Green checks can still break main. Learn a practical GitHub rulesets + merge queue setup with required workflows and OIDC guardrails for safer releases.
Category: Git and GitHub
-
From Alert Storm to Shipping Fixes: A 2026 GitHub Dependabot Triage Workflow for Real Supply Chain Security
Turn noisy Dependabot alerts into a clear triage workflow that prioritizes exploitable risk, uses npm audit signatures, and ships safer fixes faster today.
-
The Offboarding Incident: Replacing Fragile PAT Scripts with GitHub App Installation Tokens
Replace brittle PAT scripts with GitHub App installation tokens: least-privilege permissions, short-lived creds, and automation that survives offboarding.
-
The PR That Passed and Still Broke Main: A 2026 GitHub Merge Queue Workflow with Rulesets and merge_group CI
Practical GitHub merge queue workflow for 2026: configure merge_group CI, rulesets, and required checks to keep main stable while delivery speed stays high.
-
The 2 AM AssumeRole Failure: A Multi-Account GitHub Actions OIDC Runbook with Session Policies and Break-Glass Controls
GitHub Actions OIDC multi-account AWS runbook with strict IAM trust policies, session controls, and break-glass safeguards for auditable, safer deployments.
-
The Release You Couldn’t Prove: GitHub Artifact Attestations, npm Provenance, and a Deploy-Time Verification Runbook
GitHub artifact attestations and npm provenance, explained with a deploy-time verification runbook so you can ship releases with auditable build trust.
-
The Friday Fork Scare: GitHub Actions Pipeline Hardening with OIDC, Pinned SHAs, and Safer Deploys
Learn GitHub Actions pipeline hardening with OIDC workload identity, pinned action SHAs, and least-privilege tokens to ship safely without slowing teams.
-
Git Monorepo Performance in 2026: Partial Clone, Sparse-Checkout, and Maintenance That Actually Sticks
Improve Git monorepo performance with partial clone, sparse-checkout, and scheduled maintenance so teams clone faster, navigate less noise, and ship calmly.
-
GitHub Actions deployment safety in 2026: Practical Implementation Guide
GitHub Actions deployment safety in 2026: Practical Implementation Guide Safe deployment pipelines rely on identity, approvals, and rollback automation. In 2026, GitHub Actions can be secure and fast when workflow controls are explicit. Why this matters in 2026 Compromised CI…
-
GitHub Actions in 2026: Deploy to AWS with OIDC, Reusable Workflows, and Environment Protection Rules
If you still deploy to AWS from GitHub Actions using long-lived access keys, you are carrying avoidable risk. In 2026, the safer and cleaner pattern is short-lived credentials with OpenID Connect (OIDC), reusable workflows, and environment protection rules. In this…
-
Git/GitHub in 2026: Find the First Bad Commit Fast with git bisect run and Deterministic Regression Tests
When a production bug appears after weeks of rapid merges, most teams waste hours guessing which commit introduced it. The faster approach is not guessing. It is git bisect with an automated test command that can run locally or in…
-
GitHub Actions in 2026: Fast, Secure Monorepo CI with Reusable Workflows, OIDC, and Smart Caching
Monorepos are mainstream in 2026, but many teams still lose hours every week to slow CI, duplicate workflow files, and risky credential handling. This tutorial shows a practical GitHub Actions architecture for modern monorepos that improves speed, cost, and security…