Topic
22 articles found
After this article you'll have a GitHub Actions workflow that triages every new issue with Claude, a nightly job that rewrites your stale changelog from real commits, and a claude CLI step that auto-fixes failing lint on a PR branch and pushes the patch back. All three are copy-paste runnable today,
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed ma
This article is also available in Indonesian (Bahasa Indonesia) Bruno Kelzer on Unsplash A while back, I was working on a project for a client. Day to day, I'm a backend engineer, but in this project the scope expanded. I had to dip into the server side as well. The client wanted to migrate their La
Chapter 3: The Dockerfile — Multi-Stage Build 3.1 Why Multi-Stage Builds? Metric Single-Stage vs Multi-Stage 3.2 The Complete Dockerfile # ───────────────────────────────────────────────────────────────────────── # Stage 1: builder # Installs all dependencies and compiles assets. # This stage is NEV
A production-style DevOps project showing secure infrastructure provisioning, canary deployments, automated rollback, observability, CI/CD, and private self-hosted GitHub Actions deployment on AWS EKS. Most Kubernetes portfolio projects stop at the same shallow point: “I deployed an app to Kubernete
⚠️ この記事はアフィリエイト広告(プロモーション)を含みます。リンク先で発生した収益の一部が運営者に支払われますが、読者の購入価格には一切影響ありません。 By the end of this article you will have a GitHub Actions workflow that, on every pull_request, runs the Claude Code SDK headlessly, reads only the diff, and posts inline review comments via the GitHub API. I'll show the
Pullfrog is an open-source AI-powered GitHub bot by Colin McDonnell, designed for automation in GitHub Actions. It supports a model-agnostic approach, allowing integration with various LLM providers. Key features include orchestration for pull request reviews, issue triage, and CI remediation, all m
I shipped mcp-probe v1.6.0 with a small but useful improvement to mcp-probe doctor. Previous behavior: check whether .github/workflows exists check whether any workflow mentions mcp-probe That was useful, but too shallow. A workflow can mention mcp-probe and still not run the actual CI gate correctl
Part 1 was the foundation - Jenkins as a Code, ephemeral workers, the whole thing. Part 2 was the painful platform - macOS. This one is sideways: we moved a chunk of the CI workload off Jenkins entirely, onto GitHub Actions, using EC2 spot instances as the runner fleet. This isn't me saying "Jenkins
Introduction Creating and maintaining monitoring dashboards is an extremely difficult task for smaller companies and squads. We need to develop our microservices, fix bugs, create documentation, and test our applications. Most of the time, we forget to create a dashboard to monitor the health of our
My first Cloudflare Worker deployed in 47 minutes. Three of those were spent staring at this exact error in a red GitHub Actions log: Authentication error [code: 10000]. I had the API token. I had the account ID. I had copy-pasted the workflow from the official docs. It still failed. The fix was one
El problema real Gestionar infraestructura manualmente sigue siendo uno de los mayores puntos de fricción en equipos DevOps. Cambios no auditados, configuraciones inconsistentes entre ambientes y despliegues manuales generan errores difíciles de rastrear y operaciones poco confiables. La solución mo
The Problem (3 paragraphs) MuJoCo is the fastest-growing robotics simulator Converting URDF to MJCF is painful (./compile is buggy, urdf2mjcf ignores off-diagonal inertia, mesh paths break) You just want to convert and start training your RL agent The Solution (show curl + Python code) @robot.urdf"
Disclosure: I maintain ci-doctor. The comparison below describes each tool by what it documents and ships, not by my opinion of its authors. Run all four on the same workflow to see for yourself. GitHub Actions YAML is small enough that one tool could in theory validate everything: syntax, secret hy
Supply Chain & AI Security: Bitwarden CLI Compromise, AI Sandbox Escapes, GitHub Actions Hardening Today's Highlights Today's security brief covers critical supply chain risks, including a Bitwarden CLI compromise and a practical guide for securing GitHub Actions. We also delve into the latest AI-sp
If you're building an iOS app with GitHub Actions, you're probably burning through macOS runner minutes like they're free. Spoiler: they're not — macOS runners cost 10x more than Linux runners, and a 25-minute test run that fires on every push adds up fast. We run a Swift/SwiftUI app with 3000+ test
In the evolving landscape of software quality assurance, AI-driven testing is no longer a luxury—it’s a necessity for speed and scale. TestSprite, an AI-powered testing platform, offers a way to generate and execute end-to-end tests using agentic workflows. However, the real power of these tools is
I can't write code. That's not quite right. I describe what I want, Claude writes the code, and I focus on what to build. I'm what people call a VibeCoder — someone who builds products with AI, spending their time on product decisions rather than syntax. I'm building "Arc," a mobile CRM for bodywork
If you're running a monorepo where multiple apps deploy independently through multiple environments, you'll eventually hit a limitation that GitLab CI handles natively: GitHub Actions doesn't support wildcards for environment variable scoping. In this post, I'll explain why this becomes a real probl
In the fast-paced world of software development, optimizing every aspect of our workflow is crucial for maintaining high software developer efficiency. Yet, sometimes, hidden costs and inefficiencies lurk in unexpected corners. A recent discussion on the GitHub Community forum, initiated by user jef
