Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
roadmap
- Microsoft cancels plans for Python packages on GitHub
-
Github will unfortunately not provide a helm repository in the future.
Same message as for PyPI compatible package registry: https://github.com/github/roadmap/issues/94
-
GitHub support for PHP Packages: “no longer planned”
Yeah I had to look around a bit but yep… https://github.com/github/roadmap/issues/94
It looks like a lot of things have been killed… which with my cynical hat on I think might have something to do with overlapping capabilities with Azure services.
- GitHub Packages no longer planning Python PyPI support
-
How do you debug CI/CD pipelines? Breakpoints?
Others have mentioned tmate to SSH into a running GitHub Actions workflow; there is a roadmap issue making that functionality built-in to Actions, planned for 2023/Q4.
-
GitHub Actions is Vulnerable to Supply Chain Attacks
Immutable actions are on GitHub's roadmap.
- How to manage large GitHub orgs?
-
Which role does Github Actions currently play in MLOps?
I think not yet, but seems to be in the roadmap
gitlab
- Code Search Is Hard
-
Client side Git hooks 101
(Side note: Issues are usually hash-prefixed like #1234 both on GitLab and GitHub. However, commit messages must not begin with a hash, they would be considered a comment and ignored. Therefore, GitHub has introduced the alternative prefix GH- and I've contributed a similar prefix GL- to GitLab a while ago.)
-
BuildKit in depth: Docker's build engine explained
and its "oh, you want multi-arch, do you?" friend. While prosecuting this <https://gitlab.com/gitlab-org/gitlab/-/issues/339567> I learned that https://hub.docker.com/layers/multiarch/qemu-user-static/7.2... actually mutates the binfmt_misc in buildx's context in order to exec the static copy of qemu in it https://github.com/multiarch/qemu-user-static/blob/v7.2.0-1/...
and, that the buildx plugin itself has some qemu magick in it, which got addressed in a minor version bump but I couldn't track down the relevant GitHub issue this second (I've flushed it from my mind, only recalling that there were a lot of actors in that tire fire)
-
Gitlab password reset bug leaves more than 5.3K servers up for grabs
For folks who wanna see what led to this exploit in a Rails codebase, here’s the commit where the exploit is fixed:
https://gitlab.com/gitlab-org/gitlab/-/commit/c571840ba2f0e9...
> "RecoverableByAnyEmail"
Added 8 months ago [1]. And then one month later:
> "password_reset_any_verified_email"
Was removed. 7 months ago [2], *note* __verified__ word here.
No blaming or conspiracy intended in this post, just listing links to relevant commits.
1 - https://gitlab.com/gitlab-org/gitlab/-/commit/94069d38c9cd63...
2 - https://gitlab.com/gitlab-org/gitlab/-/commit/a935d28f3decf8...
This doesn't look like the actual fix but rather a follow-up refactor. I believe the fix is here: https://gitlab.com/gitlab-org/gitlab/-/commit/abe79e4ec43798...
- recoverable.send_reset_password_instructions(to: email) if recoverable&.persisted?
This is actually a follow-up refactor, the fix is here: https://gitlab.com/gitlab-org/gitlab/-/commit/abe79e4ec43798...
-
I Love Ruby
This made me curious. Having never read the gitlab code before, and on mobile, took all of about 30 seconds to find https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/ro...
Those are some pretty clean routes!
-
GitLab 💚 Kubernetes : act 2
If you want to know why GitLab decided to replace ArgoCD with Flux, you can refer to this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/357947.
-
Geany 2.0 Is Out
> ruby has just RubyMine which doesn't have a community edition and also isn't very good
I have a great deal of sympathy for RubyMine (and shudder at working for the CLion team, whew) because Ruby isn't doing the IDE author any favors. Given:
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.5.0-ee/lib/g...
- what types are client_email and private_key? they are whatever type they're called with lolol
- the symbol Google::Auth::ServiceAccountCredentials just materializes; was it required in some containing context and thus is in scope by _this_ required file? are those symbols visible in every context from one of the various Gemfile lines? a hard-core rubyist knows
- where did the symbol StringIO come from? well, from require 'stringio' obviously, which is on .. err, which line exactly? I guess that lends weight to the 'this file is obviously running as a child context of some other file' theory
I think half of it is the culture of Rubyists and half of it is "productivity hacks" of "if it runs, then it must be correct"
I also recognize that I'm very clearly a static typing snob, and firmly in the camp of "please import symbols you use," but that doesn't stop me from having a great deal of sympathy for anyone who has to implement an IDE for such a monkey-patch friendly language
What are some alternatives?
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
plantuml - Generate diagrams from textual description
rich-markdown-editor - The open source React and Prosemirror based markdown editor that powers Outline. Want to try it out? Create an account:
gitlab-foss
chatwoot - Open-source live-chat, email support, omni-channel desk. An alternative to Intercom, Zendesk, Salesforce Service Cloud etc. 🔥💬
Gitbucket - A Git platform powered by Scala with easy installation, high extensibility & GitHub API compatibility
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
semantic-release - :package::rocket: Fully automated version management and package publishing
Redmine - Mirror of redmine code source - Official Subversion repository is at https://svn.redmine.org/redmine - contact: @vividtone or maeda (at) farend (dot) jp