Investigating unauthorized access to GitHub-owned repositories
On Monday May 18, we detected and contained a compromise of an employee device involving a poisoned VS Code extension published by a third party. We removed the malicious extension version, isolated the endpoint, and began incident response immediately. Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 re
Pullfrog
Pullfrog is an integration layer between GitHub and your favorite CLI-based coding agents. Based on incoming webhook events, it triggers agent runs inside your repo's GitHub Actions. Your agent—armed with a set of MCP tools from Pullfrog—can write code, review PRs, make plans, create issues, answer questions, and more. Works with any CLI-based agent: Claude Code, Cursor, Codex, Gemini CLI, OpenCod
automerge-gate: GitHubのAuto Mergeをひとつの必須チェックに集約するGitHub Action
GitHubのAuto Mergeをひとつの必須チェックに集約するためのGitHub Action automerge-gate を作ったので紹介します。 GitHub: pkgdeps/automerge-gate 背景: GitHub Auto Mergeは集約するアクションなしだと使いにくい 前提として、GitHubのAuto Mergeを使うには、必須チェック未達成のPRをマージできない状態にするBranch protection ruleやRulesetの設定が必要です。 これらの保護機能でPRがブロックされる状態を作ったうえで、すべての必須チェックが成功した時点でAuto Mergeが発火する、という仕組みになっています。 逆に言うと、Auto Mergeを使うには何かしらのステータスチェックを必ず必須に入れる必要があります。 そして、Branch protection rul
GitHub - pkgdeps/automerge-gate: A single required status check that gates Enable Auto Merge on every CI run that lands on a PR. Merge GateKeeper.
GitHub's branch protection / rulesets ask you to list each required status check by name. That list is fragile: Renovate / Dependabot bring in checks from external GitHub Apps that come and go. Monorepos use path filters, so a workflow may be skipped on some PRs and present on others. Adding a new workflow file means rewriting the ruleset. automerge-gate replaces that list with one aggregated chec
Obsidian Headless SyncをGitHub Actionsで使う - Nexalis
!a.isFolder&&!b.isFolder||a.isFolder&&b.isFolder?a.displayName.localeCompare(b.displayName,void 0,{numeric:!0,sensitivity:\"base\"}):!a.isFolder&&b.isFolder?1:-1","filterFn":"node=>node.slug.startsWith(\"publish\")||node.slug.startsWith(\"articles\")","mapFn":"node=>node"}">エクスプローラー Quartzで保管庫の一部を公開しているが、その保管庫をObsidian Syncから取り出すことができるようになった。 GitHub - atty303/obsidian-quartz: Publish my Obsidian v
GitHub Copilot code review will start consuming GitHub Actions minutes on June 1, 2026 - GitHub Changelog
GitHub Copilot code review will start consuming GitHub Actions minutes on June 1, 2026 Developers and engineering teams worldwide use GitHub Copilot for high-quality, agent-powered code reviews on every pull request. We understand that any change is significant to our customers, especially when it relates to billing, so we are sharing this update early to help you plan and prepare. The sections be
Notice about upcoming new format for GitHub App installation tokens - GitHub Changelog
Notice about upcoming new format for GitHub App installation tokens Starting April 27th 2026 and over the coming weeks, we will begin a staged rollout that updates the format of newly minted GitHub App installation tokens, making them more performant and improving the reliability of our API surface. If your application expects or relies on installation tokens being exactly 40 characters long, it m
GitHub - joschi/blueskyfeedbot: A bot that posts RSS feeds to Bluesky via GitHub Actions
name: FeedBot on: schedule: # This will run every five minutes. Alter it using https://crontab.guru/. - cron: '*/5 * * * *' workflow_dispatch: # This allows manually running the workflow from the GitHub actions page concurrency: group: feedbot jobs: rss-to-bluesky: runs-on: ubuntu-latest steps: - name: Generate cache key uses: actions/github-script@v6 id: generate-key with: script: | core.setOutpu
GitHub - MuseumofModernArt/collection: The Museum of Modern Art (MoMA) collection data
The Museum of Modern Art (MoMA) acquired its first artworks in 1929, the year it was established. Today, the Museum’s evolving collection contains almost 200,000 works from around the world spanning the last 150 years. The collection includes an ever-expanding range of visual expression, including painting, sculpture, printmaking, drawing, photography, architecture, design, film, and media and per
Manage agent skills with GitHub CLI - GitHub Changelog
Agent skills are reshaping how developers work with AI coding agents. Today we’re launching gh skill, a new command in the GitHub CLI that makes it easy to discover, install, manage, and publish agent skills from GitHub repositories. What are agent skills? Agent skills are portable sets of instructions, scripts, and resources that teach AI agents how to perform specific tasks. They follow the open
GitHub - dsherret/gagen: Generate complex GitHub Actions YAML files using a declarative API.
Generate complex GitHub Actions YAML files using a declarative API. Gagen lets you define workflows in TypeScript with a fluent, declarative API that automatically resolves step ordering and propagates conditions. The condition propagation helps skip unnecessary setup steps and eliminates needing to repeat condition text over and over again. Additionally, gagen automatically pins dependencies in t
GitHub Stacked PRs
Arrange pull requests in an ordered stack and merge them all in one click. Each PR represents one focused layer of your change, reviewed independently and landed together. Navigate between PRs in your stack from the GitHub UI, check the status of every layer at a glance, and trigger a cascading rebase across the entire stack with one click.
The uphill climb of making diff lines performant
Pull requests are the beating heart of GitHub. As engineers, this is where we spend a good portion of our time. And at GitHub’s scale—where pull requests can range from tiny one-line fixes to changes spanning thousands of files and millions of lines—the pull request review experience has to stay fast and responsive. We recently shipped the new React-based experience for the Files changed tab (now
GitHub - redwoodjs/agent-ci: Agent-CI is local GitHub Actions for your agents.
Run GitHub Actions on your machine. Caching in ~0 ms. Pause on failure. Fix and retry — before you commit, before you push. Agent CI is a ground-up rewrite of the GitHub Actions orchestration layer that runs entirely on your own machine. It doesn't wrap or shim the runner: it replaces the cloud API that the official GitHub Actions Runner talks to, so the same runner binary that executes your jobs
REST API version 2026-03-10 is now available - GitHub Changelog
Previously, we introduced calendar-based versioning for our REST API, giving us a path to evolving our API while giving integrators plenty of time and clear guidance for upgrading. Now, we’re releasing calendar version 2026-03-10, the newest version of the GitHub REST API. This is the first calendar version to include breaking changes. What’s in this release Version 2026-03-10 introduces a set of
エンジニアのための英語 | 技術評論社
概要 Webアプリケーション開発をしていると、海外のエンジニアと英語でやり取りする機会が多くあります。本特集では、GitHubでコミュニケーションをする際、自分の意図を正しく伝え、相手の意見を正しく理解するために知っておくべき頻出表現を学びます。 目次 本書をお読みになる前に なぜエンジニアに英語が必要なのか グローバル時代のエンジニアと英語 AI翻訳全盛時代の英語 英語コミュニケーションのフレームワーク 本書の発音記号 CONTENTS 第1章:英語の基本の復習 基本文型 5つの基本文型 第1文型(S V) 第2文型(S V C) 第3文型(S V O) 第4文型(S V O1 O2) 第5文型(S V O C) まとめ 格変化 疑問文、否定文 平叙文の形をした疑問の表現 付加疑問文 イントネーションによる質問 「not」を使わない否定の表現 no + 名詞 few / little(ほ
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
GitHub - DataDog/ensure-ci-success: Keep your PRs green by ensuring all CI checks pass.
docs: clarify that `gh pr edit --add-reviewer` can re-request reviews by joshjohanning · Pull Request #13021 · cli/cli
GitHub - multimediallc/codeowners-plus: Feature-rich alternative to GitHub Code Owners for monoliths and mono-repos
Release v6.3.0 · actions/setup-node