Why isn't Hugo regenerating my SCSS files? (1 mins read).

How to ensure you're using the right Hugo version to build SCSS files.
Why isn't Hugo regenerating my SCSS files? (1 mins read).
How to ensure you're using the right Hugo version to build SCSS files.
Why can't I use a comma with gcloud
? (1 mins read).
How to resolve commas being ignored when interacting with gcloud
, and how to escape them.
Using Spotless to auto-format Gradle Verification Metadata (3 mins read).
How to use Spotless to allow manual changes to the Gradle Verification Metadata to be auto-formatted as if Gradle generated it.
Common issues faced with exec
ing an executable on Linux (2 mins read).
Some common issues you may face, with esoteric error messages, and how to fix them.
You can now parse repo-level Renovate configuration with renovate-graph
(2 mins read).
Announcing a new release of renovate-graph
which now parses repo-level Renovate configuration.
Dependency Management Data's Open Policy Agent support is now a whole lot more efficient (2 mins read).
Talking about the latest release of Dependency Management Data and some refactoring that's led to better performance.
Migrating Renovate bots, while keeping existing PRs updated (2 mins read).
How to migrate between two Renovate bot accounts, in the case you want to do a 'big bang rollout'.
Manually triggering a Buildkite pipeline for a fork (1 mins read).
How to trigger a Buildkite pipeline to run on a fork, if you have access to trigger a build.
Dependency Management Data's now on Mastodon! (1 mins read).
Announcing the dependency-management-data Mastodon account for automated release announcements (and more?).
Dynamically querying EndOfLife.date data for internal packages with Open Policy Agent and Dependency Management Data (3 mins read).
How you can retrieve End-of-Life data via EndOfLife.date using Dependency Management Data's Policies functionality.
89 things I know about Git commits (7 mins read).
Some of the things I've learned over a decade of Git usage, and working on writing good commit messages.
Dependency Management Data is now a lot easier to work with when using Software Bill of Materials (3 mins read).
Announcing an improved model for interacting with SBOMs, removing the need to understand the Repo Key up-front.
One THOUSAND blog posts (3 mins read).
Celebrating a massive milestone in my blog, and a short reflection.
Reader survey: Who reads my blog? (2 mins read).
Wondering how my readers read my blog, and why.
Dependency Management Data can now use sql-studio for database browsing (1 mins read).
Announcing the availability of the sql-studio
database browser for dependency-management-data's web application.
Creating a test harness for validating Renovate regex manager rules (4 mins read).
How to set up a test harness to make it eaiser to modify scary looking regexes in your Renovate configuration.
Modifying the response body of an httputil.ReverseProxy
response (2 mins read).
How to modify the response from a httputil.ReverseProxy
before it goes back to the caller.
Performing cross-database queries with SQLite (2 mins read).
How to query multiple database files with SQLite.
Dependency Management Data's web application can now be deployed as a single static binary (2 mins read).
Announcing dependency-management-data's embedded SQL browser interface.
Using Go's database/sql
to query an arbitrary columns of unknown type(s) (3 mins read).
How you can query an unknown number of columns, of unknown types, with Go's SQL package.
My workflow for writing SQL(ite) queries (2024 edition) (4 mins read).
Writing about my recent workflow for writing, executing, and sharing SQL queries with others.
Calculating the GitHub API's sha
representation of a local file (2 mins read).
How to locally calculate the same sha
of a given file, so you can compare it against the GitHub API's representation.
Making it easier to schedule cross-timezones, with the tz
CLI (3 mins read).
Writing a command-line tool with Charm's Go libraries to compare the suitability of meetings across timezones.
Installing Google Cloud CLI components on Arch Linux (2 mins read).
How to install gcloud
components using pacman
, instead of using the officially supported method.
I'm on Cup o' Go! (2 mins read).
Announcing my appearance on Cup o' Go, talking about oapi-codegen
, OpenAPI, working on Open Source and blogging.
Responsible Disclosure: Using GitHub Search (without logging in using SSO) still allows searching (4 mins read).
Reporting on a HackerOne responsible disclosure that I found in GitHub, where you could exfiltrate data without signing in to GitHub SSO.
Creating a more sustainable model for oapi-codegen
in the future (9 mins read).
Announcing a request for sponsorship to continue to allow allocating more time to oapi-codegen
as well as to make more ambitious changes to the project.
oapi-codegen is moving to its own org (7 mins read).
Announcing oapi-codegen
's move to its own GitHub org, and a history lesson about the project.
Lessons learned self-hosting Renovate (13 mins read).
What I've learned operating Renovate as a self-hosted app on GitHub Actions, GitLab CI, and the Mend Renovate Community Edition, and some tips for getting started
Automating the syncing of files between repos with GitHub Actions (2 mins read).
Creating a GitHub Action workflow to periodically update vendored files which are out-of-sync between GitHub repos.
Querying your organisation's Renovate configuration using SQL(ite) (3 mins read).
A new tool, renovate-config-sqlite
to pull Renovate configuration into an SQLite database.
Why I recommend Renovate over any other dependency update tools (10 mins read).
Explaining why Renovate is going to be my solution to keeping up-to-date with dependencies and it's not likely to change any time soon.
What can we learn about the backdooring of xz
/liblzma
, using OpenSSF Security Scorecards and dependency-management-data? (6 mins read).
Looking at how the recent CVE-2024-3094 vulnerability could provide insight into other cases of risk in dependencies and their lack of code review.
What routes is my http.ServeMux
listening for? (2 mins read).
How to fairly quickly list the routes that your http.ServeMux
is handling, pre- and post-Go 1.22.
Why is Go 1.22's enhanced routing not working for me? (2 mins read).
Why you may be receiving 404 page not found
errors when using Go's new enhanced routing in Go 1.22.
Job titles are bullshit (6 mins read).
When is a Senior Engineer not a Senior Engineer, no standardisation across the industry, and other reasons job titles are frustrating.
I'm on Changelog and Friends! (2 mins read).
Announcing my first podcast appearance on Changelog and Friends, talking about salary history, the IndieWeb, ADHD and dependency-management-data, among other things.
You should listen to The Changelog (5 mins read).
Why you should really be adding The Changelog (and its network of podcasts) to your rotation of tech podcasts.
Gotcha: Don't try and authenticate to URLs generated by GitHub Actions Artifacts v4 (3 mins read).
Why you may be receiving errors when trying to authenticate to download GitHub Actions Artifacts using the v4 Actions.
Quantifying your reliance on Open Source software (State of Open Con version) (20 mins read).
A writeup of my talk about the dependency-management-data project at the State of Open Con 2024 conference.
Celebrating dependency-management-data's first birthday (6 mins read).
Reflecting on the last year of the project.
Introducing insight into your dependencies' health in dependency-management-data (2 mins read).
How you can use the new dependency health functionality to better understand your dependencies.
dependency-management-data now has a logo! (1 mins read).
Very excited to note that the project now has a logo.
Why am I getting Too many arguments
with vault
? (1 mins read).
Why you may be getting Too many arguments
from the vault
CLI, and how to fix it.
Using renovate-to-sbom
with the GitHub Dependency Submission API (4 mins read).
How to improve the data in GitHub's Dependency Graph by using an SBOM produced by Renovate data.
Comparing the different Merge Request / Pull Request merge methods in GitLab and GitHub (2 mins read).
How the different merge methods for contributions work between GitLab and GitHub.
How to unpublish/redact/undo/retract a Go release (3 mins read).
How to retract a release version of a Go version, without risking folks automagically upgrade to that version.
How do you represent a JSON field in Go that could be absent, null
or have a value? (5 mins read).
Why it's surprisingly hard to work out a field has been sent or whether it's explicitly null, when using Go's encoding/json
.
Why is set -eu
not working? (2 mins read).
Why you may be finding set -u
in a shell script not exiting when set -e
is also present.
You can now interact with dependency-management-data using GraphQL (2 mins read).
Announcing the release of the GraphQL API for dependency-management-data.