One Line: secrets: inherit
CODECOV_TOKEN worked perfectly in ci.yml.
Called ci.yml from release.yml as a reusable workflow. Codecov failed:
Same token. Same workflow. Different result.
GitHub Actions¶
One Line:
Go-Based GitHub Actions: From Code to Marketplace
Go works well for GitHub Actions. Single binaries, fast starts, cross-platform builds, and no runtime deps.
Here's how to go from code to release.
Shipping a GitHub Action the Right Way
I just published readability, a GitHub Action that checks docs. But this post isn't about metrics. It's about the release system that makes shipping easy.
The Real Fix for Release-Please Triggers
A few days ago I wrote about why release-please PRs don't trigger builds and proposed a dual-trigger pattern as the fix. Today I discovered that pattern is a workaround with side effects. Here's the actual solution.
The 75-Repo PR Storm We Almost Created
The workflow looked perfect. CONTRIBUTING.md in our central repository, automatically distributed to all 75 repositories. Any change triggers PRs across the organization.
Then release-please bumped the version from 1.4.1 to 1.4.2.
What Release-Please Can't Do
I wanted to version CONTRIBUTING.md independently from the main project. Separate changelog. Separate release cycle. Separate tags.
Release-please said no.
Why Release-Please PRs Don't Trigger Your Builds
Update: There's a Better Way
The dual-trigger pattern described below is a workaround, not the real fix. See The Real Fix for Release-Please Triggers for the proper solution using GitHub App tokens.
The release-please PR looked perfect. Clean changelog. Proper version bump. Ready to merge.
One problem: the build pipeline never ran. Branch protection blocked the merge. No required checks had passed, because no checks had started.
This is the story of a GitHub Actions limitation that wastes hours of debugging time, and the pattern that fixes it in two lines of YAML.
One Year of Fidgeting: The Journey to Enterprise-Grade Content Distribution
Today marks a milestone. The Adaptive Enforcement Lab documentation site is live, and with it, a year's worth of battle-tested patterns for GitHub App automation finally have a proper home.
This wasn't a sprint. It was an on-and-off effort spanning twelve months, guided by a simple principle: one building block at a time. Atomic habits applied to infrastructure. Some weeks meant solving a single authentication edge case. Others meant no progress at all. The pieces accumulated slowly, each one small enough to ship, test, and trust before moving on.
Then came today. A marathon session to wire everything together. The discovery stage that had been working in isolation. The distribution logic refined over months of incremental improvements. The idempotency patterns born from countless failed reruns. Today was assembly day. I took a year of atomic improvements and built the complete content distribution system.
This post covers that journey from "let's automate some file syncing" to "we need enterprise-grade security for 40 repositories."