Harnessing AI in Software Development: The Critical Role of CI/CD Foundations

As AI-generated code becomes increasingly prevalent, the need for robust CI/CD frameworks is more crucial than ever. This article explores the challenges and solutions for integrating AI into the soft...

https://news.lavx.hu/article/harnessing-ai-in-software-development-the-critical-role-of-ci-cd-foundations

CI/CD pipelines for dummies.

First, make separate pipelines by area, f.ex: Frontend, Mobile (android/iOS), Backend.

Then, add default jobs:

1. Static Analysis (linting, code quality)
2. Tests (run and measure coverage)
3. Security (scan code, dependencies, container and report)
4. Build & Release (tagged)
5. Deploy

Avoiding overhead by:

• Run job 1 for all branches
• Run jobs 1-4 for develop (unstable)
• Run jobs all for staging (testing) and production

And finally, when releasing:

• Use semantic versioning, i.e. Major.Minor.Patch
• Keep a CHANGELOG.md
• Use secrets for sensitive info

Once this is in place, then you can start thinking about agent-scaling, dynamic test environments for pull-requests and the plethora of integrations/plugins/etc that exist for each CI platform.

Remote is hiring Senior Backend Engineer (Elixir)

#angular #react #vue #aws #cicd #docker #kubernetes #postgresql #seniorengineer
Remote; Latin America
Full-time
Remote

Job details https://jobsfordevelopers.com/jobs/senior-backend-engineer-elixir-at-remote-com-apr-30-2025-0a8433?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

CircleCI seems a lil'pricey but like a decent option for my team

Like, it seems like the costs can be kept reasonable by using a self-managed runner for dev-builds, and use the managed runner for releases.

And having native integrations for our hosting provider, deployment methods and all of our targets certainly helps to make things easier when we have no dedicated DevOps in the team (yet).

Now to figure out if there's some past bad behaviours or other kind of black mark on it I should be aware of...

Hi there,

If you will be able to use any tech stack for #cicd what you will use? I’m especially interested in #dast part, for static part #trivy and #checkov seems to be solid partners, but for dynamic scans I’m still searching…

Status update: I'm now automatically building and releasing a signed fork of stable moshidon with my patches. #CI is cool!

https://github.com/cactichameleon9/moshidon-fork

Here is how I test my GitHub CI from the terminal!

**wrkflw** — Validate and execute GitHub Actions workflows locally

Supports viewing logs, outputs, and execution details

Parallel runs, emulation mode & more!

Written in Rust & built with @ratatui_rs

GitHub: https://github.com/bahdotsh/wrkflw

Ship Software That Does Nothing

https://kerrick.blog/articles/2025/ship-software-that-does-nothing/

"Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize."

#AI #sbom #cicd

https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks

Six and the City at https://imio.be presents Love Story: When Designers Meet GitHub Actions #plone #plone6 #wpd2025 #CMS #Python #React #volto #opensource #community #GitHub #CICD https://youtu.be/qwI2UL8zuZc

Mikel Larreategi @erralin of https://codesyntax.com shows how to Deploy Cookieplone Based Projects With GitLab CI/CD #plone #plone6 #wpd2025 #CMS #Python #React #volto #opensource #community #DevOps #GitLab #CICD https://youtu.be/7d1KQSXpodY

Maven 4: Still XML. Still boring. Still Winning.

What's so ugly about Maven?
Oh, right, XML. The ancient language feared by the hipster cult of Gradle.

But let's be honest:
You don't write build files every day. You come back after months, forget everything, and now… you're debugging a Groovy poem.
Maven? You squint at the XML, and boom. Autocomplete, structure, sanity.

Maven 4? Still XML. Still boring. Still… Winning at automations.
Yes there are more features, and yes you can use other DSL's than XML with polyglot or any other extension like also before.
Something new and interesting could be the BOM packaging and requirement of java 17. You can always build lower stuff also with 17. It's simply Java.

My killer feature of Maven:
Stable, sandboxed plugins, run directly from the command line. No need to create bloated build files.
No copy-pasting the same config into 12 submodules and repositories.
All automated. All under my control.
No need to depend on the next third party cloud elf named like dependabot.
Or an SDK Man for switching java versions.
All I need is simply a JAR file and a build tool which does not disrupt me.

Favourite Maven Spells - aka plugins running on my CI without defining them:
mvn wrapper:wrapper - Because of consistency, no jar binary inside my repo.
mvn dependency:tree - See who brought the uninvited guests.
mvn versions:update-properties - Auto-update without the bots.
mvn license:add-third-party - keep track of used licenses
mvn org.owasp:dependency-check-maven:check - Security without sacrifice.
[...]

Stop waiting for the next shiny thing, you can always contribute to any tool.
Start building. Or better automate it.

We have expanded our section on GitLab CI/CD pipelines with examples of
• GitLab Pages
• npm deployments with rsync
• building Docker containers
• multi-arch images with Buildah
• migrating GitHub Actions
https://www.python4data.science/en/latest/productive/git/advanced/gitlab/ci-cd/index.html
#GitLab #CICD #DevOps #DX

Enlace para añadir solicitudes a Tarddigrade

https://github.com/tarddigradeOrg/tarddigrade/issues/new?template=feature_request.md

#Pipelight typescript issue fixed.

It was a nasty bug that slide in with #deno 2.2.

Fixed by replacing external #UUID library with bultins uuid library.

This type of heartful message is what keeps me sharing my best code with you.

#opensource #foss #cicd

https://github.com/pipelight/pipelight/issues/35

Středeční #hiring update:

Do interního #DevOps týmu hledám borce na pozici, které říkáme
INFRASTRUCTURE AND DEVOPS SPECIALIST

HPP, nebo IČO, jak chceš.
Hybridní forma práce, kancl #Praha Nusle.
Nezávazná pokec s DevOps Leadem není problém, online/onsite.
Nespěcháme, hledáme oboustranný "match."

"#GitHub Action Compromise Puts #CICD Secrets at #Risk in Over 23,000 Repositories"

#DevOps #automation is always high risk: root access, connected, fast, scaled. So like this is unacceptable.

Major $fail by $MSFT leadership. I bet all the #layoffs didn't help.

https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html

Every single day ... and not simply once per day...

"Was XX made this way specfically as terrible as possible so that I'll eventually give up and buy a YY?"

"Why does XX get worse with every single system update? Do they know anything about regression testing at all?"

"Do they only operate on the idiotic notion of 'Move Fast, Break Everything?' as if we were still in 2009 web2.0 and testing in production? Also, only lazy unimaginative chuds think that everything needs to be tested in production!"

"Do they really think everyone is an A or a B in their poorly conceived deployment process? 'well, some percentage of our users can suffer as long as we remain profitable by ZZ% so we definitely A/B test in production!'"

Run pipelines in the terminal.

#pipelight is a cli/engine that runs pipelines in the terminal.(pssst: it's #foss and #rust )

It has json AND pretty tree outputs so you can inspect every process outputs fairly quickly.

Supports #yaml, #toml, #hcl, #javascript and some other languages.

#sysadmin #devops #cicd #developers
Every buzz word are thereso you don't miss it, thk me later

https://github.com/pipelight/pipelight