toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

240
active users

#githubactions

0 posts0 participants0 posts today
Tailscale<p>GitHub Actions + exit nodes = 💡</p><p>Simon Willison routed his scraper traffic through Tailscale (on an Apple TV!) to dodge Cloudflare blocks in GitHub Actions.</p><p>Ethical, efficient, and pretty clever.</p><p>📝 <a href="https://til.simonwillison.net/tailscale/tailscale-github-actions" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">til.simonwillison.net/tailscal</span><span class="invisible">e/tailscale-github-actions</span></a><br><a href="https://hachyderm.io/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tailscale</span></a> <a href="https://hachyderm.io/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://hachyderm.io/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a></p>
techbash<p>Final Day for TechBash 2025 Early Bird Registration!</p><p>Check out our new Workshop Duo on <a href="https://social.vivaldi.net/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> and <a href="https://social.vivaldi.net/tags/AzureDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AzureDevOps</span></a> with Chris Ayers and Matthew Burleigh!</p><p><a href="https://zc.vg/5Z9jW?m=0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">zc.vg/5Z9jW?m=0</span><span class="invisible"></span></a></p>
Hugo van Kemenade<p><span class="h-card" translate="no"><a href="https://mastodon.social/@sirosen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sirosen</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@ancoghlan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ancoghlan</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@brianokken" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>brianokken</span></a></span> </p><p>Yes, let's test our projects with free-threaded in CI! Here's how to do it with GitHub Actions:</p><p><a href="https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hugovk.dev/blog/2025/free-thre</span><span class="invisible">aded-python-on-github-actions/</span></a></p><p>And see <a href="https://py-free-threading.github.io" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">py-free-threading.github.io</span><span class="invisible"></span></a> for more guides.</p><p><a href="https://mastodon.social/tags/PEP779" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PEP779</span></a> <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/Python314" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python314</span></a> <br><a href="https://mastodon.social/tags/FreeThreaded" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeThreaded</span></a> <a href="https://mastodon.social/tags/CI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI</span></a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a></p>
Peter Cock<p>TIL about <a href="https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.blog/news-insights/prod</span><span class="invisible">uct-news/supercharging-github-actions-with-job-summaries/</span></a> for exporting Markdown from <a href="https://fediscience.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a>, eg nice error logs. You never know where some hobby side project will take you!</p>
~/phranck :antifa:<p>Liebe Folglinge,</p><p>ich suche leider noch immer nach einem neuen Job als <a href="https://nerdculture.de/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> und/oder <a href="https://nerdculture.de/tags/macOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macOS</span></a> Entwickler. Ich spreche <a href="https://nerdculture.de/tags/ObjectiveC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ObjectiveC</span></a>, <a href="https://nerdculture.de/tags/Swift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Swift</span></a> (auch Server-Side) und <a href="https://nerdculture.de/tags/SwiftUI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SwiftUI</span></a> und nutze die ganzen Tools drumherum (<a href="https://nerdculture.de/tags/Xcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xcode</span></a>, <a href="https://nerdculture.de/tags/Git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Git</span></a>, <a href="https://nerdculture.de/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a>, <a href="https://nerdculture.de/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a>, <a href="https://nerdculture.de/tags/ShellScripting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShellScripting</span></a> etc.). Ich bringe 30 Jahre Berufserfahrung als Software-Entwickler mit, davon knapp 20 im <a href="https://nerdculture.de/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> Ökosystem.</p><p>Am Idealsten waere eine <a href="https://nerdculture.de/tags/Festanstellung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Festanstellung</span></a> zu 100% remote. Sollte es im Raum <a href="https://nerdculture.de/tags/Bregenz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bregenz</span></a> oder <a href="https://nerdculture.de/tags/Dornbirn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dornbirn</span></a> etwas geben, dann auch gerne vor Ort.</p><p>Ich danke euch fuers Teilen. 🙏🏻<br>:boost_ok: </p><p>LinkedIn: <a href="https://www.linkedin.com/in/phranck/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">linkedin.com/in/phranck/</span><span class="invisible"></span></a><br>Xing: <a href="https://www.xing.com/profile/Frank_Gregor063742/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">xing.com/profile/Frank_Gregor0</span><span class="invisible">63742/</span></a></p><p><a href="https://nerdculture.de/tags/FediHire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediHire</span></a> <a href="https://nerdculture.de/tags/JobSuche" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JobSuche</span></a> <a href="https://nerdculture.de/tags/RemoteJob" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteJob</span></a> <a href="https://nerdculture.de/tags/Arbeit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arbeit</span></a></p>
Tailscale<p>CI/CD shouldn't mean choosing between “works” and “secure.”<br>Tailscale’s GitHub Action now supports Windows, macOS, &amp; Linux 🧑‍💻✨</p><p><a href="https://tailscale.com/blog/private-connections-for-github-actions" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tailscale.com/blog/private-con</span><span class="invisible">nections-for-github-actions</span></a><br><a href="https://hachyderm.io/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://hachyderm.io/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://hachyderm.io/tags/Tailscale" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tailscale</span></a> <a href="https://hachyderm.io/tags/CI_CD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI_CD</span></a></p>
Naty<p>Made major changes to my <a href="https://fosstodon.org/tags/BurgeonLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BurgeonLab</span></a> blog!</p><p><a href="https://fosstodon.org/tags/Changelog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Changelog</span></a>:<br>- Add light/dark switcher<br>- Improve colours<br>- Update fonts to variable, <a href="https://fosstodon.org/tags/woff2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>woff2</span></a>, preloading<br>- Add Lastmod date<br>- Add search with <a href="https://fosstodon.org/tags/Pagefind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pagefind</span></a> (Haven't fully customized results page but I'm happy to get it working online after updating the <a href="https://fosstodon.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> workflow)<br>- Improve CSS<br>- Fix RSS<br>- Small cosmetic updates to interface/layout<br>- Summary on post cards</p><p>New posts soon! Open to any feedback. ➡️ <a href="https://burgeonlab.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">burgeonlab.com</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blog</span></a> <a href="https://fosstodon.org/tags/blogging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blogging</span></a> <a href="https://fosstodon.org/tags/hugo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hugo</span></a></p>
Isaac Levin<p>Discover how .NET MAUI libraries can be integrated into GitHub Actions to streamline your development workflow. <a href="https://fosstodon.org/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotnet</span></a> <a href="https://fosstodon.org/tags/MAUI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MAUI</span></a> <a href="https://fosstodon.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://fosstodon.org/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> </p><p> <a href="https://isaacl.dev/gjf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">isaacl.dev/gjf</span><span class="invisible"></span></a></p>
Alvin Ashcraft 🐿️<p>Packaging and Publishing a .NET MAUI Library with GitHub Actions.</p><p><a href="https://devblogs.microsoft.com/dotnet/dotnet-maui-libraries-github-actions/?hide_banner=true" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">devblogs.microsoft.com/dotnet/</span><span class="invisible">dotnet-maui-libraries-github-actions/?hide_banner=true</span></a> </p><p><a href="https://hachyderm.io/tags/dotnetmaui" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotnetmaui</span></a> <a href="https://hachyderm.io/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotnet</span></a> <a href="https://hachyderm.io/tags/csharp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>csharp</span></a> <a href="https://hachyderm.io/tags/githubactions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>githubactions</span></a> <a href="https://hachyderm.io/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://hachyderm.io/tags/xaml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xaml</span></a> <a href="https://hachyderm.io/tags/mobiledev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mobiledev</span></a> <a href="https://hachyderm.io/tags/appdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appdev</span></a></p>
Alvin Ashcraft<p>Packaging and Publishing a .NET MAUI Library with GitHub Actions. <a href="https://buff.ly/n2fZbwQ" rel="nofollow noopener" target="_blank">buff.ly/n2fZbwQ</a> <a class="hashtag" href="https://bsky.app/search?q=%23dotnetmaui" rel="nofollow noopener" target="_blank">#dotnetmaui</a> <a class="hashtag" href="https://bsky.app/search?q=%23dotnet" rel="nofollow noopener" target="_blank">#dotnet</a> <a class="hashtag" href="https://bsky.app/search?q=%23csharp" rel="nofollow noopener" target="_blank">#csharp</a> <a class="hashtag" href="https://bsky.app/search?q=%23githubactions" rel="nofollow noopener" target="_blank">#githubactions</a> <a class="hashtag" href="https://bsky.app/search?q=%23devops" rel="nofollow noopener" target="_blank">#devops</a> <a class="hashtag" href="https://bsky.app/search?q=%23xaml" rel="nofollow noopener" target="_blank">#xaml</a> <a class="hashtag" href="https://bsky.app/search?q=%23mobiledev" rel="nofollow noopener" target="_blank">#mobiledev</a> <a class="hashtag" href="https://bsky.app/search?q=%23appdev" rel="nofollow noopener" target="_blank">#appdev</a><br><br><a href="https://buff.ly/n2fZbwQ" rel="nofollow noopener" target="_blank">Packaging and Publishing a .NE...</a></p>
Brandon H :csharp: :verified:<p>via <span class="h-card" translate="no"><a href="https://dotnet.social/@dotnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dotnet</span></a></span> : Packaging and Publishing a .NET MAUI Library with GitHub Actions</p><p><a href="https://ift.tt/a4tKkVe" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ift.tt/a4tKkVe</span><span class="invisible"></span></a><br><a href="https://hachyderm.io/tags/DotNet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DotNet</span></a> <a href="https://hachyderm.io/tags/MAUI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MAUI</span></a> <a href="https://hachyderm.io/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://hachyderm.io/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://hachyderm.io/tags/NuGet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NuGet</span></a> <a href="https://hachyderm.io/tags/LibraryPublishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibraryPublishing</span></a> <a href="https://hachyderm.io/tags/MSBuild" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSBuild</span></a> <a href="https://hachyderm.io/tags/Automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Automation</span></a> <a href="https://hachyderm.io/tags/Versioning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Versioning</span></a> <a href="https://hachyderm.io/tags/PackageSigning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PackageSigning</span></a> <a href="https://hachyderm.io/tags/AzureDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AzureDevOps</span></a> <a href="https://hachyderm.io/tags/ContinuousIntegration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ContinuousIntegration</span></a> <a href="https://hachyderm.io/tags/ContinuousD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ContinuousD</span></a>…</p>
Alvin Ashcraft 🐿️<p>New Windows Arm64 Hosted Runners for GitHub Actions Accelerates Developer Workflows.</p><p><a href="https://newsroom.arm.com/blog/windows-arm64-runners-git-hub-actions" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newsroom.arm.com/blog/windows-</span><span class="invisible">arm64-runners-git-hub-actions</span></a> </p><p><a href="https://hachyderm.io/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://hachyderm.io/tags/arm64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arm64</span></a> <a href="https://hachyderm.io/tags/githubactions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>githubactions</span></a> <a href="https://hachyderm.io/tags/windowsdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windowsdev</span></a> <a href="https://hachyderm.io/tags/windev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windev</span></a></p>
Daniel, pined-lizard edition<p>Status update: I'm now automatically building and releasing a signed fork of stable moshidon with my patches. <a href="https://masto.doserver.top/tags/CI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI</span></a> is cool!</p><p><a href="https://github.com/cactichameleon9/moshidon-fork" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/cactichameleon9/mos</span><span class="invisible">hidon-fork</span></a></p><p><a href="https://masto.doserver.top/tags/CICD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CICD</span></a> <a href="https://masto.doserver.top/tags/GithubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GithubActions</span></a> <a href="https://masto.doserver.top/tags/Moshidon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Moshidon</span></a></p>
Alvin Ashcraft 🐿️<p>GitHub Actions now supports Windows on Arm runners for all public repos.</p><p><a href="https://blogs.windows.com/windowsdeveloper/2025/04/14/github-actions-now-supports-windows-on-arm-runners-for-all-public-repos/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.windows.com/windowsdevel</span><span class="invisible">oper/2025/04/14/github-actions-now-supports-windows-on-arm-runners-for-all-public-repos/</span></a> </p><p><a href="https://hachyderm.io/tags/github" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>github</span></a> <a href="https://hachyderm.io/tags/arm64" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arm64</span></a> <a href="https://hachyderm.io/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://hachyderm.io/tags/githubactions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>githubactions</span></a> <a href="https://hachyderm.io/tags/windowsonarm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windowsonarm</span></a></p>
Hugo van Kemenade<p>GitHub Actions now supports free-threaded Python!</p><p>I wrote up how to add it your workflows so you can start testing free-threaded Python 3.13 and 3.14 with either actions/setup-python or actions/setup-uv.</p><p><a href="https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hugovk.dev/blog/2025/free-thre</span><span class="invisible">aded-python-on-github-actions/</span></a></p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/FreeThreaded" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeThreaded</span></a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.social/tags/CI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI</span></a> <a href="https://mastodon.social/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a></p>
Lup Yuen Lee 李立源<p>"If you thought <a href="https://qoto.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> was bad, try mixing in <a href="https://qoto.org/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a>"</p><p><a href="https://www.feldera.com/blog/the-pain-that-is-github-actions" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">feldera.com/blog/the-pain-that</span><span class="invisible">-is-github-actions</span></a></p>
IT News<p>This Week in Security: The Github Supply Chain Attack, Ransomware Decryption, and Paragon - Last Friday Github saw a supply chain attack hidden in a popular Github Action. To... - <a href="https://hackaday.com/2025/03/21/this-week-in-security-the-github-supply-chain-attack-ransomware-decryption-and-paragon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2025/03/21/this-w</span><span class="invisible">eek-in-security-the-github-supply-chain-attack-ransomware-decryption-and-paragon/</span></a> <a href="https://schleuss.online/tags/thisweekinsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thisweekinsecurity</span></a> <a href="https://schleuss.online/tags/supplychainattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>supplychainattack</span></a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackadaycolumns</span></a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityhacks</span></a> <a href="https://schleuss.online/tags/githubactions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>githubactions</span></a> <a href="https://schleuss.online/tags/paragon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paragon</span></a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
Winbuzzer<p>GitHub has removed a poisoned Action used in 23,000+ repos after it exfiltrated CI secrets, prompting concerns over supply chain security</p><p><a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/CI_CD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CI_CD</span></a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://mastodon.social/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/CodeSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CodeSecurity</span></a> <a href="https://mastodon.social/tags/tjactions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tjactions</span></a></p><p><a href="https://winbuzzer.com/2025/03/21/github-action-breach-exposes-secrets-in-hundreds-of-repositories-xcxwbn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winbuzzer.com/2025/03/21/githu</span><span class="invisible">b-action-breach-exposes-secrets-in-hundreds-of-repositories-xcxwbn/</span></a></p>
Lup Yuen Lee 李立源<p>Compromised `reviewdog` <a href="https://qoto.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> "injected Malicious Code into any CI Workflows using it, dumping the CI Runner memory containing the Workflow Secrets"</p><p><a href="https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wiz.io/blog/new-github-action-</span><span class="invisible">supply-chain-attack-reviewdog-action-setup</span></a></p>
PierreNick :apple_old_logo: 💾<p>After the whole “tj-actions/changed-files” <a href="https://hachyderm.io/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHubActions</span></a> compromise[1] of last week (we weren’t affected because we pin GitHub Actions to SHAs) I’m looking at the 5 “non-reputable” actions in use in our org.</p><p>I like GHAs, but they’re also so damn flawed. NodeJS Actions are typically simple and written in TypeScript, all kept in src/. </p><p>But because those Actions run strictly from code checkouts, the compiled TypeScript gets recommitted in dist/, in one insanely giant[2] index.js file that doesn’t make it obviously clear or proven that the output equals the input.</p><p>[1] <a href="https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">stepsecurity.io/blog/harden-ru</span><span class="invisible">nner-detection-tj-actions-changed-files-action-is-compromised</span></a></p><p>[2] For example, “peter-evans/create-pull-request” latest release compiles into a 36,405 lines index.js file, wth: <a href="https://github.com/peter-evans/create-pull-request/blob/271a8d0340265f705b14b6d32b9829c1cb33d45e/dist/index.js" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/peter-evans/create-</span><span class="invisible">pull-request/blob/271a8d0340265f705b14b6d32b9829c1cb33d45e/dist/index.js</span></a></p>