Adding CodeQL to your (compiled) container build
I have my build compiling inside of a container … now I want to scan it with CodeQL, too. Let’s talk through two ways to do that and some anti-patterns to avoid. Which of these two paths are best...
I have my build compiling inside of a container … now I want to scan it with CodeQL, too. Let’s talk through two ways to do that and some anti-patterns to avoid. Which of these two paths are best...
There’s been quite a lot of commotion lately about The Company Formerly Known As Twitter’s 60% YoY cost savings by leaving the cloud in favor of data centers run in-house. Lots has been written ab...
Last time, we built a pipeline to test our custom CI container images on each proposed change. It built and launched a runner, dumped some debug information to the console as a “test”, then remove...
Let’s have your Actions runners build and test themselves! The custom runner in this case is rootless and sudoless, but still using Docker-in-Docker. This is usually a nice middle ground betwe...
One more handy use for a little computer - a local home media server! Local movie night is relaxing. It’s also great for putting the favorite kid video of the day on repeat … again and again and ...
🎃 It’s Friday the 13th - let’s talk questionable, but effective, ideas 👻 Your build infrastructure can update itself using your own CI tooling. It’s easier and way better than it sounds, especial...
It’s been a whole year since I started this website, so in the spirit of looking back, I wrote out some highlights from the post list. I’m sure there’s some eloquent prose that ChatGPT I could wri...
Why? Not everything ships as a container! Building software to distribute as RPMs is still really important for a lot of folks - and quite possibly the compute your containers run on. It’s the...
I built two little desktop computers from Raspberry Pi boards and some spare peripherals for my (quite small) children to learn to use a keyboard and mouse. Kids seem to get most computer interact...
One of the most common business needs I hear concerns about for actions-runner-controller and security policy is how to build containers without Docker-in-Docker and privileged pods. It seems to c...