0:07
Hey, I'm Brian. This is Ship It Weekly by Tellers
0:11
Tech. If you're new here, I've worn the DevOps,
0:14
SRE, and platform engineering hats over the years,
0:17
and I do some coaching on the side. This show
0:19
is me skimming the noise and pulling out what
0:22
actually matters when you're the one running
0:24
infra and owning reliability. All right. This
0:28
week's theme is pretty obvious. Your CI is a
0:32
dependency. Vendor pricing models are shifting
0:34
under your feet and AI is getting shoved into
0:38
pipelines in ways that create entirely new failure
0:41
modes. Let's start with GitHub. So GitHub announced
0:44
a pricing change for actions that would have
0:47
added a cloud platform charge to self -hosted
0:51
runners in private and internal repos. Not compute,
0:55
you still pay for your own compute. This was
0:57
basically GitHub charging for the orchestration
1:00
layer and the control plane side of actions.
1:03
People freaked out loud and fast. And GitHub
1:06
came out and said they're postponing that billing
1:09
change while they reevaluate. So the story isn't
1:13
they're charging now, the story is they tried
1:16
to charge, got major pushback and hit pause.
1:20
Important detail though, they're still moving
1:22
forward with reducing hosted runner prices in
1:25
2026. So GitHub is still actively tuning the
1:29
economics of actions. They're just not ready
1:32
to light up the self -hosted runner fee just
1:35
yet. Then because timing is hilarious, GitHub
1:39
hosted action runners had an incident yesterday.
1:42
I'm not even bringing that up to dunk on them.
1:45
It just reinforces the point. Actions is not
1:48
just CI. GitHub is part of your delivery control
1:51
plane. When it's down or degraded, a lot of companies
1:55
basically lose their ability to ship, deploy,
1:58
or recover cleanly. So here's the platform lesson.
2:01
Even if the fee is postponed, this is your warning
2:04
shot. GitHub wants to monetize actions like a
2:08
platform product. not a free feature. If you
2:11
own CI CD, now is the time to get your house
2:14
in order. Start measuring actions minutes by
2:17
repo and by workflow, especially the expensive
2:21
ones. The long integration suites, the run everything
2:24
on every PR pipelines, the stuff that's there
2:28
because it's always been there. Then go hunt
2:30
down dumb minutes, not even because you're scared
2:33
of pricing, but because it's usually a straight
2:36
win anyway. faster PR feedback, fewer queues,
2:41
less flakiness, lower compute costs, and less
2:44
why did this run 12 times noise. Also, write
2:48
down your GitHub is sad plan, like literally.
2:52
If GitHub Actions is down, what can still happen?
2:55
Can you still deploy a hotfix? Can you still
2:58
promote an image? Can you still roll back? Or
3:01
is your plan basically, we wait and refresh the
3:04
status page? Even a tiny break glass path is
3:07
better than chaos. All right, let's go from GitHub
3:10
pricing whiplash to HashiCorp pricing whiplash.
3:14
So HashiCorp is finishing the transition off
3:17
of the old legacy free plan for HCP Terraform.
3:21
The legacy free plan hits end of life on March
3:25
31st, 2026, and orgs get moved to the newer free
3:29
tier. That newer free tier includes unlimited
3:32
users, but it caps at 500 managed resources.
3:38
And that managed resources limit is why this
3:41
is suddenly a big deal for real teams. Because
3:44
500 resources sounds like a lot if you're thinking
3:48
workspaces, but it's not workspaces. It's actual
3:51
managed infrastructure objects. If you've got
3:54
a couple of EKS clusters, they're node groups,
3:58
IAM roles, policies, security groups, route tables,
4:01
DNS. plus supporting stuff plus a few environments,
4:05
you can hit 500 way faster than you think. So
4:09
the takeaway here is not HashiCorp is bad or
4:12
everyone panic, it's you need to know your numbers.
4:15
If you're using Terraform Cloud or HCP Terraform,
4:19
go find out. Are you still on legacy -free? How
4:22
many managed resources you actually have today?
4:25
And how fast that number is growing? Then decide
4:28
what your reality -based options are. Maybe you're
4:31
fine and this doesn't matter. Maybe you need
4:34
to clean up old stacks and dead environments
4:36
so you stop paying for zombie infra and zombie
4:39
state. Maybe you need a paid tier because you're
4:42
not a hobby shop. Or maybe you do want to move
4:46
away. But do that as a controlled migration,
4:49
not a March 2026 emergency where your pipeline
4:53
turns into a pumpkin. This is the part I keep
4:55
coming back to. Platform work is interestingly
4:58
vendor economics work, not just Kubernetes and
5:01
Terraform syntax. You need a basic plan for what
5:05
if the rules change. All right, now we're going
5:08
to take the your pipeline is a dependency theme
5:11
and add AI to it. which is where things get extra
5:14
weird. There's a write -up from Akito about what
5:17
they're calling prompt pwned. This is basically
5:20
the prompt injection meets CI CD story. Here's
5:24
the pattern. Teams are wiring AI agents into
5:27
GitHub actions or similar pipelines. The agent
5:30
reads issues, PR descriptions, commit messages,
5:34
logs, test output, and then makes decisions.
5:38
Maybe it opens a PR. Maybe it posts a comment.
5:41
Maybe it runs scripts. Maybe it has tools. The
5:44
problem is, a lot of that input is untrusted.
5:47
PR text is untrusted. Issue bodies are untrusted.
5:51
commit messages can be untrusted. So if that
5:54
untrusted content goes into the model prompt
5:57
without guardrails, an attacker can basically
6:00
smuggle instructions into the agent. And if the
6:03
agent has the ability to run commands or use
6:06
privileged tokens, you've created a new kind
6:09
of supply chain exploit. It's not run untrusted
6:12
code. It's run untrusted text through a system
6:16
that has hands. So what do we do about it as
6:19
platform folks? Treat AI agent inputs like you
6:22
treat user input in an app. Sanitize, filter,
6:27
don't just shove raw PR bodies into prompts.
6:30
Keep the agent's permissions brutally minimal.
6:33
If it doesn't need write, don't give it write.
6:36
If it doesn't need cloud creds, don't give it
6:38
cloud creds. If it's running in CI, don't give
6:42
it a token that can do anything interesting.
6:44
And if the agent generates commands, don't auto
6:47
execute them like, well, the robot said so. This
6:51
whole space is new enough that a lot of people
6:54
are still in the, this is fun phase. We're already
6:57
entering the, this is now a security boundary
7:00
phase. All right. One more main story, and this
7:03
one is classic security hygiene. There was a
7:07
report that Home Depot had an exposure that allegedly
7:11
granted access to internal systems for about
7:14
a year. Not trying to pile on them, big companies
7:17
have weird internal sprawl and stuff slips. But
7:20
the reason I think it's worth mentioning on this
7:23
show is because this is the exact kind of incident
7:26
that happens in a lot of orgs, just smaller and
7:31
quieter. Usually it's some variant of, a token
7:34
was exposed somewhere it shouldn't be. The token
7:37
had way more access than it needed. Nobody noticed
7:40
for way too long. Detection and response was
7:44
slower than it should have been. And even if
7:46
you rotate creds, the bigger question is, how
7:50
did it get there? And why did it have that much
7:52
power? So what can you actually take back to
7:55
your team from this? Secrets should expire. If
7:59
you can't expire them, they should at least be
8:02
rotated on a schedule that doesn't require drama.
8:05
If it's a long -lived credential that can't be
8:08
rotated, that's a smell. Assume exposure will
8:11
happen. design the blast radius like it will.
8:14
If a token leaks, what can it do? One service,
8:17
one environment, or is it basically welcome to
8:20
the kingdom? And lastly, detection. How quickly
8:24
would you notice a token is being used from a
8:27
weird place? Do you even log that in a way you
8:30
can query? Do you have alerts? Does anyone own
8:34
those alerts? A lot of orgs treat secret scanning
8:37
as nice to have. It's not. It's one of the simplest
8:41
ways to prevent a year long, how is this still
8:44
alive story. All right. Let's do a quick lightning
8:48
round. CDK for Terraform. CDK TF is officially
8:52
sunset and the repo is archived. If you're using
8:56
it, you're now in fork or migrate territory.
9:00
The official guidance is basically synthesized
9:03
to HCL and move on. Bitbucket is doing cleanup
9:06
of free, unused workspaces. If you have dead
9:10
orgs or old workspaces that nobody touches, you
9:13
don't want to wake up to surprise deactivations
9:15
or deletions. Inventory your SaaS, it's boring,
9:18
but it's real. And SourceHUD is proposing pricing
9:22
changes. I like mentioning this stuff because
9:24
it's a reminder that even the indie dev tolling
9:27
world is under cost pressure. Different scale
9:31
than GitHub, same underlying reality. Infra costs
9:34
money, and pricing models eventually shift. All
9:38
right, quick human moment before we wrap. This
9:40
week is a good example of something nobody is
9:43
really talking about. Platform whiplash. Like
9:46
GitHub floats a pricing change, everyone scrambles,
9:50
then it gets postponed. HashiCorp shifts plan
9:53
definitions and suddenly you're doing math on
9:55
managed resources. Meanwhile, teams are wiring
9:58
AI into CI pipelines, and now you're responsible
10:02
for weird new security boundaries you didn't
10:04
ask for. None of this is hard tech in a fun way.
10:08
It's mental load. It's context switching. It's
10:11
the quiet stress of realizing your job isn't
10:14
just keeping systems up. It's also keeping your
10:17
org from getting surprised by vendor changes.
10:19
So if you're the person who owns CI, IAC, or
10:23
platform reliability, here's a thing I've started
10:26
doing that helps. Make a tiny platform watch
10:29
list. Not a big roadmap doc, just a running note
10:32
with three columns. What changed, what it breaks,
10:36
and what we're doing about it. And the bar for
10:38
what we're doing about it can be small. Sometimes
10:41
it's literally measure action minutes or check
10:44
our Terraform managed resource count or write
10:48
down break glass deploy path. Because what burns
10:51
people isn't one big outage. It's a constant
10:54
drip of little, oh by the way, changes that all
10:58
become your problem. So yeah, if this week felt
11:01
like chaos, it's not just you. Put it in a lightweight
11:05
system so your brain doesn't have to hold it
11:07
all. All right. So the vibe this week is GitHub
11:10
and HashiCorp are both messing with the economics
11:13
of the platforms a lot of us depend on. AI agents
11:17
are being wired into pipelines in ways that create
11:20
brand new attack paths. And security stories
11:23
like the Home Depot one keep reminding us that
11:26
the boring basics are still the basics for a
11:29
reason. If you got value out of this episode,
11:32
please subscribe wherever you are listening.
11:35
Seriously, it helps. And if you know the one
11:37
person on your team who always ends up being
11:40
the prod is weird detective, send it to them.
11:44
I'm Brian. This is Ship It Weekly by Tellers
11:46
Tech. Thanks for hanging out and I'll see you
11:49
next week.
Episode 6 is a “platform tax” week.
Not because anything is fun and shiny, but because a bunch of the stuff that keeps your org shipping quietly changed shape at the same time: CI economics, IaC platform limits, and new security boundaries thanks to AI agents.
We start with GitHub Actions. GitHub floated a new charge for self-hosted runners, got immediate pushback, and then paused the change while they re-evaluate. The important part isn’t the drama. It’s the signal: Actions is a control plane, and GitHub is clearly thinking hard about how it gets priced. We also got the perfect timing joke with a GitHub incident the same week, which is a reminder that CI isn’t just “dev convenience.” For a lot of teams it’s the delivery pipeline, the GitOps loop, and the break-glass path… until it isn’t.
Then we shift to HashiCorp and Terraform Cloud. Legacy Free orgs are heading toward end-of-life in 2026, with transitions to the newer Free tier capped at 500 managed resources. That number is either totally fine or instantly painful depending on how real your infrastructure is. The practical takeaway is simple: know your resource count, clean up zombie stacks, and decide early whether you’re paying, consolidating, or migrating. Don’t make it a March 2026 emergency.
After that, we talk about PromptPwnd and the broader “AI in CI” problem. Teams are wiring agents into pipelines that read PRs and issues, and if you feed untrusted text into prompts while the agent has tools and tokens, you’ve created a new kind of supply chain risk. The fix is the same boring security posture we always preach: sanitize inputs, minimize permissions, and don’t let an agent auto-execute anything just because it sounds confident.
We also touch a classic security hygiene story around long-lived access exposure as a reminder that secrets, blast radius, and detection still matter more than whatever new automation you just bolted on.
Lightning round hits CDKTF being sunset/archived, Bitbucket cleaning up free unused workspaces, and SourceHut’s proposed pricing changes as more evidence that tooling economics are shifting everywhere.
This episode is basically a reminder that platform engineering isn’t only Kubernetes and Terraform. It’s also vendor models, dependency planning, and making sure your pipelines don’t turn into single points of failure.
Show notes below have the links if you want to dig into the announcements and write-ups.