Pinact! Of course. 😆
That's exactly the tool I've been looking for!
Thank you! Much appreciated.
pinact is a CLI to edit GitHub Workflow and Composite action files and pin versions of Actions and Reusable Workflows. pinact can also update their versions and verify version annotations. - suzuki...
📰 zhaoolee/garss
Github Actions采集RSS, 打造无广告内容优质的头版头条超赞宝藏页
Aggregates RSS feeds using GitHub Actions to create an ad-free curated news page with daily updates and AI integration
⭐ Stars: 1410
📅 Last Update: Jun 24, 2026
https://github.com/zhaoolee/garss
#selfhosted #homelab #selfhost #selfhosting #opensource #rss #githubactions
🚨 NEWS: Git per Sviluppatori — Dalle Basi ai Workflow Team per Codice Senza Conflitti
Ecco i punti chiave in breve:
💡 Cos'è Git e Perché Ogni Sviluppatore Dovrebbe Usarlo?Se non usi Git, stai lavorando con una copia di cartelle chiamate "finale_v2_ok_definitivo.zip". Lo vediamo ogni giorno nei progetti che ci arrivan...
Escape the "cloud tax" and reclaim your CI/CD pipelines! Stop relying on slow, shared CPUs.
We just published a DevSecOps playbook on self-hosting GitHub Actions on ServerMO Bare Metal for massive speed and security.
Highlights:
Rootless Assembly (Kaniko)
Strict Ephemeral Nodes
Local NVMe Caching (20-min builds -> 30s)
OIDC Federation
📖 Read the guide: https://www.servermo.com/howto/self-hosted-github-actions-bare-metal/
Migrating from #AzureDevOps to #GitHub with Data Residency? These are the steps to rewire your #AzurePipelines so you can keep using them while you're converting them to #GitHubActions.
The steps aren't as simple as you might expect unfortunately.
https://jessehouwing.net/configure-azure-pipelines-app-in-ghe-com/
I recently helped a client migrate from Azure DevOps to GitHub Enterprise Managed Users with Data Residency (ghe.com for short). And as part of the migration we rewired the exiting Azure Pipelines from the old repository located on Azure Repos to the new one on GitHub.
Not only that, but this will be backported to all supported actions/checkout versions, so workflows using floating tags (which are generally less secure, pin them) will also start refusing pull_request_target.
Tip: run Zizmor on your workflows.
The pull_request_target event is one of the most commonly misused triggers in GitHub Actions, leading to vulnerabilities in workflows. Workflows triggered by pull_request_target run with the base repository’s GITHUB_TOKEN, secrets,…
「セキュリティスコア 90/100」を CI で仕組み的に強制する — 個人開発で品質を守る最終防衛線
https://qiita.com/teppei19980914/items/1231a2fec5d5eb7b2647?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
"GitHub Actions Security Checklist for Supply Chain Attacks"
🚨 NEWS: CI Pipeline Automatica: Linting, Test Coverage e Build per Codice Senza Sorprese
Ecco i punti chiave in breve:
💡 Il tuo team committa codice, ma ogni volta la build si rompe perché qualcuno ha dimenticato una virgola o una parentesi? I test passano in locale ma in CI no? Il deployment è una roulette...
Kevin Bowen 
Self-Hosted Feed
Qiita - 人気の記事
Meteora Web
ServerMO
jessehouwing 
Hugo van Kemenade
Gonçalo Valério