top | item 44961044

(no title)

sluongng | 6 months ago

The most concerning part about modern CI to me is how most of it is running on GitHub Actions, and how GitHub itself has been deprioritizing GitHub Actions maintenance and improvements over AI features.

Seriously, take a look at their pinned repo: https://github.com/actions/starter-workflows

> Thank you for your interest in this GitHub repo, however, right now we are not taking contributions.

> We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time.

discuss

wink|6 months ago

The last time the company I worked for was hosting code on Github, Actions did not exist yet and for personal stuff copying some 3 liners was fine, I'd hardly call that "using".

"Github Actions might be over, so not worth engaging" was not on my bingo card.

captn3m0|6 months ago

They are instead focusing on Agentic Workflows which used natural language instead of YAML.

https://github.com/githubnext/gh-aw

kstrauser|6 months ago

Know what I love in a good build system? Nondeterminism! Who needs coffee when you can get your thrills from stochastic processes. Why settle for just non-repeatable builds when you can have non-repeatable build failures!

woodruffw|6 months ago

I personally find this pretty concerning: GitHub Actions already has a complex and opaque security model, and adding LLMs into the mix seems like a perfect way to keep up the recent streak of major compromises driven by vulnerable workflows and actions.

I would hope that this comes with major changes to GHA’s permissions system, but I’m not holding my breath for that.