Archive for the ‘howto’ Category
Background We build a bunch of stuff for RISC-V using the Dart official Docker image, but the RISC-V images can often arrive some time (days) after the more mainstream images[1]. That means that if we merge a Dependabot PR for an updated image it might well be missing RISC-V, causing the Continuous Delivery (CD) pipeline […]
Filed under: Dart, howto, technology | Leave a Comment
Tags: CD, CI, Dart, Debian, Docker, GitHub Actions, image, manifest, RISC-V, testing
TL;DR Supply-chain Levels for Software Artifacts (SLSA) attestations are a great way to show that you care about security, and they’re fairly trivial to add to delivery pipelines that produce a single binary or container image. But things get tricky with matrix jobs that build lots of things in parallel, as you then need to […]
Filed under: Dart, Docker, Gemini, howto | Leave a Comment
Tags: AI, ARM, artifact, attestation, CD, container, Cosign, Dart, DevOps, Docker, Gemini, GitHub Actions, image, json, matrix, security, signing, slsa
Sometimes I need an older or newer version of CMake to the one installed by the system package manager on whatever I’m using, and I’ve found using a Python venv provides an easy way to do that. It’s all facilitated by the fact that CMake is a PyPI package [1]. For example, my Kubuntu desktop […]
Filed under: howto | Leave a Comment
Tags: CMake, python, uv, venv
TL;DR pymarkdownlnt provides an easy way of checking that any Markdown you’re working on is complying to some sensible guidelines. If you’re comfortable with Python virtual environments you won’t really need the rest of this post. Why? I’ve spent a bunch of time recently adding OpenSSF Scorecards to the key Atsign repos. Build better security […]
Filed under: howto | Leave a Comment
Tags: Actions, github, lint, lints, Markdown, Pip, pymarkdown, pymarkdownlnt, python, scorecard, Ubuntu, uv, venv, venvs, virtual environment
Ever since I started signing GitHub commits with SSH keys I’ve made sure to use git v2.35 or later. Unfortunately Google Cloud Shell comes with a rather crusty old version of git (as part of the fact that it’s still based on Debian 11 ‘Bullseye’). Just copying over a more recent git binary doesn’t work. […]
Filed under: cloud, howto | Leave a Comment
Tags: cloud, git, github, google, shell
While I wait for GitHub to get their act together on my Dependabot Wishlist I’ve created a little script for my first frustration – rollups. Another morning, another patch release of Dart, another 4 Dependabot PRs in my inbox: Only this time I was able to simply run: and the subsequent 3 PRs were rolled […]
Filed under: howto, software | Leave a Comment
Tags: bash, Dependabot, dependencies, dependency management, gh, git, github, PR, PRs, rollup, script
Background At home I have a bunch of SSH tunnels from a VM to my various virtual private servers in various places around the world, so I can direct my web traffic through those exit points when needed. I’ve written before about using autossh to do this. But when I’m travelling I don’t have my […]
Filed under: howto, networking | 1 Comment
Tags: keys, OpenWRT, proxy, SOCKS, SSH, sshtunnel, tunnel
TL;DR Using SSH keys is already a big part of the git/GitHub experience, and now they can be used for signing commits, which saves having to deal with GPG keys. Background For a while I’ve been signing my git commits with a GPG key (at least on my primary desktop), and GitHub has some nice […]
Filed under: howto, technology | Leave a Comment
Tags: git, github, howto, SSH
Managing GitHub Labels
I was on a sprint planning call last week where it felt like we spent way too much time getting the labels in our various repos straightened out. After a little Googling I found various scripts that use the GitHub API to manage labels. But nothing that seemed easy enough. So… I pulled together my […]
Filed under: howto | 2 Comments
Tags: action, github, labels, open source, python, script
The @ Company uses a lot of SSL certificates, and we’ve been using ZeroSSL and its Certbot wrapper zerossl-bot to automate how we manage certs. But we wanted more control over the process, which has driven us towards the ZeroSSL API. Sadly the docs don’t provide usage examples, which has made it quite a journey […]
Filed under: howto, software | 2 Comments
Tags: API, automation, bash, certificate, curl, Digital Ocean, jq, json, python, script, SSL, ZeroSSL
Chris Swan's Weblog 