Hi,

In my attempt to figure out what all features GitHub provides w/ Dependabot for improving AppSec, I found that it uses diff. strategies to prioritize alerts - such as using dependency scope and checking if a there's a vulnerable function (correct me if I'm wrong).

Would love to explore on what approaches one might take to implement this in-house.

Thanks.

When I try to push code from the terminal for the server it says, push cannot contain secrets.

How do I solve this?

I have multiple issues with my Astro website.

1. GitHub actions say 'Workflow run was successfully requested.', but never run.

2. I can't set a custom domain. It just says 'You cannot set a custom domain at this time.'

???

No workflow runs even though I clicked 'run workflow' many, many times

I want to get it to where my Google Titan Key is the only form of 2FA but it seems it won't let me disable Authenticator even though I have the Key setup as well?

Any way around this?

I have some files in my repo dowloaded from the sftp which contains sensitive info like digital ocean credentials(my company just uses a sub folder for dev) and there is a file which contains database read only user credentials of production.

I created a GitHub Action for getting statistics for use in your special GitHub repository.
https://github.com/mahyarmirrashed/github-readme-stats

I've been completely locked away from the platform. It's asking me to scan some code (with what ?) to add an extra security layer.

Now I'm confused, because if I remember correctly I provided a valid e-mail address, and this used to work just fine when it came to Github stuff*.* My account is now so secure even I can't access it.

https://preview.redd.it/8xhf66jf638e1.png?width=1584&format=png&auto=webp&s=e923522a1860bb844a5fd5fd217b78fdb9c3630c

Why can't I just get an e-mail with a link or a code, like it's done normally ?

What am I supposed to do here ? did I mess up somehow ?

I've been using Github Actions for about 4 years. I didn't notice this before, but over the last 6 months, the uptime has been very poor. I understand that issues happen from time to time, but I'm starting to lose my patience.

I use Github Actions for both work and personal projects. In recent months, nearly all our deployments rely on GitHub-hosted ARM / default ubuntu instances. We don’t have many deployments, but every week we experience some kind of downtime. The Action simply gets stuck waiting and can stay frozen like that for 3-4 hours. This causes us to lose time, and sometimes we can't deploy when we need to. If this continues, I’ll have to start looking for other solutions.

We use a paid Github organization. We've worked with self-hosted runners, standard instances, and now custom Github-hosted instances. Github Status every month has tons of entries about various issues.

Am I misunderstanding something? How are things with Github Actions on your side?

Action example. Tried to rerun a few times.

Edit:
# 1 Clarification, because it seems many people don't understand. No, the problem is not with the workflow or configuration. Limits have also been checked. The issue is that the action (job) gets stuck in the "Waiting runner pick up job" status or something similar, and usually, when this happens, GitHub is experiencing network, queue, or API issues, which in most cases is reflected on the status page.

# 2
https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners

I understand, perhaps the issue is with GitHub-hosted runners because we are using ARM instances, whereas standard instances seem to be working fine. But there’s nothing indicating that GitHub-hosted runners are less reliable.

# 3
I probably made a mistake with the title. It should have been: Github hosted runners often experience downtime.

Since there's been an uptick in interest on users in the community sharing their GitHub Wrapped for the year, if you would like to do so, please share in the comments here

https://git-wrapped.com/

Hello everyone! Just to be clear I am extremely new to all this. All I’m trying to do is push an app I created with vite to a repository so that I can deploy it with aws Amplify. The app folder gets created just fine, all commands work but when I use the push command and refresh the repository page, only a README file is there, everything else is missing. I’ve lost more time that I care to admit trying to figure out why, does anyone know what I’m doing wrong? Thank you in advance!

Im not a dev but a designer and was able to create my new portfolio website using Srcbook, wich was great. But and I replicated all the files generated there to my Github repository and then created a Github Page to test it outside Srcbook setup it turned out all blank. What could I have done wrong?

https://github.com/g6g6g8p8/portfolio

https://g6g6g8p8.github.io/portfolio

To access github copilot with student id i was forced to create a two-step verification and i forgot what was it and now it asks me to introduce it, i didnt receive any mail with the verification, only one that says that i have already saved it in a safe place (but i cant remember where i have it)
How can i enter my account again?

Hey looking for some assistance here. I have GitHub actions workflow set up in two different repos, let’s say repo A and repo B. Repo B’s workflow calls repo’s A with a Uses command.

My question here is how do I specify the action running in repo B to run on a specific runner. I tried adding a runs-on argument to the yaml in repo B but got an error that “can’t have runs-on with uses, secrets and with”

Any thoughts here

So I am trying to fix a problem I have and I can't seem to find a solid confirmation online, last resprt was AI for it which created an answer that makes no sense at all.

Anyway, I have a re-usable workflow in various repositories, the workflow call, with all the inputs, also lives within the same repository. This is due to using environments which apparently workflows cant pull values from with repo A to B.

My question is, and where I am hitting an issue, when I do:

```- name: my test

uses: org/folder.structure@testing```

I want to change the @ to be more of a variable to be something like `@${{ inputs.branch }}` so I can make many changes and target the correct branch without issue. I am running into a lot of issues with this as pulling them into Main means that Prod would likely get these changes, changing the version of the tag would also cause a similar issue as I would need to then update all of the actions to target the new version even if I want to target the test branch.

Anyway to do this would be massively helpful, I just don't know the best way to dynamically target the action to use in this.

For example conventional commits goes like this: “type(scope): message” but if I do like this: “[Type(Scope)]: Message”, can this be considered as conventional commit?

Hi,

I have the environment setting "Required Reviewers" enabled for our Production environment, so that only a few users are allowed to deploy to the production environments.

Every time someone tries to push something to production I get an email notification. Is it possible, somehow, to trigger a Slack notification as well?

I've been searching the GH docs and even Googled but I can't find anything about that.

Thank you

Copilot Free has been enabled on my account without my consent, like Apple shoving that U2 Album into everyone's iPod without asking. Microsoft continues to bring enshittification to everything it touches.

There is no button in the settings to disable this plagiarism machine.

Microsoft even default-enabled the "Allow GitHub to use my code snippets from the code editor for product improvements *" AI data scraping mechanism which is illegal under EU DSGVO law and also direct violation of my project license.

I hope the EU nukes Copilot for being one massive copyright violation.

i understand that

• a codespace is a docker container running on a VM
• the docker container is configured by the VM as instructed in the devcontainer.json

and i gather that, in devcontainer.json

• containerEnv gives the -e arguments with which to start a container. in that "containerEnv": { "key": "value } for example instructs the VM to create a container with -e key=value

two questions:

• i’m guessing that environment variables defined in remoteEnv aren’t available to the container, but if i SSH into the container they’ll be made available to that SSH session? is that right? when is it ever useful??
• ${localEnv:KEY} reads and substitues the value of the KEY environment variable provided by what? it looks like it’s to be provided by the underlying VM? is that right?? and again, when is it ever useful??

By switching off some filters, it shows more info, such as starred repositories’ version updates. And switching on and off multiple times changes activity results. What a great way to motivate clicking filters!!

I tried my SSH connections and my WSL connection and I get this in the Chat window. If I am on my local machine, clicking 'Use Copilot' works and takes me to Chat. But on any remote connection it does nothing. I am a Proc subscriber if that matters.

Hey, so, I've been trying to apply for GitHub Student Pack for 1 year already, and, I still get rejected. Most common reason is that "Oh, you should've translated your Student ID", but then they response to the translated Student ID "Oh, but you shouldn't edit the image, you should photo it with camera", like yeah, that's what I did and you still rejected me? And this is just continuing for 1 year. Any ideas on how to apply for GitHub Student Pack, considering the fact that my High School doesn't provide School email, and only Student IDs?

My account is flagged with problems with GitHub due to government restrictions. I don't understand why, since the country I live in doesn't have any sanctions, and other people can still access services like Copilot or GitHub Actions. Does anyone know what can be done? I'm from mexico