github-actions-ensure-sha-pinned-actions
toast
github-actions-ensure-sha-pinned-actions | toast | |
---|---|---|
1 | 10 | |
33 | 1,547 | |
- | - | |
7.6 | 7.5 | |
13 days ago | 19 days ago | |
JavaScript | Rust | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
github-actions-ensure-sha-pinned-actions
-
GitHub Actions by Example
Def a real concern.
If anyone is interested to mitigate it yourself, these are helpful :)
https://docs.github.com/en/actions/creating-actions/about-cu...
https://github.com/dependabot/dependabot-core/issues/2835
https://github.com/zgosalvez/github-actions-ensure-sha-pinne...
https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...
toast
-
Taskfile: A Modern Alternative to Makefile
This looks a lot like Toast [1], except that Toast runs your tasks in a (more) reproducible containerized environment to help eliminate the "works on my machine" problem.
[1] https://github.com/stepchowfun/toast
- Non-Obvious Docker Uses
-
Ask HN: What developer tools would you like to see?
- A build system like Nix [1] but with a better user experience / more straightforward command-line tooling.
- A dependently typed programming language like Coq [2] (or Agda, Idris, Lean, etc.) that is sufficiently approachable to gain enough mindshare that companies start adopting it for mission-critical work.
- A version control system which scales to petabytes or more. Something that I could put large video files in without thinking twice about it. Something a large company could use for their monorepo—or even their data warehouse.
- A note-taking tool that allows me to organize notes in a graph with links between them (like a wiki), not as files and folders in a tree, which enforces the invariant that every note is transitively reachable from some "root" so I never lose a note.
- Something like Toast [3] but which is also designed for running services in production, not just local development and continuous integration. A unified way to run code in dev, test, and prod environments. A new k8s.
[1] https://nixos.org/
[2] https://coq.inria.fr/
[3] https://github.com/stepchowfun/toast (shameless plug)
-
One machine can go pretty far if you build things properly
I realize you are probably very busy, so feel free to say no...but could you glance at this Github listing and tell me if it is what I'm looking for...it seems correct, but I may be misunderstanding...
https://github.com/stepchowfun/toast
Thanks so much in advance...
- Toast: Containerize your development and CI environments
-
GitHub Actions by Example
If you're looking for an alternative way to reproduce your CI locally that isn't tied to a particular CI system (but which has a nice integration with GitHub Actions), there's also Toast: https://github.com/stepchowfun/toast
- Toast: A high-level containerized build system
-
Dockerizing a Programming Language
OP is using Docker + Make in a similar way to how I was a few years ago, before I started using Toast (https://github.com/stepchowfun/toast). Toast lets you define tasks like you would with Make (without all the hairy gotchas of Makefiles), but it runs them inside Docker containers for better portability/reproducibility.
-
Whats your favourite open source Rust project that needs more recognition?
toast: containerized workflow