rssed

Week Notes 24#19 🔗

A busy week on the blog: We polished off the announce posts for oapi-codegen looking for sponsorship and the move to the new org which have got some t [...]

Installing Google Cloud CLI components on Arch Linux 🔗

I've recently been working with Google Cloud more, and so while developing a Cloud Function locally, I naturally tried to follow the official local de [...]

I'm on Cup o' Go! 🔗

This morning I was a guest on Cup o' Go, ahead of today's episode, which is now live. Cup o' Go is a great podcast, which I've listened to since the [...]

Responsible Disclosure: Using GitHub Search (without logging in using SSO) still allows searching 🔗

I've responsibly disclosed my first security vulnerability 👏 Not only that, but it was actually a problem, and it was fixed very quickly, and I've en [...]

Creating a more sustainable model for `oapi-codegen` in the future 🔗

Note that this is a copy of the announcement on GitHub. [!NOTE] TL;DR: Maintenance of oapi-codegen is largely done for free, on the maintainers' perso [...]

oapi-codegen is moving to its own org 🔗

Note that this is a copy of the announcement on GitHub. [!IMPORTANT] TL;DR: We're moving oapi-codegen to a new GitHub organisation. Nothing is changin [...]

Week Notes 24#18 🔗

Another busy week at work We've postponed on-call changes to next week to finalise a few things But, as it was Labor Day in most parts of the world o [...]

Lessons learned self-hosting Renovate 🔗

As I wrote a few weeks ago I'm a big fan of Renovate. I've been using Renovate for ~5 years as a user and as an operator, using a variety of hosted an [...]

Week Notes 24#17 🔗

The second week of work being super busy 🥱 This coming week is the first week of our new on-call/host-of-the-week, so there's going to be a lot less [...]

Automating the syncing of files between repos with GitHub Actions 🔗

As I wrote in Checking if files are synced between repos with GitHub Actions, if you're vendoring-and-periodically-updating files, trying to remember [...]

Week Notes 24#16 🔗

My final Shut It Down Day Had a nice massage, and bought a course of massages so I now have 10 more massages paid for and ready to enjoy 💆 While we' [...]

Week Notes 24#15 🔗

The one with the Lead Dev webinar and lots of Renovate: My Google Pixel Watch got stuck on the bootloader after doing an update, so I had to factory r [...]

Querying your organisation's Renovate configuration using SQL(ite) 🔗

In what will seem very topical on this blog (after my post Why I recommend Renovate over any other dependency update tools the other day) I've got ano [...]

Why I recommend Renovate over any other dependency update tools 🔗

If you've read my blog before, or interacted with me at work or in the Open Source world, you're likely to know that I'm a huge fan of Renovate. For t [...]

Week Notes 24#14 🔗

A short week with it being Easter Monday: Had my family come up for the day which was very nice - we had a chilled one at ours, and went over to The L [...]

Week Notes 24#13 🔗

A four-day week ahead of the Easter weekend. Enjoyed attending the GitHub OSPO Advisory Board, learning about cool stuff being done at GitHub and OSPO [...]

What can we learn about the backdooring of `xz`/`liblzma`, using OpenSSF Security Scorecards and dependency-management-data? 🔗

CVE-2024-3094 This evening, it was announced by Andres Freund that there is backdoored code in xz and liblzma: I accidentally found a security issue w [...]

Week Notes 24#12 🔗

A last day in Rome, travel home, and then back to work. On Monday, Anna had booked a pasta + tiramisu making course with my parents, which was a lot o [...]

Week Notes 24#11 🔗

A lovely first week in Florence and Rome - ahead of my 30th birthday on Sunday: A very early flight (waking up at 0400 😵 - and glad we had a good buf [...]

Week Notes 24#10 🔗

My first week of work with my new team, which was very nice! Been enjoying the more frequent team catch-ups although I've not been able to make it to [...]

What routes is my `http.ServeMux` listening for? 🔗

As I've been looking at adding Go 1.22+'s new net/http routing to oapi-codegen so folks could use the new lightweight functionality built into the sta [...]

Why is Go 1.22's enhanced routing not working for me? 🔗

A few weeks ago, I started looking at adding Go 1.22+'s new net/http routing to oapi-codegen so folks could use the new lightweight functionality buil [...]

Week Notes 24#09 🔗

This week was Elastic's Engineering All Hands in Prague, which was great but tiring: Had a pretty nice journey to Prague - it was an afternoon flight, [...]

Job titles are bullshit 🔗

I've had several versions of this post half-written in my head over the last year or so, but I'm finally getting around to writing it. This is a post [...]

Week Notes 24#08 🔗

My episode of Changelog and Friends has had positive feedback, and I've had some good discussion on Changelog Slack with some nice comments from folks [...]

Week Notes 24#07 🔗

A week in the public eye: Firstly, the Fedi-drama of Ryan's BlueSky bridge with Bridgy - some very good points, some personal attacks and my own (and [...]

I'm on Changelog and Friends! 🔗

I'm very excited to be on my first ever podcast, and it happens to be on the ever excellent the Changelog, in their Changelog & Friends podcast. As no [...]

You should listen to The Changelog 🔗

This is a post I've been planning on writing for a while now, and with my first appearance on a podcast in Changelog & Friends, I thought it was as go [...]

Gotcha: Don't try and authenticate to URLs generated by GitHub Actions Artifacts v4 🔗

I recently spotted GitHub's announcement about the new v4 release for working with GitHub Actions Artifacts and impressed with the performance increas [...]

Week Notes 24#06 🔗

Monday was doing a few bits at work ahead of being off for a couple of days, and then finalising my talk + blog post before the big day My week was la [...]

Quantifying your reliance on Open Source software (State of Open Con version) 🔗

This is a writeup of my talk at State of Open Con 2024, about the dependency-management-data project. The talk abstract can be found on my talks site. [...]

Week Notes 24#05 🔗

Had a nice catch up with Tulio, Tushar, Danillo, Lewis, and Steve over a drink Was nice to catch up with Steve after a couple of years! Taught Cookie [...]

Celebrating dependency-management-data's first birthday 🔗

It's officially been 1 year since the first commit to dependency-management-data (DMD), from the humble beginnings of trying to answer "what Open Sour [...]

Week Notes 24#04 🔗

A busy week, and trying to make my way through my dependency-management-data talk ahead of State of Open Con in a couple of weeks, but finding it hard [...]

Introducing insight into your dependencies' health in dependency-management-data 🔗

In the last couple of days I've been working on providing more metadata about dependencies into dependency-management-data, so you can make more inten [...]

dependency-management-data now has a logo! 🔗

I'm excited to announce that as of today, dependency-management-data officially has a logo 🚀 As well as the image that should be showing 👆 there's a [...]

Why am I getting `Too many arguments` with `vault`? 🔗

Earlier today I received a slightly unhelpful message from the vault CLI, which I'd actually received last week, but after a 3 day weekend, I couldn't [...]

Week Notes 24#03 🔗

The other night, the Star Trek Aegean class starship popped into my head. Then a couple of days later it shows up in my Google News feed 👀 Are they i [...]

Using `renovate-to-sbom` with the GitHub Dependency Submission API 🔗

Built into GitHub repositories - if enabled - is the Dependency Graph which gives insight into the dependencies that you use, as well as dependencies [...]

Comparing the different Merge Request / Pull Request merge methods in GitLab and GitHub 🔗

Although I've been a big fan of GitLab for years, unfortunately every company I've worked for has been centred around GitHub.com or GitHub Enterprise [...]

How to unpublish/redact/undo/retract a Go release 🔗

I recently rolled out go-semantic-release on dependency-management-data (DMD) to make managing the changelog a little easier, by taking Conventional C [...]

Week Notes 24#02 🔗

I was reminded of the fun of the way the URLs work with my Week Notes when I noticed some 404s in the logs on Monday morning, as I needed to fix it I [...]

How do you represent a JSON field in Go that could be absent, `null` or have a value? 🔗

If you're a follower of my blog you'll know that just one of the Open Source projects I maintain is the oapi-codegen OpenAPI-to-Go code generator. Las [...]

Week Notes 24#01 🔗

A (nice) slow start to the new year. Helped next door get the bricks from their fallen wall out of our garden, which was quite a workout 😅 I'm still [...]

Why is `set -eu` not working? 🔗

If you write shell scripts, you may be familiar with the following header (or some variation) in your script: set -euo pipefail As noted in Use Bash [...]

2023's Music In Review 🔗

In 2023, I listened to 65531.62 minutes (1092.19 hours) of music on Spotify. Top 100 songs Song Title Minutes Elapsed Hours Elapsed Phaeleh - Movi [...]

2023's Site In Review 🔗

Overall traffic This year Last year Number of visits 389052 363136 Number of articles 90 143 Number of blogumentation articles [...]

Week Notes 23#52 🔗

Christmas week 🎅 and New Year's Eve 🎆 A lovely Christmas day - good company and food Got some lovely presents 🥰 and some happy folks with their ow [...]

Week Notes 23#51 🔗

Posting these late, as it was Christmas Eve, and a busy week following it. A bit of a chilled end to the year at work, and thankfully quiet week of on [...]

Week Notes 23#50 🔗

A week of leftovers 😋 I've also unfortunately been ill this week 😷🤒 but it's not (at least infectious) COVID so that's good so far Really don't en [...]

Week Notes 23#49 🔗

Got the smart meter finally installed 👏 Been fun keeping an eye on the usage over the last few days As many other people on GitHub, I got spammed by [...]

You can now interact with dependency-management-data using GraphQL 🔗

When I first started working on dependency-management-data, I wanted to hold off creating an API for the data until I really understood how it'd be us [...]

Week Notes 23#48 🔗

Been very chilly this week, so been glad to have my thermals, and been enjoying wearing longjohns too It was Giving Tuesday at work, so felt good to - [...]

Week Notes 23#47 🔗

Been pretty chilly here this week, especially this weekend, so it's been nice having my thermals and actually layering up properly for a change, as we [...]

You can now use Open Policy Agent with dependency-management-data 🔗

A couple of months ago I wrote about how I find the Custom Advisories functionality in dependency-management-data to be really great. It makes it poss [...]

Week Notes 23#46 🔗

The end of our holiday: Was a bit of an odd last day, not really having too much time, and the bus to the airport being a little late, on top of the [...]

Week Notes 23#45 🔗

Holiday 🏖 Was a warm few days in Gran Canaria and I got a good bit of a tan ☀ Very nice to have our first holiday away since pre-COVID, and especiall [...]

Introducing `snyk-export-sbom` to export SPDX and CycloneDX SBOM from Snyk 🔗

I've written about Software Bill of Materials (SBOMs) a fair bit recently and how they can be used to get more insight into your project's dependencie [...]

Week Notes 23#44 🔗

After the success with Morph coming into the living room, we set up a blanket and bit of privacy on the bar stools, and so he's spent most of the week [...]

Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality 🔗

In today's DevOps Weekly, it was mentioned that npm recently added support for exporting Software Bill of Materials (SBOMs). This was shipped as part [...]

Introducing `renovate-to-sbom` to convert Renovate data to Software Bill of Materials (SBOMs) 🔗

Over the last few months building dependency-management-data, I've been playing around with the great data from Renovate via renovate-graph, as well a [...]

dependency-management-data now supports OSS Review Toolkit (ORT) 🔗

A couple of weeks ago, I received a feature request on dependency-management-data to add support for the OSS Review Toolkit (ORT). I really appreciate [...]

Week Notes 23#43 🔗

Woke up on Monday not feeling particularly great after feeling it coming over the weekend, so took Monday as a sick day, and a chilled day definitely [...]

Getting Go modules to work with nested GitLab groups 🔗

While trying to test for How to publish a v2 version of a Go library, I found some issues with trying to import the new Go module I was testing with. [...]

Performing a v2 release of a Go module 🔗

On Wednesday, I'll be releasing oapi-codegen v2, which is my first v2 release of a Go module. To prepare for this I've been practicing doing a v2 rele [...]

Building resilient, runnable command-line demos with Asciinema and `demo` 🔗

In my opinion one of the harder aspects of building command-line tools is crafting demos for your tooling that show off the functionality you've built [...]

Importing a subdirectory from one repo into another 🔗

When I wrote Merging multiple repositories into a monorepo, while preserving history, using git subtree, I'd found it useful to be able to merge multi [...]

How we reduced oapi-codegen's dependency overhead by ~84% 🔗

As I announced recently, oapi-codegen, the OpenAPI to Go code generator that I co-maintain, will soon release a v2 release to allow us to reduce the s [...]

Week Notes 23#42 🔗

A busy - and cold - week prepping for TechMids It's been very cold this week, and then the end of this week the storm has led to lots of flooding acro [...]

Plea to Software Composition Analysis (SCA) providers and Software Bill of Materials (SBOMs) producers: give us more data! 🔗

While working on dependency-management-data, one of the greatest pieces of interesting data was to understand what version of languages such as Node.J [...]

Week Notes 23#41 🔗

Had a nice Tuesday evening at Canal House with Tulio, Tushar, Danillo and Lewis, catching up after many years, and nice to see everyone Was cool to h [...]

Which version of Go was used to compile this binary? 🔗

Sometimes it can be handy to work out what version of Go a given binary was complied with, for instance to find out if it's affected by any CVEs. One [...]

Utilising Renovate's `local` platform to make `renovate-graph` more efficient 🔗

Last year I built renovate-graph, a tool to extract the dependency trees for a given repository, which under the hood uses Renovate. I've been getting [...]

Gotcha: Using vCluster on Elastic Kubernetes Service requires a Container Storage Interface driver 🔗

I've recently been playing around with vcluster on an Amazon Elastic Kubernetes Service (EKS) cluster, but about two commands into getting set up on m [...]

Listing environment variables used to trigger a Buildkite pipeline 🔗

If you're using Buildkite for your builds, you may sometimes want to work out what environment variables were used to trigger a given build. Although [...]

Publishing My On-Call Compensation History 🔗

At DevOpsDays London 2023 there was a great session called "Let's talk compensation", off the back of a very successful session that was run at DevOps [...]

Week Notes 23#40 🔗

Been enjoying catching up on various Star Wars subreddits' memes, which has been fun, especially before and after the finale of Ahsoka Could hear the [...]

Why should you blog? 🔗

This is a writeup of my talk This talk could've been a blog post for DDD East Midlands. The talk abstract can be found on my talks site. whoami Hi, I' [...]

Solving `/usr/lib/Xorg.wrap: Only console users are allowed to run the X server` errors with tmux over SSH 🔗

On my Linux machines, I use BSPWM as my window manager, and instead of using a login greeter, I used to log into the TTY on startup and run: startx [...]

This talk should also be a blog post 🔗

This is a writeup of a tangent I removed from my talk This talk could've been a blog post for DDD East Midlands. I was quite chuffed with my talk titl [...]

How blogging has affected me, as a neurodiverse person 🔗

As I'm preparing my talk, This talk could've been a blog post for DDD East Midlands this weekend, I've been thinking about how blogging has impacted m [...]

Week Notes 23#39 🔗

A few days on my own while Anna was away for work, and some mixed feelings about how Cookie was 😅 Made some progress on my talk for DDD East Midlands [...]

Introducing tweetus-deletus 🐦🪄💀 - a tool to automate deleting your tweets, through the browser 🔗

Like many other folks, I've been pulling away from Twitter since Elon Musk bought the site, slowly (and also very quickly) destroying it, removing API [...]

Reusing a browser session with Playwright 🔗

If you're using Playwright for driving UI tests, you may want to use your browser with pre-configured user sessions. By default, Playwright will start [...]

Using dependency-management-data with GitLab's Pipeline-specific CycloneDX SBOM exports 🔗

Earlier today I spotted an exciting result in the changelog for the release of GitLab 16.4, which happened last Friday, which added Pipeline-specific [...]

Week Notes 23#38 🔗

A busy week revolving around the very good DevOpsDays London 👏🏼 Spoke at the Go lightning talks at work about dependency-management-data, as a pract [...]

Gotchas with pointing Go modules to a fork, when building an installable module 🔗

This morning I cut a release of dependency-management-data which ended up horribly breaking all consumers of the application. As I flagged in the trac [...]

Week Notes 23#37 🔗

Found that the painful feeling in my toe since Saturday was an infected ingrown toe, but luckily some rest for it and antibiotics have helped Cookie w [...]

Building dynamic jobs with BuildKite 🔗

If you're using Buildkite for your builds, you may want to reduce duplication in your job's configuration by looping over certain variables, for insta [...]

Setting up a matrix for GitHub Actions with Go's `go.mod` and specific versions 🔗

When you're building a library or set of tooling in Go, you may want to test against different versions of Go to give confidence in the project for bo [...]

Week Notes 23#36 🔗

Got National Grid round to sort our earth connection, so hopefully Octopus can come back again to fit a smart meter Fly.io must have had a bad deploy [...]

dependency-management-data now supports Software Bill of Materials (SBOMs) and has better Dependabot support 🔗

As part of my work on dependency-management-data, I've mostly been focussing on utilising Renovate as the underlying datasource due to its excellent s [...]

Prefer using the GitHub Software Bill of Materials (SBOMs) API over the Dependency Graph GraphQL API 🔗

As mentioned in Analysing our dependency trees to determine where we should send Open Source contributions for Hacktoberfest, GitHub has a dependency [...]

Week Notes 23#35 🔗

A chilled start to the week with the bank holiday weekend Cleaned up the spiders on one of the garage doors ahead of Thom coming to drop off some bits [...]

articles on Jamie Tanna | Software Engineer