GitHub Actions Trigger Via Webhooks - I've been looking for options to automate site rebuilds on creating new content. There is reusable workflows, which is quite neat because the called workflow runs and literally appears as part of the caller workflow. Another optiom is to use webhooks, which, if I'm understanding the docs correctly, results in the called workflow running outside of the caller workflow, so you get essentially 2 workflows running, in 2 seperate repos. It's a somewhat subtle difference but operationally it's a very different way of doing things. I'm currently exploring using a combination of the two techniques to effectively share workflows across many repositories, which should make setting up new projects much less error prone and far easier to maintain. mainawycliffe.dev #
2023/06/18 #
Today’s links:
-
-
Unify and modernize your web architecture with Netlify Connect - There are a couple of things that tend to be true which you learn over many years of being in tech and being a developer. Eventually every enterprise sized company releases a product called 'Connect'. The other thing is that one-api-to-rule-them-all solutions are usually not the safest thing for the end user long term, because though it might be convenient, switching becomes very difficult, and so eventually over time the platform treats the user worse and worse because the incentive structure promotes that behaviour. I love Netlify, they have been a great platform, so maybe they will find a way to avoid this dynamic. The only way I can think that might aleviate it would be making their fancy API open source, so people aren't locked-in to their solution. But building a healthy ecosystem has it's own challenges, case in point the on-going total destruction of the Reddit multiverse situation. We don't seem to have figured out the recipe for creating successful, healthy and sustainbable communities. Seems like that might be a multi-generational endeavor. www.netlify.com #
-
Netlify presents: Edge Functions general availability - The idea of edge functions is awesome. Practically speaking though it means handing over full control of the DNS of your entire domain, and currently at least, building against a propriety API. Having more open standards in this area implemented by multiple companies is a real urgency. www.netlify.com #
-
JavaScript’s Backtick Strings are Likely the Wrong Tool for Your Job - Short and useful post that highlights some of the pitfalls to think about when using string literalls, and makes the case for using URLSearchParams when constructing urls. spin.atomicobject.com #
-
Why you should pin your GitHub Actions by commit-hash - Basically you can avoid supply chain attacks by specifying the full commit hash of every community built action you use, for example the 'checkout' action, instead of specifying the module version. Yes that avoids the attack in the immediate term but how do you maintain your repo now? You are now tied down to the ground like Guliver. They mention using dependabot which supports version numbers in comments, but how does dependabot know the version it's promoting hasn't been compromised? And now your workflow files are full of illegible commit hashes. Supply chain tragedy. blog.rafaelgss.dev #