or #circleci, here are 2 userscripts that will display the total time charged for each workflow sylwit.medium.com/enhance-job-...

When we say we wrote the book on observability, we mean it. Download "Honeycomb’s O’Reilly Book: Observability Engineering," today to uplevel your understanding of observability! info.honeycomb.io/observabilit...

I agree it looks harder than it is. It just creates a temporary dir where it moves the source and runs terraform commands.
I like the inheritance it provides and the repo looks a lot like the gitops repo I'm using with #argocd. It helped me to remove the magic I had in Makefile for preprocessing.

These Terraform/OpenTofu Tools Promise to Manage Your Infrastructure Tasks Effectively

Explore the top Terraform and OpenTofu tools for 2025 to simplify infrastructure management, improve collaboration, boost security, and optimize workflows.
#devops

You can use partial config developer.hashicorp.com/terraform/la... to define your variables and init your tf with it. Or this is natively supported with #opentofu opentofu.org/docs/languag...

Yes definitely #opentofu for personal and new projects. Still #terraform and #terragrunt for projects that can't be migrated yet. The only thing I want to see in opentofu now is the s3 lockfile to avoid dynamodb.

I don't really get why the default of #ECR pull through cache is to create repo on the fly. This doesn't work well with iac and it's also a security risk. I never add the ecr:CreateRepository policy out of the role used by #terraform docs.aws.amazon.com/AmazonECR/la... #aws

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log str...

But don't forget to protect your database :) www.wiz.io/blog/wiz-res...

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log str...

#deepseek database on #clickhouse publicly exposed. I love the exposure walkthrough.
www.wiz.io/blog/wiz-res...

Great tip from @abjoerne.bsky.social #listentotheheroes

Work on open source projects that you use, check the open issues, understand the code, make some PR.

Highlights from Git 2.48 The open source Git project just released Git 2.48. Here is GitHub's look at some of the most interesting features and changes introduced since last time.

Git 2.48 is here ✨
github.blog/open-source/...

Impressive

Creating a repository from a template - GitHub Docs You can generate a new repository with the same directory structure and files as an existing repository.

I never used #github template repo before and I'm looking to introduce them at work. docs.github.com/en/repositor...
I've used cookie cutter in the past but I think the hardest part is to find the right balance between adding only what's useful and common and having many tailored templates.

Building Bluesky: a Distributed Social Network (Real-World Engineering Challenges) Bluesky is built by around 10 engineers, and has amassed 5 million users since publicly launching in February this year. A deep dive into novel design decisions, moving off AWS, and more.

Interesting article by @gergely.pragmaticengineer.com and @hejelin.bsky.social about the evolution of Bluesky's architecture

#atprotodev #atdev

newsletter.pragmaticengineer.com/p/bluesky

#circleci has updated their diagram class, so I updated my sum actions userscript gist.github.com/sylwit/eece2...

My post on how to use it with the #Github-Actions version too sylwit.medium.com/enhance-job-...