My first CVE (CVE 2022-41032)
September 8, 2023
Before I started my new job at Vercel in 2022, I took a week off after leaving my job at GitHub. I was intending to spend some time working on one of my too-numerous side projects -- in particular, a .NET Core app that uses libgit2. Instead, I found my first CVE (CVE 2022-41032).
Pushing a (New) Empty Branch
May 12, 2020
Yesterday, I invoked a fun little command to create a new, empty dist branch in a GitHub repository. But I didn't explain it. So today I wanted to unpack exactly what's going on here.
Packaging an Action
May 8, 2020
After having created several actions to use in GitHub Actions workflows, I've settled on a pattern that I really like for packaging them, and in my most recent action, I codified this in a CI process to automate it for me. The reason that this is important is because GitHub Actions uses a git repository as the distribution mechanism for an action. Since actions are actually just Node.js applications, that means that the repository needs to contain the application, and its dependencies. It needs to actually contain the node\_modules directory. But... you're not supposed to check that in, are you? No! You're not. At least... not in your development branch, which is why I recommend a two branch approach.
libgit2 v1.0 Released
April 1, 2020
After many years of planning, writing code, and fixing bugs, libgit2 v1.0 has been released. 🎉🎉🎉 libgit2 is a linkable library for working with git repositories in any application, and you probably interact with the library, even if you don't know it. That's because libgit2 powers your applications and your hosting provider, whether you use GitHub, GitLab, Bitbucket, or nearly anybody else. The Git community -- really, every software developer -- depends on libgit2. And we've finally released libgit2 v1.0.
libgit2 v0.99 Released
February 19, 2020
Today we've released libgit2 v0.99. 🎉🎉🎉 libgit2 is a linkable library for working with git repositories in any application. It's used by IDEs, GUI clients for Git, hosting providers, scientific computing tools, and even scuba diving log software. Whether you keep your code on GitHub, GitLab, Bitbucket, or nearly anywhere else, it's libgit2 that does the work every time you click the "merge pull request" button. So if you write software, you've probably used libgit2, even if you don't know it. And -- finally -- we're getting close to releasing version 1.0.
GitHub Actions Day 31: Adding an Action to the Marketplace
December 31, 2019
Yesterday we built an action that let you send a tweet from a GitHub Actions workflow. Once we built it, you can use it by referencing it in my repository, as ethomson/send-tweet-action\@v1. But... how do people find it? If we publish this action to the GitHub Marketplace, then people who want to build a workflow have a focused place to look for actions that they can use to extend GitHub. The marketplace will even show up in the workflow editor, so that people can find actions easily.
GitHub Actions Day 30: Integrating Other APIs in an Action
December 30, 2019
GitHub Actions Day 29: Creating an Action
December 29, 2019
GitHub Actions Day 28: Repository Automation
December 28, 2019
This month we've looked at a lot of different ways to build and test your code when a pull request is opened, or when a pull request is merged into the master branch. And we've looked at different ways to deploy your code to a package registry or to a cloud provider. But GitHub Actions provides triggers for any operation that happens in your repository, not just the ones start CI/CD workflows. Here's some simple examples that display information about the event and are a good basis to build on.
GitHub Actions Day 27: Deploy to Cloud
December 27, 2019
So far this month, we've looked at a lot of ways to build and test your software. And we've looked at a few ways to package up your software. But how do you actually get it running in your cloud service provider? As my buddy Damian says, "friends don't let friends right-click publish". Instead, a best practice is to script your deployments so that they're reliable and reproducible.