me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy

Holy fuck this new GitHub feature is amazing!!!
It's called GitHub Actions and you can easy automate your work flow using a simple graphical editor!
I need to test this out right fucking now!

A bot just made 519 pull requests with malicious Makefile code to get a github actions server to send a curl to a random host.

It's gonna be one of those days

Our company today disallowed the use of GitKraken to all developers. Reason? They wanted to save money. When I told them that software is free, they responded with , “No, not in any way! All developers can use GitHub Actions instead”.

I don’t think they know what GitKraken nor GitHub Actions is, nor that GitKraken is free.

Not that I like GitKraken, but I don’t want to limit other developers use of it if they like it.

Meanwhile, we have been running no less than four kubernetes clusters, of which only one is in use…

At some point, someone on the visual studio team thought: what people need is a clicky-draggy gui for editing yaml files for github actions.

And instead of throwing him unceremoniously out of the window, the rest of the team agreed, and said: yes, that's a great idea, it will be almost as useful as that clicky-draggy gui for editing sql commands.

At first I wasn't really happy when MS bought GitHub (Considering the things they fucked up in the past).
However right now it seems like it really was a change for the better. I am currently testing GitHub Actions for CICD and holy fuck its amazing!

Programmer OAth. Just read on a github repo

0. I will only undertake honest and moral work. I will stand firm against any requirement that exploits or harms people.

1. I will respect the learnings of those programmers who came before me, and share my learnings with those to come.

2. I will remember that programming is art as well as science, and that warmth, empathy and understanding may outweigh a clever algorithm or technical argument.

3. I will not be ashamed to say "I don't know", and I will ask for help when I am stuck.

4. I will respect the privacy of my users, for their information is not disclosed to me that the world may know.

5. I will tread most carefully in matters of life or death. I will be humble and recognize that I will make mistakes.

6. I will remember that I do not write code for computers, but for people.

7. I will consider the possible consequences of my code and actions. I will respect the difficulties of both social and technical problems.

8. I will be diligent and take pride in my work.

9. I will recognize that I can and will be wrong. I will keep an open mind, and listen to others carefully and with respect.

GitHub Actions doesn't seem to be working. I'll check the GitHub status page..

CI CD pipelines in my company... Having CICD suppose to help development... Now we have countless templates and tools (github actions, circle ci, agro, aws beanstalk, azure pipelines, serverless, terraforms, cloud formation, helm charts, ECR, Vault... and few more).

Total chaos, doing simple CICD for 1 api and 1 lambda took 3 days so far, and will take bit more.

On top of that, no one have idea which part of scripts are doing what exactly, as responsibilities are in different tools (each tool have different config files).

Does deployment have to be so complex? Or is it that my company DevOps team makes it so unnecessary complicated?

All PRs and no developing make Jack a dull boy

Well sometimes I need someone to pull computer out of my hands and slap my face.

5am here, spent last 10 hours writing code in java after 5 years break.

After that I deployed snapshot using maven and github actions to github package repository.

Finished first POC in one night.
Am I insane?

Today I played with GitHub Actions. Since I couldn't test anything without making a commit and pushing it to GitHub to trigger the workflow, my commit history now chronicles my slow descent into madness. Thank God it's a private repo. I'm gonna squash it if I ever make it public.

This gem is from hour two of my four-hour struggle:

I did not think that making a serverless Discord bot would be such a learning experience. The code itself was easy. The hard part was the infrastructure, because I decided to automate it all with Terraform and deploy it on AWS.

Before this project, I had no idea how API Gateways worked. Now I still have very little idea how they work but I managed to build one anyway. Eventually. And then I had to figure out how to automate the deployment of a lambda layer and function that would both still be managed in the Terraform state, with any code changes triggering a rebuild and update for the resource.

And then I had to untangle a dependency mess because API Gateways have some weird issues where two resources that have no explicit dependencies on each other will throw an error if they don't deploy in the right order.

And then I went the wrong way with Github actions trying to conditionally chain multiple workflows together before I realized I could just put multiple jobs with conditions in a single workflow.

And now after all that work over the course of 2 days, I have a bot that does this:

GitHub Actions. That is all.

Well, not really. Trying to convert a grunt script which we have packaging our WordPress plugins to be done as a GitHub action instead and I'm about to throw my machine out of the window.

Question for devs who work in large multi-team environments:

A) What is your code review process like? Does a senior review it once and then it's off to QA or do you have "levels" of approval?

B) If you're launching a feature that depends on another team how are you coordinating it? Do you just talk over a ticket and then hit merge and deploy at the same time or like what's your process like?

C) What CI/CD tool do you use? Also what code hosting platform do you use? Github/GItlab/etc.

D) Are you currently happy with the CI tool you're using? If not what are some common issues you're facing?

Question for my fellow devs:

Do you feel like you are spending too much time on maintaining ur devops/infrastructure rather than focusing on the actual product?

Do you think your company would be willing to spend a bit of money to outsource scaling problems to someone else and just focus on the product?

Ik we got lots of fancy new CI platforms like Circle CI GH actions etc but like I personally feel like I’m doing certain infrastructure tasks twice when I look at the two different codebases I work on.

I’m trying to update a job posting so that it’s not complete BS and deters juniors from applying... but honestly this is so tough... no wonder these posting get so much bs in them...

Maybe devRant community can help be tackle this conundrum.

I am looking for a junior ml engineer. Basically somebody I can offload a bunch of easy menial tasks like “helping data scientists debug their docker containers”, “integrating with 3rd party REST APIs some of our models for governance”, “extend/debug our ci”, “write some preprocessing functions for raw data”. I’m not expecting the person to know any of the tech we are using, but they should at least be competent enough to google what “docker is” or how GitHub actions work. I’ll be reviewing their work anyhow. Also the person should be able to speak to data scientists on topics relating to accuracy metrics and mode inputs/outputs (not so much the deep-end of how the models work).

In my opinion i need either a “mathy person who loves to code” (like me) or a “techy person who’s interested in data science”.

What do you think is a reasonable request for credentials/experience?

Github Actions.
A nice feature that can drive you nuts.

"GITHUB_EVENT_PATH: The path of the file with the complete webhook event payload. For example, /github/workflow/event.json."

"github.event_path: The path to the full event webhook payload on the runner."

Well guess what? These fucking variables are completely useless since the path in them is non-existent.
Fortunately /github/workflow/event.json works...but for how long?

Also using header Accept: application/vnd.github.v3+json to download a zip file is masochism.

How can I make a bot which makes a single commit everyday at a specific time for a particular repository?
The commit can be anything like insertion in readme or creating a new file.

I tried to accomplish this using python selenium I deployed it on heroku, the problem I am facing is github doesn't allows to crawl on it so it sends a verification code to me on mail and all my further selenium actions fail due it this.☹️

Super random question 😄

Anybody know of a nice way of running tests for my NPM library but with Deno? So like I've tested manually it with Deno and it works, but I want to include it in my test suite in GitHub Actions. Feels tricky as I probably can't use Jest, so then I'll have to rewrite the tests in Deno...

Which CI is best for open source?
TravisCI look pretty promising, GitHub Actions too, but with Travis you can have 3 concurrent jobs on their OpenSource plan.

F***ing GitHub Actions.

I just wanted to make Snapcraft builds of my game with CI and instead I'm fiddling around with YAML syntax because for some reason everything got formatted incorrectly.

Also I have no way of testing the workflow locally to save me commits. So I have to wait five minutes each time to find out that I yet again somehow mucked up the script and it couldn't snap the executable.

Gonna be a hater again but
GitHub Actions. Is there a worst CI tool?

Github actions are so complicated, why they don't set up something like a simulator. I keep pushing my updates everytime I make changes to my yml file only to know it errors.

CodePipeline single branch limitation. Shame on you Amazon.

Github Actions FTW.