We're all learning how to ship more side projects. If you're "in the bubble" it can feel like everyone is repo-maxxing. Shipping weekly. Spinning up agents to scaffold full apps overnight. New OSS dropped every Friday. The reality I see with most developers is much more normal: They have six or seven repos sitting in various states of half-attention. A side project from last year that still gets a
In the fast-paced world of continuous integration and deployment (CI/CD), managing sensitive information like API keys, tokens, and credentials—collectively known as secrets—is not just a best practice; it's a critical foundation for security and efficiency. GitHub Actions provides a robust framework for automating workflows, but a common friction point for many development teams, particularly tho
The Challenge of Scalable Secrets Management in GitHub Actions For development teams scaling beyond a handful of repositories, managing environment-specific variables and secrets in GitHub Actions can quickly become a significant bottleneck. The manual duplication of configurations across multiple repos, especially when dealing with distinct environments like development, staging, and production
Hey dev.to community! I just launched CodeLens AI — an AI-powered code review tool that automatically reviews every pull request. Connect your GitHub repo Open a PR AI automatically reviews the code Detailed review comment posted on PR Bugs and logic errors SQL injection and security vulnerabilities Performance issues Code quality improvements Next.js + TypeScript NextAuth + GitHub OAuth Supabase
Why We Open-Sourced Our AI Safety Layer When we built the AI safety layer for As You Wish (AYW), we faced a choice: keep it proprietary or open-source it to help the community. Here's why we chose the latter (and why it made our platform stronger). If you're building AI-assisted development tools, you need: Input validation (sanitizing prompts, preventing injection) Output filtering (catching u
If you want to Automate GitHub PRs, the real goal is not just adding another bot comment to a pull request. The goal is to give reviewers the context they usually have to gather manually: who owns the service, whether it is deployed, whether basic repository standards are in place, and whether the change looks safe to merge. A useful AI pull request workflow can do exactly that. When a PR opens, i
I got tired of the same three-step content publish loop: write draft → open CMS → paste, format, re-paste, fight the rich-text editor, click publish. Repeat for every environment — staging, then production. For one article, fine. For a team publishing 20+ pieces a month? That workflow is a quiet tax on everyone's time. So I wired up a pipeline that cuts the loop entirely. You commit a .md file to
How I Used GitHub Actions to Auto-Publish to AMO on Every Release Manually uploading extension files to AMO (Mozilla's Add-On Observatory) is tedious. After the fifth time forgetting to increment the version number, I automated it with GitHub Actions. Here's exactly how I set up the pipeline for the Weather & Clock Dashboard extension. Trigger on new GitHub release Validate the manifest version