Frontend Dogma<p>Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site, by <span class="h-card" translate="no"><a href="https://mas.to/@j9t" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>j9t</span></a></span> [<span class="h-card" translate="no"><a href="https://mas.to/@frontenddogma" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>frontenddogma</span></a></span>]:</p><p><a href="https://meiert.com/en/blog/eleventy-github-workflow/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">meiert.com/en/blog/eleventy-gi</span><span class="invisible">thub-workflow/</span></a></p><p><a href="https://mas.to/tags/eleventy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eleventy</span></a> <a href="https://mas.to/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependencies</span></a> <a href="https://mas.to/tags/nodejs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nodejs</span></a> <a href="https://mas.to/tags/automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>automation</span></a> <a href="https://mas.to/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
479active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#githubactions
2 posts · 2 participants · 0 posts today
Daniel, pined-lizard edition<p>Status update: I'm now automatically building and releasing a signed fork of stable moshidon with my patches. <a href="https://masto.doserver.top/tags/CI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI</span></a> is cool!</p><p><a href="https://github.com/cactichameleon9/moshidon-fork" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/cactichameleon9/mos</span><span class="invisible">hidon-fork</span></a></p><p><a href="https://masto.doserver.top/tags/CICD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CICD</span></a> <a href="https://masto.doserver.top/tags/GithubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GithubActions</span></a> <a href="https://masto.doserver.top/tags/Moshidon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Moshidon</span></a></p>
LavX News<p>Revolutionizing CI/CD: OpenHands AI Action Brings Natural Language Automation to GitHub Workflows</p><p>The newly launched OpenHands AI Action empowers developers to automate complex tasks within their GitHub workflows using natural language prompts. By leveraging customizable LLM models and Docker-base...</p><p><a href="https://news.lavx.hu/article/revolutionizing-ci-cd-openhands-ai-action-brings-natural-language-automation-to-github-workflows" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/revolutio</span><span class="invisible">nizing-ci-cd-openhands-ai-action-brings-natural-language-automation-to-github-workflows</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/AIAutomation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIAutomation</span></a> <a href="https://mastodon.cloud/tags/OpenHands" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenHands</span></a></p>
Frontend Dogma<p>5 GitHub Actions Every Maintainer Needs to Know, by <span class="h-card" translate="no"><a href="https://hachyderm.io/@github" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>github</span></a></span>:</p><p><a href="https://github.blog/open-source/maintainers/5-github-actions-every-maintainer-needs-to-know/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.blog/open-source/mainta</span><span class="invisible">iners/5-github-actions-every-maintainer-needs-to-know/</span></a></p><p><a href="https://mas.to/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a> <a href="https://mas.to/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> <a href="https://mas.to/tags/tooling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tooling</span></a> <a href="https://mas.to/tags/automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>automation</span></a> <a href="https://mas.to/tags/maintenance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>maintenance</span></a></p>
Hugo van Kemenade<p>"GitHub Actions: macOS 15 and Windows 2025 images are now generally available" <br>Add `macos-15` and `windows-2025` to use them. <br><a href="https://github.blog/changelog/2025-04-10-github-actions-macos-15-and-windows-2025-images-are-now-generally-available/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.blog/changelog/2025-04-</span><span class="invisible">10-github-actions-macos-15-and-windows-2025-images-are-now-generally-available/</span></a><br><a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.social/tags/CI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI</span></a> <a href="https://mastodon.social/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macOS</span></a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a></p>
Nicolas Fränkel 🇺🇦🇬🇪<p><a href="https://mastodon.top/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> by Example</p><p><a href="https://samirs-organization-6.gitbook.io/github-actions-by-example" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">samirs-organization-6.gitbook.</span><span class="invisible">io/github-actions-by-example</span></a></p>
Gonçalo Valério<p>"CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL"</p><p><a href="https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">praetorian.com/blog/codeqleake</span><span class="invisible">d-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/</span></a></p><p><a href="https://s.ovalerio.net/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> <a href="https://s.ovalerio.net/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a> <a href="https://s.ovalerio.net/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://s.ovalerio.net/tags/cicd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cicd</span></a></p>
Gonçalo Valério<p>"Whose code am I running in GitHub Actions?"</p><p><a href="https://alexwlchan.net/2025/github-actions-audit/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">alexwlchan.net/2025/github-act</span><span class="invisible">ions-audit/</span></a></p><p><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://s.ovalerio.net/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://s.ovalerio.net/tags/cicd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cicd</span></a> <a href="https://s.ovalerio.net/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a></p>
Python Rennes<p><a href="https://social.breizhcamp.org/tags/CI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI</span></a> <a href="https://social.breizhcamp.org/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> il est désormais possible d'utiliser des versions "free-threaded" de <a href="https://social.breizhcamp.org/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> (sans le global interpreter lock, qui bride la façon de faire de l'exécution concurrente) dans les <a href="https://social.breizhcamp.org/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a></p><p><a href="https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hugovk.dev/blog/2025/free-thre</span><span class="invisible">aded-python-on-github-actions/</span></a></p>
Python Rennes<p>Nous avons tous nos bonnes pratiques lorsqu'il s'agit de créer un nouveau <a href="https://social.breizhcamp.org/tags/projet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projet</span></a> <a href="https://social.breizhcamp.org/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a>, avec l'utilisation de patterns et d'outils éprouvés : lint avec <a href="https://social.breizhcamp.org/tags/ruff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ruff</span></a> et <a href="https://social.breizhcamp.org/tags/mypy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mypy</span></a>, hooks avec <a href="https://social.breizhcamp.org/tags/precommit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>precommit</span></a>, tests avec <a href="https://social.breizhcamp.org/tags/pytest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pytest</span></a>, intégration continue <a href="https://social.breizhcamp.org/tags/githubactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubactions</span></a> : <a href="https://github.com/neubig/starter-repo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/neubig/starter-repo</span><span class="invisible"></span></a> </p><p>Libre à chaque personne de faire évoluer le porojet selon ses propres goûts et contraintes.</p>
Hugo van Kemenade<p>GitHub Actions now supports free-threaded Python!</p><p>I wrote up how to add it your workflows so you can start testing free-threaded Python 3.13 and 3.14 with either actions/setup-python or actions/setup-uv.</p><p><a href="https://hugovk.dev/blog/2025/free-threaded-python-on-github-actions/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hugovk.dev/blog/2025/free-thre</span><span class="invisible">aded-python-on-github-actions/</span></a></p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/FreeThreaded" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeThreaded</span></a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.social/tags/CI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI</span></a> <a href="https://mastodon.social/tags/testing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>testing</span></a></p>
Lup Yuen Lee 李立源<p>"If you thought <a href="https://qoto.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> was bad, try mixing in <a href="https://qoto.org/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a>"</p><p><a href="https://www.feldera.com/blog/the-pain-that-is-github-actions" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">feldera.com/blog/the-pain-that</span><span class="invisible">-is-github-actions</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Coinbase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Coinbase</span></a> was primary target of recent <a href="https://mastodon.thenewoil.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> breaches</p><p><a href="https://www.bleepingcomputer.com/news/security/coinbase-was-primary-target-of-recent-github-actions-breaches/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/coinbase-was-primary-target-of-recent-github-actions-breaches/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.thenewoil.org/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a></p>
Christoffer S.<p>(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate <a href="https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">horizon3.ai/attack-research/at</span><span class="invisible">tack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/</span></a></p><p>The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.</p><p><a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://swecyb.com/tags/GithubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GithubActions</span></a> <a href="https://swecyb.com/tags/Github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Github</span></a> <a href="https://swecyb.com/tags/Tomcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tomcat</span></a> <a href="https://swecyb.com/tags/Apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apache</span></a> <a href="https://swecyb.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
Winbuzzer<p>GitHub has removed a poisoned Action used in 23,000+ repos after it exfiltrated CI secrets, prompting concerns over supply chain security</p><p><a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://mastodon.social/tags/CI_CD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI_CD</span></a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://mastodon.social/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreats</span></a> <a href="https://mastodon.social/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/CodeSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CodeSecurity</span></a> <a href="https://mastodon.social/tags/tjactions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tjactions</span></a></p><p><a href="https://winbuzzer.com/2025/03/21/github-action-breach-exposes-secrets-in-hundreds-of-repositories-xcxwbn/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winbuzzer.com/2025/03/21/githu</span><span class="invisible">b-action-breach-exposes-secrets-in-hundreds-of-repositories-xcxwbn/</span></a></p>
Jeremy Herve<p>If you work with GitHub Actions and have used actions to commit to a branch, you may have run into this little problem I ran into today: automatically generated commits and events triggered by a workflow, do not trigger any workflow.</p><p>In practice, that means that if you used a workflow to add a commit to your Pull Request, CI will not be triggered after that commit is pushed. All the events and CI that you would expect to see run on your Pull Request will not be triggered until your next push.</p><p>This is done on purpose by GitHub, as per the docs:</p><blockquote><p>When you use the repository’s <code>GITHUB_TOKEN</code> to perform tasks, events triggered by the <code>GITHUB_TOKEN</code>, with the exception of <code>workflow_dispatch</code> and <code>repository_dispatch</code>, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository’s <code>GITHUB_TOKEN</code>, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.</p><p><a href="https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication" rel="nofollow noopener noreferrer" target="_blank">Automatic token authentication</a></p></blockquote><p>A possible work-around in such cases is to use a personal access token instead of the default <code>GITHUB_TOKEN</code> to trigger events that require a token.</p><p>In my situation, I am using <code><a href="https://github.com/actions/github-script" rel="nofollow noopener noreferrer" target="_blank">actions/github-script</a></code> and its authenticated Octokit client. Specifically, I use <code>createOrUpdateFileContents</code> to add a new file, commit it, and push it to the branch. <code>actions/github-script</code> allows using the <code>github-token</code> input to pass your own custom token, so I used that:</p><pre><code>uses: actions/github-script@v7 with: github-token: ${{ secrets.API_TOKEN_GITHUB }} script: |</code></pre><p>The generated commit now happens in my name, and CI events are triggered as expected by that commit. </p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://herve.bzh/t/en/" target="_blank">#EN</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://herve.bzh/t/github/" target="_blank">#GitHub</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://herve.bzh/t/github-actions/" target="_blank">#GitHubActions</a></p>
LavX News<p>Cascading Supply Chain Attack Exposes Secrets in Over 23,000 GitHub Repositories</p><p>A recent supply chain attack has compromised critical CI/CD secrets across a staggering number of GitHub repositories, revealing vulnerabilities in widely used actions. The breach highlights the inter...</p><p><a href="https://news.lavx.hu/article/cascading-supply-chain-attack-exposes-secrets-in-over-23000-github-repositories" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/cascading</span><span class="invisible">-supply-chain-attack-exposes-secrets-in-over-23000-github-repositories</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a></p>
Lup Yuen Lee 李立源<p>Compromised `reviewdog` <a href="https://qoto.org/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> "injected Malicious Code into any CI Workflows using it, dumping the CI Runner memory containing the Workflow Secrets"</p><p><a href="https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wiz.io/blog/new-github-action-</span><span class="invisible">supply-chain-attack-reviewdog-action-setup</span></a></p>
LavX News<p>Cascading Supply Chain Attack Exposes CI/CD Secrets: A GitHub Action Breach Analysis</p><p>A recent cascading supply chain attack has compromised GitHub Actions, leading to the exposure of CI/CD secrets across thousands of repositories. This incident highlights vulnerabilities in the softwa...</p><p><a href="https://news.lavx.hu/article/cascading-supply-chain-attack-exposes-ci-cd-secrets-a-github-action-breach-analysis" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/cascading</span><span class="invisible">-supply-chain-attack-exposes-ci-cd-secrets-a-github-action-breach-analysis</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/CICDSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CICDSecurity</span></a></p>
LavX News<p>Windows Server 2025 Set to Revolutionize DevOps with New Features in GitHub Actions and Azure DevOps</p><p>The upcoming release of Windows Server 2025, scheduled for general availability on April 1, 2025, promises significant enhancements for developers using GitHub Actions and Azure DevOps. With updated s...</p><p><a href="https://news.lavx.hu/article/windows-server-2025-set-to-revolutionize-devops-with-new-features-in-github-actions-and-azure-devops" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/windows-s</span><span class="invisible">erver-2025-set-to-revolutionize-devops-with-new-features-in-github-actions-and-azure-devops</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/WindowsServer2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsServer2025</span></a> <a href="https://mastodon.cloud/tags/AzureDevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AzureDevOps</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload