GitHub Actions のコストが思ったより高かったので ## 2. ランナー単価の最適化 次に見直したのが ランナー単価 です。 ランナーの確認をしたところ、一部ワークフローが、高スペックのカスタムランナー で動いていることを発見しました。 この高スペックのカスタムランナーに変更した当時は在籍していなかったため、経緯を確認したところ、過去に “安定性を優先して” 導入していたとのことでした。 ### ubunts-latestへの移行 コスト内訳を調べたところ、このカスタムランナーがコストの大半を占めていました。 本当にこのランナーじゃないと動かないのか？と再度検証したところ、当時問題だった といった課題は、リファクタリング等の効果も

GitHub Actionsのコスト削減は破壊力が凄まじい。カスタムランナーを見直しCIを最適化しただけで月間費用が38%減。

・高スペックを標準に戻し35%削減
・RenovateのCI連打を抑制

#CI #GitHubActions

le podcast 🎙 AWS ☁️ en 🇫🇷 : RunsOn

Exécutez vos GitHub Actions sur EC2 dans votre compte AWS.
Cyril Rohr explique l'archi, le cache S3 transparent et comment gérer 80k jobs/jour.

🎧 Dans vos apps de podcast et ici francais.podcast.go-...

#AWS #GitHubActions

Original post on mastodon.social

There is a bug in Claude Code in GitHub Actions that requires MCP servers to be installed beforehand, delaying startup time. The optimal approach would be to install MCP servers in parallel and connect only when needed, but the MCP_TIMEOUT variable is completely ignored.

This is frustrating […]

ファインディでのGitHub Actions自動化の事例 - Findy Tech Blog # Findy Tech Blog # ファインディでのGitHub Actions自動化の事例 GitHub Actions CI/CD フロントエンド この記事をはてなブックマークに追加 ファインディ株式会社でフロントエンドのリードをしております 新福(@puku0x)です。 GitHub Actionsは、CI/CD以外にも様々な業務の効率化に役立ちます。 この記事では、弊社で実施しているGitHub Actionsを使った自動化について紹介します。 自動化 + 担当者アサイン + ラベル設定 + リリース + QAチェック項目の抽出 + 定期実行

GitHub ActionsはCI/CD以上の可能性を秘めています。開発UXを最大化する究極の省人化事例を紹介します。

・担当者アサイン自動化
・PRラベルの動的制御
・リリースフローの完全自動化
・休日判定付きの堅実設計

#GitHubActions #DevOps
00

【ソースコード公開】ブログ自動投稿システムを作って失敗した話。供養のためにPythonコードとYMLファイルを全部載せました。
https://nextsns-news.com/github-actions-openai/
#GitHubActions #OpenAI

GitHub - joedudev/vite-blackjack Contribute to joedudev/vite-blackjack development by creating an account on GitHub.

🚀 New satellite launched! 🛰️ Created a standalone Vite 8 Blackjack station to master GitHub Actions & CI/CD workflows. 🌌

Building modern, automated pipelines on my journey to Full-Stack Developer. 👨‍🚀✨

Check the orbit:
github.com/joedudev/vit...

#JavaScript #ViteJS #GitHubActions #WebDev #Coding

Do you want #OpenTelemetry support in #GitHubActions?

Since GitHub is asking for input on their GitHub Actions roadmap, maybe upvoting github.com/orgs/community/discussio... will give them a nudge to implement it. 😄

What’s coming to our GitHub Actions 2026 security roadmap - Feedback & Suggestions · community · Discussion #190621 🏷️ Discussion Type Product Feedback 💬 Feature/Topic Area Other Discussion Details We recently published a blog post outlining capabilities GitHub is actively investing in and developing for Actions...

Do you want #OpenTelemetry support in #GitHubActions?

Since GitHub is asking for input on their GitHub Actions roadmap, maybe upvoting github.com/orgs/communi... will give them a nudge to implement it. 😄

Github Actions

GitHub Actions คืออะไร

อ่านต่อ : www.blockdit.com/posts/69c686...

#ShoperGamer #Github #GithubActions #CI #CD #Workflows #SelfhostRunner #Automate #Study #Knowledge #Feed

GitHub Actions Changed Pricing in 2026 — Here's Exactly What You're Paying Now In January 2026, GitHub updated their Actions runner pricing. Most teams didn't notice. Here's...

GitHub Actions Changed Pricing in 2026 — Here's Exactly What You're Paying Now In January 2026, GitHub updated their Actions runner pricing. Most teams didn't notice. Here's exact...

#githubactions #cicd #devops #webdev

Origin | Interest | Match

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action | HackerNoon Avoid silent analytics bugs by using two Open Source tools. First, get free from vendor lock-in by replacing the vendor analytics SDKs with RudderStack SDK that

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action #Technology #SoftwareEngineering #Other #Analytics #SoftwareDevelopment #GitHubActions

hackernoon.com/no-more-silent-analytics...

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action

Avoid silent analytics bugs by using two Open Source tools. First, get free from vendor lock-in by replacing the vendor analytics SDKs with RudderStack SDK that #githubactions

TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions TeamPCP compromised Aqua Security's trivy-action and injected a credential-stealing payload that harvested CI runner memory, queried cloud instance metadata, enumerated webhook URLs, and exfiltrated encrypted secrets to typosquat domains. The identical stealer appeared days later in Checkmarx's ast-github-action (v2.3.28), indicating stolen credentials from the Trivy compromise were used to poison additional GitHub Actions; #TeamPCP #Trivy

TeamPCP compromised Aqua Security’s Trivy GitHub Action by injecting a credential-stealing payload that harvested secrets from CI runners. The same stealer hit Checkmarx’s GitHub Action days later, spreading the attack. #SupplyChain #GitHubActions

⚙️ Automatiza tu código desde el día 1 con GitHub Actions

github.blog/developer-skills/github/...

#GitHub #GitHubActions #DevOps #Programación

Teampcp Hacks Checkmarx via Stolen CI
Read More: buff.ly/6nVcv6O

#TeamPCP #Checkmarx #GitHubActions #CICDSecurity #SupplyChainAttack #SecretsTheft #Typosquatting #DevSecOps

Trivy was compromised AGAIN! A security scanner designed to protect your CI/CD became the attack vector, stealing credentials. Are your pipelines safe?

thepixelspulse.com/posts/trivy-github-actio...

#trivy #aquasecurity #githubactions

Trivy GitHub Action Breach Hits CI/CD
Read More: buff.ly/tfZnIy8

#Trivy #AquaSecurity #GitHubActions #CICDSecurity #SupplyChainAttack #SecretsTheft #DevSecOps #InfosecNews

GitHub Actions のコストが思ったより高かったので ## 2. ランナー単価の最適化 次に見直したのが ランナー単価 です。 ランナーの確認をしたところ、一部ワークフローが、高スペックのカスタムランナー で動いていることを発見しました。 この高スペックのカスタムランナーに変更した当時は在籍していなかったため、経緯を確認したところ、過去に “安定性を優先して” 導入していたとのことでした。 ### ubunts-latestへの移行 コスト内訳を調べたところ、このカスタムランナーがコストの大半を占めていました。 本当にこのランナーじゃないと動かないのか？と再度検証したところ、当時問題だった メモリ不足 テストの不安定さ とい

GitHub Actionsのコスト削減は実行時間より「ランナー単価」と「実行回数」の見直しが最短です。

・カスタムランナーをubuntu-latestへ移行
・RenovateのCI実行を抑制

この2点で月間コスト38%削減。

#GitHubActions #CIコスト削減

Trivy Breached Twice in a Month via GitHub Actions Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing malware through CI/CD pipelines.

winbuzzer.com/2026/03/23/t...

Trivy Breached Twice in a Month via GitHub Actions

#GitHub #GitHubActions #Cybersecurity #Malware #Cybercrime #SecurityBreach #OpenSource #Hackers #npm #Javascript #SoftwareDevelopment #CloudComputing #DataBreaches #Trivy #AquaSecurity #TeamPCP #CanisterWorm

Trivy's supply chain hit AGAIN! Attackers force-pushed infostealer malware to 75 Git tags, exploiting persistent credentials & mutable versioning. A critical lesson in CI/CD security.

thepixelspulse.com/posts/trivy-supply-chain...

#trivy #aquasecurity #githubactions

Trivy's GitHub Actions compromised again, exposing CI/CD secrets. Developers urged to enhance security measures. #CyberSecurity #DevSecOps #CI/CD #GitHubActions Link: thedailytechfeed.com/trivys-githu...

Delete old GitHub Actions artifacts with PowerShell My GitHub Actions artifact usage was nearing the maximum quota for the month, so I needed a script to delete old artifacts

Blogged: Delete old GitHub Actions artifacts with PowerShell

david.gardiner.net.au/2026/03/dele...

#GitHub #GitHubActions #PowerShell

2026年3月19日の Trivy 再侵害の概要と対応指針 2026年3月19日、Aqua Security が提供するOSSセキュリティスキャナ Trivy のエコシステムが、3週間以内に2度目のサプライチェーン攻撃を受けました。攻撃者は aquasecurity/setup-trivy および aquasecurity/trivy-action の2つのGitHub Actionsに悪意あるコードを注入し、これらを利用するCI/CDパイプラインからクレデンシャルを大規模に窃取するペイロードを配布しました。

【セキュリティ警告】CI/CDツール「Trivy」のGitHub Actionsが侵害されたようです。攻撃者がタグを強制更新し、悪意あるコードを配信。CI/CDパイプライン上のシークレット情報が流出する恐れあり。

GitHub Actions利用者は即座にログ確認と認証情報のローテーションを！

#セキュリティ #DevSecOps #CI/CD #GitHubActions

https://diary.shift-js.info/trivy-compromise/

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow

iT4iNT SERVER Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets VDS VPS Cloud #Trivy #Security #GitHubActions #CyberSecurity #DevOps

⚙️ GitHub para Principiantes: Primeros Pasos con GitHub Actions

Configura tu primer flujo de trabajo de GitHub Actions con esta guía.

github.blog/developer-skills/github/...

#GitHubActions #CI_CD #Automation #RoxsRoss

Okay, GitHub Actions is getting a bunch of backend updates in late March 2026. Looks like they're focusing on performance and reliability behind the scenes. Fingers crossed this means fewer mysterious job failures for my CI/CD pipelines. 🤞 #GitHubActions

Finally, a beginner's guide to GitHub Actions that doesn't assume I'm already a wizard! 🧙‍♂️ This walkthrough on automating issue labeling is actually pretty straightforward. Might finally get those pesky 'needs triage' labels sorted. #GitHubActions #Automation

Anyone Can Build a Flutter App. Not Everyone Can Ship It Without Touching a Button. A senior Flutter engineer doesn’t just write code — they own the pipeline that takes code from a Git push to a live App Store release…

I just published Anyone Can Build a Flutter App.
Not Everyone Can Ship It Without Touching a Button. medium.com/p/anyone-can...
#Flutter #FlutterDev #CICD #Fastlane #GitHubActions #FlutterFlavors #CodeSigning #DartDefine #FirebaseAppDistribution #TestFlight #PlayStore #FlutterInterview

Just a moment...

Modernize your .NET app deployment with trusted NuGet publishing using GitHub Actions! Learn to automate, secure, and streamline your workflows. Boost efficiency and reliability.#DotNet #GitHubActions

How To Publish To NPM From GitHub Actions At the end of 2025, NPM registry revoked all personal NPM tokens that I used to publish new NPM package releases. This change improves the security of the entire NPM publishing workflow, but has disru

How to Publish to npm From GitHub Actions, by @bahmutov@fosstodon.org:

https://glebbahmutov.com/blog/npm-publish-from-github/

#howtos #npm #githubactions