Using `renovate-to-sbom` with the GitHub Dependency Submission API π
Built into GitHub repositories - if enabled - is the Dependency Graph which gives insight into the dependencies that you use, as well as dependencies [...]
articles on Jamie Tanna | Software Engineer
Posts
Comparing the different Merge Request / Pull Request merge methods in GitLab and GitHub π
Although I've been a big fan of GitLab for years, unfortunately every company I've worked for has been centred around GitHub.com or GitHub Enterprise [...]
How to unpublish/redact/undo/retract a Go release π
I recently rolled out go-semantic-release on dependency-management-data (DMD) to make managing the changelog a little easier, by taking Conventional C [...]
Week Notes 24#02 π
I was reminded of the fun of the way the URLs work with my Week Notes when I noticed some 404s in the logs on Monday morning, as I needed to fix it I [...]
How do you represent a JSON field in Go that could be absent, `null` or have a value? π
If you're a follower of my blog you'll know that just one of the Open Source projects I maintain is the oapi-codegen OpenAPI-to-Go code generator. Las [...]
Week Notes 24#01 π
A (nice) slow start to the new year. Helped next door get the bricks from their fallen wall out of our garden, which was quite a workout π I'm still [...]
Why is `set -eu` not working? π
If you write shell scripts, you may be familiar with the following header (or some variation) in your script: set -eou pipefail As noted in Use Bash [...]
2023's Music In Review π
In 2023, I listened to 65531.62 minutes (1092.19 hours) of music on Spotify. Top 100 songs Song Title Minutes Elapsed Hours Elapsed Phaeleh - Movi [...]
2023's Site In Review π
Overall traffic This year Last year Number of visits 389052 363136 Number of articles 90 143 Number of blogumentation articles [...]
Week Notes 23#52 π
Christmas week π and New Year's Eve π A lovely Christmas day - good company and food Got some lovely presents π₯° and some happy folks with their ow [...]
Week Notes 23#51 π
Posting these late, as it was Christmas Eve, and a busy week following it. A bit of a chilled end to the year at work, and thankfully quiet week of on [...]
Week Notes 23#50 π
A week of leftovers π I've also unfortunately been ill this week π·π€ but it's not (at least infectious) COVID so that's good so far Really don't en [...]
Week Notes 23#49 π
Got the smart meter finally installed π Been fun keeping an eye on the usage over the last few days As many other people on GitHub, I got spammed by [...]
You can now interact with dependency-management-data using GraphQL π
When I first started working on dependency-management-data, I wanted to hold off creating an API for the data until I really understood how it'd be us [...]
Week Notes 23#48 π
Been very chilly this week, so been glad to have my thermals, and been enjoying wearing longjohns too It was Giving Tuesday at work, so felt good to - [...]
Week Notes 23#47 π
Been pretty chilly here this week, especially this weekend, so it's been nice having my thermals and actually layering up properly for a change, as we [...]
You can now use Open Policy Agent with dependency-management-data π
A couple of months ago I wrote about how I find the Custom Advisories functionality in dependency-management-data to be really great. It makes it poss [...]
Week Notes 23#46 π
The end of our holiday: Was a bit of an odd last day, not really having too much time, and the bus to the airport being a little late, on top of the [...]
Week Notes 23#45 π
Holiday π Was a warm few days in Gran Canaria and I got a good bit of a tan β Very nice to have our first holiday away since pre-COVID, and especiall [...]
Introducing `snyk-export-sbom` to export SPDX and CycloneDX SBOM from Snyk π
I've written about Software Bill of Materials (SBOMs) a fair bit recently and how they can be used to get more insight into your project's dependencie [...]
Week Notes 23#44 π
After the success with Morph coming into the living room, we set up a blanket and bit of privacy on the bar stools, and so he's spent most of the week [...]
Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality π
In today's DevOps Weekly, it was mentioned that npm recently added support for exporting Software Bill of Materials (SBOMs). This was shipped as part [...]
Introducing `renovate-to-sbom` to convert Renovate data to Software Bill of Materials (SBOMs) π
Over the last few months building dependency-management-data, I've been playing around with the great data from Renovate via renovate-graph, as well a [...]
dependency-management-data now supports OSS Review Toolkit (ORT) π
A couple of weeks ago, I received a feature request on dependency-management-data to add support for the OSS Review Toolkit (ORT). I really appreciate [...]
Week Notes 23#43 π
Woke up on Monday not feeling particularly great after feeling it coming over the weekend, so took Monday as a sick day, and a chilled day definitely [...]
Getting Go modules to work with nested GitLab groups π
While trying to test for How to publish a v2 version of a Go library, I found some issues with trying to import the new Go module I was testing with. [...]
Performing a v2 release of a Go module π
On Wednesday, I'll be releasing oapi-codegen v2, which is my first v2 release of a Go module. To prepare for this I've been practicing doing a v2 rele [...]
Building resilient, runnable command-line demos with Asciinema and `demo` π
In my opinion one of the harder aspects of building command-line tools is crafting demos for your tooling that show off the functionality you've built [...]
Importing a subdirectory from one repo into another π
When I wrote Merging multiple repositories into a monorepo, while preserving history, using git subtree, I'd found it useful to be able to merge multi [...]
How we reduced oapi-codegen's dependency overhead by ~84% π
As I announced recently, oapi-codegen, the OpenAPI to Go code generator that I co-maintain, will soon release a v2 release to allow us to reduce the s [...]
Week Notes 23#42 π
A busy - and cold - week prepping for TechMids It's been very cold this week, and then the end of this week the storm has led to lots of flooding acro [...]
Plea to Software Composition Analysis (SCA) providers and Software Bill of Materials (SBOMs) producers: give us more data! π
While working on dependency-management-data, one of the greatest pieces of interesting data was to understand what version of languages such as Node.J [...]
Week Notes 23#41 π
Had a nice Tuesday evening at Canal House with Tulio, Tushar, Danillo and Lewis, catching up after many years, and nice to see everyone Was cool to h [...]
Which version of Go was used to compile this binary? π
Sometimes it can be handy to work out what version of Go a given binary was complied with, for instance to find out if it's affected by any CVEs. One [...]
Utilising Renovate's `local` platform to make `renovate-graph` more efficient π
Last year I built renovate-graph, a tool to extract the dependency trees for a given repository, which under the hood uses Renovate. I've been getting [...]
Gotcha: Using vCluster on Elastic Kubernetes Service requires a Container Storage Interface driver π
I've recently been playing around with vcluster on an Amazon Elastic Kubernetes Service (EKS) cluster, but about two commands into getting set up on m [...]
Listing environment variables used to trigger a Buildkite pipeline π
If you're using Buildkite for your builds, you may sometimes want to work out what environment variables were used to trigger a given build. Although [...]
Publishing My On-Call Compensation History π
At DevOpsDays London 2023 there was a great session called "Let's talk compensation", off the back of a very successful session that was run at DevOps [...]
Week Notes 23#40 π
Been enjoying catching up on various Star Wars subreddits' memes, which has been fun, especially before and after the finale of Ahsoka Could hear the [...]
Why should you blog? π
This is a writeup of my talk This talk could've been a blog post for DDD East Midlands. The talk abstract can be found on my talks site. whoami Hi, I' [...]
Solving `/usr/lib/Xorg.wrap: Only console users are allowed to run the X server` errors with tmux over SSH π
On my Linux machines, I use BSPWM as my window manager, and instead of using a login greeter, I used to log into the TTY on startup and run: startx [...]
This talk should also be a blog post π
This is a writeup of a tangent I removed from my talk This talk could've been a blog post for DDD East Midlands. I was quite chuffed with my talk titl [...]
How blogging has affected me, as a neurodiverse person π
As I'm preparing my talk, This talk could've been a blog post for DDD East Midlands this weekend, I've been thinking about how blogging has impacted m [...]
Week Notes 23#39 π
A few days on my own while Anna was away for work, and some mixed feelings about how Cookie was π Made some progress on my talk for DDD East Midlands [...]
Introducing tweetus-deletus π¦πͺπ - a tool to automate deleting your tweets, through the browser π
Like many other folks, I've been pulling away from Twitter since Elon Musk bought the site, slowly (and also very quickly) destroying it, removing API [...]
Reusing a browser session with Playwright π
If you're using Playwright for driving UI tests, you may want to use your browser with pre-configured user sessions. By default, Playwright will start [...]
Using dependency-management-data with GitLab's Pipeline-specific CycloneDX SBOM exports π
Earlier today I spotted an exciting result in the changelog for the release of GitLab 16.4, which happened last Friday, which added Pipeline-specific [...]
Week Notes 23#38 π
A busy week revolving around the very good DevOpsDays London ππΌ Spoke at the Go lightning talks at work about dependency-management-data, as a pract [...]
Gotchas with pointing Go modules to a fork, when building an installable module π
This morning I cut a release of dependency-management-data which ended up horribly breaking all consumers of the application. As I flagged in the trac [...]
Week Notes 23#37 π
Found that the painful feeling in my toe since Saturday was an infected ingrown toe, but luckily some rest for it and antibiotics have helped Cookie w [...]
Building dynamic jobs with BuildKite π
If you're using Buildkite for your builds, you may want to reduce duplication in your job's configuration by looping over certain variables, for insta [...]
Setting up a matrix for GitHub Actions with Go's `go.mod` and specific versions π
When you're building a library or set of tooling in Go, you may want to test against different versions of Go to give confidence in the project for bo [...]
Week Notes 23#36 π
Got National Grid round to sort our earth connection, so hopefully Octopus can come back again to fit a smart meter Fly.io must have had a bad deploy [...]
dependency-management-data now supports Software Bill of Materials (SBOMs) and has better Dependabot support π
As part of my work on dependency-management-data, I've mostly been focussing on utilising Renovate as the underlying datasource due to its excellent s [...]
Prefer using the GitHub Software Bill of Materials (SBOMs) API over the Dependency Graph GraphQL API π
As mentioned in Analysing our dependency trees to determine where we should send Open Source contributions for Hacktoberfest, GitHub has a dependency [...]
Week Notes 23#35 π
A chilled start to the week with the bank holiday weekend Cleaned up the spiders on one of the garage doors ahead of Thom coming to drop off some bits [...]
Setting up your Maven `settings.xml` to release a Jenkins plugin π
I'm technically a maintainer for the Jenkins Job DSL Plugin. I say technically because I've not been able to spend as much time on it since picking up [...]
Removing ANSI escape codes in Vim π
Sometimes you'll be working with tools that may end up (accidentally) writing ANSI escape codes to the console, and these can be captured by tools lik [...]
Creating global middleware for `net/http` servers in Go π
When you're writing pure net/http HTTP services with Go, you may want to wrap them in a middleware, for instance to ensure that authentication is prov [...]
What Go versions are my modules and dependencies targeting? π
As noted in Why is Go trying to upgrade my go.mod to Go 1.21?, we've had a report on oapi-codegen that Go is trying to upgrade our go.mod to a newer G [...]
Why is Go trying to upgrade my `go.mod` to Go 1.21? π
On oapi-codegen we recently had a report that Go 1.21 results in go test being unable to run without having go mod tidy'd the project. If you're runni [...]
Creating a Zoho Mail alias using the API π
I've been using Zoho Mail for some time, and really like the ability to set up aliases that allow me to send emails from an arbitrary email address on [...]
Setting up Mend Renovate Community Edition for GitLab.com on Fly.io π
I've written about being a huge fan of Renovate before, and have been using it personally and professionally for a few years. I first set up Renovate [...]
Custom Advisories: the unsung hero of dependency-management-data π
NOTE: This post is now unmaintained, and you should check out the official docs for up-to-date info. As part of my work on dependency-management-data, [...]
Week Notes 23#34 π
Done some good pieces on oapi-codegen this week - ahead of looking to do a release next week - including: Getting most of the way through the migrati [...]
Turning on Caps Lock when the Caps Lock key is bound to a different key π
As a Vim user, and as someone who doesn't use CapsLock very often, I've had my CapsLock key rebound to ESC for the last 7(!) years. In the last week I [...]
Setting up real-time Slack notifications for GitHub π
Since starting my new job at Elastic, I've been going through my usual productivity hacks like setting up my dotfiles, organising Slack channels and s [...]
Managing Buildkite Agent Images with Renovate π
If you're using Buildkite for your builds, you may end up defining Docker images that you want your agents to run on, for instance: agents: image: "g [...]
Week Notes 23#33 π
My first week at Elastic, which ended up only being a four day week as it was a Shut It Down Day My first week at Elastic Largely spent getting my la [...]
Running commands against every module in a Go multi-module project π
I've recently been migrating oapi-codegen to a multi-module project. As part of it I've seen that running an innocuous "test all the packages below th [...]
Resolving `Timeout`s when generating entropy when generating a new GPG key π
Following my setup on my new work laptop, I was setting up a new GPG key when I encountered the following error when generating it (linebreak added fo [...]
Resolving black screen display with SDDM and NVIDIA GPUs π
Today I'm setting up SDDM on my new work laptop, and I was encountering an issue where SDDM was presenting a black screen when starting up, which then [...]
Week Notes 23#32 π
Went into town on Monday to meet Carol to see her super snazzy new flat π€© and have a very nommy lunch at Blend - the Korean Fried Chicken grilled che [...]
Analysing GitHub Pull Request review times with SQLite and Go π
In Improving Team Efficiency By Measuring and Improving Code Review Cycle Time, I mentioned that one thing we can do to understand if code review is c [...]
Week Notes 23#31 π
Had a nice Monday co-working with Carol Went to Cartwheel for breakfast, EastWest for a coffee, laptop charge and chill in the booths, and then Broad [...]
Week Notes 23#30 π
My first of three weeks off between Deliveroo and Elastic: After a couple of very busy days prepping the talk (including finishing my slides not 10 mi [...]
Getting started with Dependency Management Data π
Note: This blog post has been replaced by the official getting started guide for dependency-management-data. I've kept a copy here for posterity, but [...]
Quantifying your reliance on Open Source software π
This was originally a writeup of my talk at DevOpsNotts July 2023 about the dependency-management-data project. The talk abstract can be found on my t [...]
Week Notes 23#29 π
My final week at Deliveroo! Managed to get the last features out for dependency-management-data that I'd wanted to do when I still had direct access [...]
LeadDev London 2023 π
It was my first time at LeadDev, and I had a great time! I was very thankful to the organisers for gifting me a ticket and making it possible for me t [...]
Week Notes 23#28 π
My penultimate week at Deliveroo, with lots of handover and trying to get through the things I'd like to do before I'm offski Got my first code contri [...]
Merging a branch in GitHub - the hard way π
Today I've been looking at tweaking some code I'd written a while ago to merge a branch in GitHub, which currently uses the Merge a branch API. This h [...]
Validating Renovate configuration changes before merging π
If you're developing custom rules within Renovate, in particular as part of shareable config presets but even if they're just within your repo, it's h [...]
Week Notes 23#27 π
A nice week off, with a couple of nights away π₯° Cookie got jumped by a dog on a walk, just before we left my parents', which was not good of the othe [...]
Introducing `dmd-web`, a web frontend for Dependency Management Data (DMD) π
Since starting the project in February, I've been having a great time working on dependency-management-data, a project to make it easier to understand [...]
Sharing state between `net/http` method calls in Go π
I've recently been writing some HTTP server code with Go, and found it not-super-searchable to find out how to have a struct that shares state between [...]
Week Notes 23#26 π
The one with my announcement of leaving Deliveroo, LeadDev and Cookie's first weekend at my parents: It's not official that I'm leaving Deliveroo with [...]
Who do these Google (JSON file) credentials belong to? π
Earlier today I spotted in my downloads folder a JSON file that looks suspiciously like a set of credentials for a Google service account: { "type": [...]
I'm joining Elastic π
I'm very excited to announce that in August I'll be joining Elastic as a Senior Software Engineer, working in the Platform Developer Experience team. [...]
Week Notes 23#25 π
A pretty toasty week, but with nice periods of rain interspersed to make it not as toasty Had to have some lemon sorbet at lunch on Monday to cool dow [...]
Using `go.mod` versions to `go install` a binary π
In my post Managing your Go tool versions with go.mod and a tools.go I talked about how to track tool dependencies in a tools.go to more easily run yo [...]
Checking the migration status with `golang-migrate` π
If you're using golang-migrate to perform your database migrations, you may wonder how to check what the current state of your migrations is. I recent [...]
Week Notes 23#24 π
After days of it almost coming, we finally had thunderstorms, which spooked both the little ones. Got worried when we realised that Morph was out, but [...]
Week Notes 23#23 π
Made some good progress with migrating over our joint account to Starling with virtual cards, but still got a few things left to do Officially needed [...]
Week Notes 23#22 π
Had a chilled Bank Holiday Monday While Anna was out, I tried somewhere new for lunch - Locked n Loaded fries - which was good, and my first time eat [...]
Introducing `openapi-sorbet`, a command-line tool for generating Sorbet types from OpenAPI π
For a couple of the Ruby on Rails applications I work on at work, we use Sorbet for type checking. Late last year we were integrating a JSON Schema ba [...]
Learn how to build tools π
This article was originally published for Letters to a New Developer. Dear new developer, Our jobs and lives are full of repetition, and one of the be [...]
Week Notes 23#21 π
Was nice to see Emma and Carol on the way back from their BeyoncΓ© trip and have a bit of a catch up Been nice to have Anna home again, which Cookie ag [...]
Getting a `--version` flag for Cobra CLIs in Go π
In my post Getting a --version flag for Cobra CLIs in Go, built with GoReleaser I wanted to add a --version flag to my Go command-line tools. However, [...]
Performing downtime-inducing AWS RDS changes with no downtime☆ π
Sometimes you need to make changes to your AWS RDS databases, such as changing the instance size, or performing routine DB engine upgrades. As the AWS [...]