GitHub’s pull_request_target event presents a significant security challenge due to its access to the pull request within the target repository’s context. This can expose sensitive secrets to untrusted users submitting pull requests. For projects like Pipelines-as-Code (PAC), where interaction with multiple upstream providers (Bitbucket, GitLab, GitHub) is essential, this risk is amplified. Access to repository secrets is vital for E2E testing across these platforms, yet arbitrary pull requests triggering secret-laden workflows is unacceptable. ...

I haven’t fully jumped on the AI hype train, but I’ve kept an eye on the evolving technologies of the past two decades. It used to be that Cloud was the buzzword, then Containers, and maybe blockchain (never got into this one), and now AI. At first, AI felt like a nice gimmick—discussing things with a chatbot felt a bit like doing a Google search but with a conversational twist. The problem with chatbots was that funny feeling you’d get when it seemed like they were just making things up. ...

Introduction It has been a long time since I have blogged about Emacs. I still enjoy using it as when I started from day one (around 1998). I did made some changes I have now moved out of the Emacs keybindings toward using the evil keybinding and have become proficient using Neovim (for terminal editing) or Vscode (for the debugger) but Emacs is where my “home” is. Today I’d like to talk about Isearch, I don’t think we realise how powerful isearch is compared to other editors, the experience out of the box is very intuitive and powerful and as anything with Emacs you can customize it exactly the way you want. ...

I have a very complicated development environment, which spins up a local Kubernetes cluster on Kind and then deploys a bunch of services to it. Some of the services gets accessed by the browser and until late I was deploying everything on localhost which so far did not cause any issues, since the browser are good at trusting localhost. But since my laptop was getting slower and slower and I had a new raspberry pi 5 unused with a SSD, I decided to made it my local Kubernetes cluster. ...

I use “Webhook” every day; it’s a simple mechanism used by most web applications to send payloads on events. It’s great and all, but since it needs to send you data, it has to be exposed to the internet. And that’s where it gets tricky. If you are in development mode and want to test the webhook, you can’t just expose your local machine to the internet; you need some sort of solution for that. ...

GitHub workflow is great but can be a bit of a black box when things go wrong. When the YAML cannot be validated, GitHub offers a handy feature to debug the workflow with additional logging. But sometimes your deployment or tests, or whatever you are doing in your workflow, fail when running on CI but not locally, and you are bound to end up in the git push/commit Outer-Loop hell: 📝 vi file/to/add/debug.sh 🎹 git commit -a "debug ignore" 🫸 git push 👀 [watch logs failures] ♻️ [repeat] 🔞 [swear] 🤦 [hope that things start to work but no it's just another random timeout] 😭 [distress] I hate this loop; it’s time-consuming, stupid, and wastes resources and energy for the planet and everyone. ...

I enjoy the space cadet feature of QMK : https://docs.qmk.fm/#/feature_space_cadet The feature is simple but yet powerful, when you hit one press you send a parenthese open or close form the other side and if you hold it you have shift. I am not sure what happened to my config, but I could not get it to work with the default macros offered SC_LSPO and SC_RSPO. I dug into the process_record_user() function hook to replicate the feature and add one other ’thing’ where if you press another shift at the same time of the keypress it will do a right bracket. ...

Sometime the tiniest optimization makes a huge difference. When I am not using Emacs and dired I usually just use the shell with zsh to do all my file management. This is fine and great but sometime when I need to select multiple files with different names, I would have to do a lot of tabs and selection or copy and paste to select properly the list of files I want to do operations on. ...

Every time I press the [TAB] key in my shell, it bothers me that nothing happens. I’m not very smart, so I often press the [TAB] key multiple times, hoping that maybe the seventh time will magically produce the completion that I expect. However, magic is not a computer function, and if a user or command line interface (CLI) author has not provided a completion function, nothing will ever happen. ...

I have been meaning to write an article about tools that I have developed lately to make it easier for my day to day life work. Being a so called “Kubernetes cloud native developer” (don’t laugh at the title because I do) I have to watch a log of controller logs. Most controller logs output in JSON format which is a nice tool for computers but not straightforward to parse to the eyes of the mere mortals. ...