Skip to main content

GitHub Actions

Browse all articles, tutorials, and guides about GitHub Actions

6posts

Guides

Posts

CI/CD
|11 min read

The pwn request just got harder: what actions/checkout v7 changes, and what it does not

GitHub is backporting a fork-checkout block to actions/checkout, with enforcement on July 20, 2026. Here is what a pwn request actually is, what the change stops, and the three ways your pipeline is still exposed after you upgrade.

DevOps
|10 min read

When the Malicious Hook Is in the Other Manifest: 700+ Repos, 8 Packagist Packages, One package.json Trick

On May 22, 2026, Socket disclosed a Composer supply chain attack that hid an npm-style postinstall command inside package.json on PHP projects. composer.json was clean, the PHP review missed it, and 700+ GitHub repos pulled it in. Here is the exact payload, why ecosystem-boundary blindness keeps catching teams, and how to wire your CI to look at both manifests.

DevOps
|11 min read

TanStack npm Worm: The Supply-Chain Attack With a Dead-Man's Switch

On May 11, 2026, attackers republished 14+ official TanStack packages on npm with a worm that signs itself with valid SLSA provenance and arms a dead-man's switch that wipes your home directory the moment you revoke the stolen GitHub token. Here is what happened, how the payload works, and how to check your machine.

DevOps
|14 min read

GitOps: Deploy Docker Containers with GitHub Actions and ArgoCD

Learn how to implement a modern GitOps workflow for Docker deployments. This guide covers building images with GitHub Actions, pushing to container registries, and automated deployments with ArgoCD.

CI/CD
|7 min read

The GitHub Actions Workflow That Eliminated Our DevOps Bottleneck

How we reduced deployment time from 2 hours to 8 minutes using smart GitHub Actions patterns and parallel execution strategies.