GitHub Actions

This episode of Ship It Weekly is about the quiet platform work that keeps things safe before they break. Brian covers GitHub Actions hardening in Kubernetes-related repos, Airbnb’s safer config rollouts, Cloudflare’s zero-downtime Rust restarts, Amazon ECS Managed Daemons, and HCP Terraform access controls with IP allow lists and temporary AWS permission delegation.

Links

GitHub Actions security roadmap

https://github.blog/news-insights/product-news/whats-coming-to-our-github-actions-2026-security-roadmap/

Airbnb config rollouts

https://medium.com/airbnb-engineering/safeguarding-dynamic-configuration-changes-at-scale-5aca5222ed68

Cloudflare graceful restarts for Rust

https://blog.cloudflare.com/ecdysis-rust-graceful-restarts/

Amazon ECS Managed Daemons

https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-ecs-managed-daemons/

HCP Terraform IP allow lists

https://www.hashicorp.com/blog/hcp-terraform-adds-ip-allow-list-for-terraform-resources

HCP Terraform AWS permission delegation

https://www.hashicorp.com/blog/aws-permission-delegation-now-generally-available-in-hcp-terraform

GitHub secret scanning updates

https://github.blog/changelog/2026-03-10-secret-scanning-pattern-updates-march-2026/

GitHub secret scanning for AI coding agents

https://github.blog/changelog/2026-03-31-secret-scanning-extends-to-ai-coding-agents-via-the-github-mcp-server/

Codespaces GA with data residency

https://github.blog/changelog/2026-04-01-codespaces-is-now-generally-available-for-github-enterprise-with-data-residency

Kubernetes v1.36 sneak peek

https://kubernetes.io/blog/2026/03/30/kubernetes-v1-36-sneak-peek/

GKE Inference Gateway

https://cloud.google.com/kubernetes-engine/docs/concepts/about-gke-inference-gateway

More episodes and show notes

https://shipitweekly.fm

On Call Briefs

https://oncallbrief.com