GitHub

A collection of 28 posts

GitHub Actions

Authenticate Connect-MgGraph using OIDC in GitHub Actions

I'm running a number of maintenance scripts against our Azure EntraId to manage GitHub related things. Removing dormant users, asking users to setup their notification email correctly etc. For a long time, I ran these scripts with an interactive session, before moving them over to GitHub Actions. Recently

github copilot

Picking the right GitHub Copilot model

GitHub recently released documentation on all the large language models available in GitHub Copilot. The list is ever expanding, especially when you have previews turned on for your account. But its still hard for many people to pick the right model for their task.

GitHub

Create GitHub issue hierarchy using the API

The newly introduced GitHub Issues updates have added support for issue types as well as parent-child hierarchies. Unfortunately, the GitHub CLI hasn't yet been updated to support setting up this tree structure.

Visual Studio Code

Running Model Context protocol servers in a specific Node version inside Visual Studio Code

As you might know, I maintain a few Azure Pipelines extensions, for backwards compatibility many of these include Typescript targeting Node 16 still. Today I was playing around with Model Context Protocol (MCP) servers in Visual Studio Code Insiders and ran into an issue where the current active Node version

GitHub Featured

(repost) Protect the repository hosting your GitHub Action

This post, now 2 years old, is still very valid, especially in light of the changed-files hack recently.

GitHub

GitHub's new Billing - Assigning Cost Centers in Bulk

I've recently set up the internal cost centers to split our GitHub enterprise bill according to cost centers defined in GitHub. Cost Centers are part of GitHub's new Billing experience which is currently rolling out to GitHub Enterprise customers and which is also coming to GitHub for Teams.

github copilot

Use inline completions for more answers with GitHub Copilot Free

2 months ago, GitHub gave everybody their taste of GitHub Copilot with the limited free tier. You get 2000 completions and 50 chats. This is awesome! But 50 chats aren't that many. Did you know you can use your completions for simple chat answers as well? And this

GitHub

Troubleshooting GitHub Copilot keyboard shortcuts in Jetbrains IDEs

Over the past months I've delivered 100s of GitHub Copilot workshops. Ranging from 2 hour introduction talks, where I quickly walk through the main features of the product, up to day-long workshops with interactive hands-on. For most people it's pretty easy to get started. In Visual

GitHub

Scan all workflow artifacts for leaked secrets

In response to: Major GitHub repos leak access tokens putting code and clouds at riskBuild artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.CSO OnlineLucian Constantin I've created a quick powershell

GitHub

Looking back on the Global DevOps Experience

It's been a few weeks since the Global DevOps Experience 2024 finished, but it's a lot longer since we all started back in March.

git Featured

The use or uselessness of signed commits

Each commit you make stores the name and email address you've configured in your git config. But Git doesn't verify whether that's you. You can easily make a commit that uses the email of any famous coder out there in the world, and your Git repo will accept that.

Scrum

Don't get lost in your plans

Today I got a call from a customer who is trying to understand what's going on in their teams and is getting lost among the many different Features and Product Backlog Items on their boards.

GitHub

Restrict GitHub branches to specific prefixes

Many people follow some kind of naming format for their branches. Be it because they're using GitHub Flow or Git Flow or because they've created their own meaningful naming patterns.

Azure Pipelines

Recommendations for using Azure CLI in your workflow

Azure CLI is widely used in GitHub Actions and Azure Pipelines, as well as many other CI/CD tools. Over the last few weeks, I've been looking into its performance and security and based on that here are a number of recommendations.

GitHub

Accessing (private) GitHub resources from a Codespace

If you want to access packages or repositories from another organization though, you're out of luck. Even though you can request access to repositories outside of your organization or account, GitHub won't grant you that access when the Codespace starts.

GitHub Featured

Investigating az-cli performance on the hosted Azure Pipelines and GitHub Runners

I've been building a few more workflows and pipelines over the past few days and had been experimenting with the az-cli. And I've been running into all kinds of performance issues.

GitHub Actions Featured

Protect the repository hosting your GitHub Action

It comes as no surprise that the tags and branches solution to version GitHub Actions is weak at best. There have been rumors of Actions moving to a different model (GitHub Container Registry), but that is yet to see the light.

git

Tips & tricks: Git under WSL and windows

Since the introduction of WSL I've started to rely on it more and more, but there are still a few quirks when dealing with multiple environments that access the same repo on disk.

GitHub Featured

Enable RenovateBot for Azure Pipelines

In my report on the Security state of the Azure DevOps Marketplace I came to the unfortunate conclusion that about 40% of the extensions contain vulnerabilities. One of the recommendations for both Azure DevOps administrators and pipeline authors was to keep the Azure Pipelines Tasks up-to-date.

Azure DevOps Featured

Security state of the Azure DevOps Marketplace

This report focusses on the Azure Pipelines extensions in the Marketplace. At the time of compiling the report there are 1460 extensions in the "Azure Pipelines" category. More than 500 have one or more vulnerabilities or vulnerable dependencies.

GitHub

What's GitHub's new require approval of the most recent push policy all about?

The "require approval of the most recent push" protection rule was recently introduced (oct 2022).

GitHub Actions

Issuing workflow commands from the Windows shell in GitHub Actions

I don't think you should, I'm not sure you want to... But in case you need to... Here's how to correctly issue a GitHub Actions workflow command from the windows shell.

Ghost

Update Ghost blogs and pages with PowerShell

In order to remove a bit of repetitive manual work from my schedule I wrote a little sync between my Scrum.org class schedule to this blog.

GitHub Actions

Upgrade Hosted Agent / GitHub Runner PowerShell

I had recently fixed a bug in one of my build scripts by upgrading to the latest PowerShell Preview version. Of course, that version isn't yet available on the hosted agent for Azure Pipelines and GitHub Actions.

GitHub

Be Secure and Compliant with GitHub

How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant? Unfortunately, many of these questions arise after the fact. After the application has been built, or even