GitHub Actions & CI/CD Podcast
Your developer toolchain is production — GitHub Actions, runners, secrets, OIDC, supply chain, and the CI/CD paths that decide what reaches prod.
About the GitHub Actions & CI/CD hub
GitHub Actions is not just CI anymore. For many teams it is the control plane that decides what reaches production: workflow permissions, self-hosted runners, third-party actions, OIDC to cloud roles, and secrets that outlive the humans who created them. These episodes track that reality.
Use this hub when you care about pipeline blast radius, supply-chain risk, runner hygiene, and the governance models that keep developer-facing automation from becoming an incident waiting to happen.
Episodes on GitHub Actions & CI/CD
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Evan Phoenix of Miren…
This week on Ship It Weekly: containerd disclosed a batch of CRI plugin vulnerabilities, Datadog tested PostgreSQL high availability on Kubernetes and found that failover is not useful…
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Joel DeStefano from Guardsquare…
This episode of Ship It Weekly is about default trust getting punished. Brian covers Oracle’s emergency PeopleSoft advisory for CVE-2026-35273, npm v12 changing install-script defaults, GitHub Agentic Workflows…
This episode of Ship It Weekly is about the hidden glue holding production together.Brian covers Coinbase’s May 7 outage postmortem, where an AWS us-east-1 cooling failure exposed the…
This episode of Ship It Weekly is about trusted tools becoming production dependencies. Brian covers a rough GitHub supply chain week, including the compromised Nx Console VS Code…
This episode of Ship It Weekly is about secrets, agents, risky defaults, and follow-up work that never gets done. Brian covers the CISA contractor GitHub leak involving AWS…
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.This episode is not sponsored. I wanted to cover IaCConf because the theme…
This episode of Ship It Weekly is about the developer toolchain becoming part of production. Brian covers GitHub’s critical git push RCE, AI-assisted reverse engineering, prompt injection against…
This episode of Ship It Weekly is about platforms getting sharper about defaults, ownership, and the old paths they are no longer willing to quietly carry forever. Brian…
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Stephane Moser about Pipedrive’s…
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with David Chute, founder and…
This episode of Ship It Weekly is about the quiet platform work that keeps things safe before they break. Brian covers GitHub Actions hardening in Kubernetes-related repos, Airbnb’s…
This episode of Ship It Weekly is about the places where convenience quietly turns into trust.Brian revisits the Trivy story by zooming out to the bigger hackerbot-claw GitHub…
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Ang Chen from the…
This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding.We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux…
This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding.We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux…
This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).In this Ship It: Conversations episode I talk with Mike Lady (Senior DevOps…
This week on Ship It Weekly, Brian hits five stories where the “defaults” are shifting under ops teams.GitHub is bringing Agentic Workflows into Actions, Gentoo is migrating off…
In this Ship It Weekly special, Brian breaks down the OpenClaw situation and why it’s bigger than “another CVE.”OpenClaw is a preview of what platform teams are about…
This week on Ship It Weekly, Brian hits four stories where the guardrails become the incident.GitHub had “Too Many Requests” caused by legacy abuse protections that outlived their…
This week on Ship It Weekly, Brian hits four “control plane + trust boundary” stories where the glue layer becomes the incident.Azure had a platform incident that impacted…
This week on Ship It Weekly, Brian looks at four “glue failures” that can turn into real outages and real security risk.We start with CodeBreach: AWS disclosed a…
This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).In this Ship It: Conversations episode I talk with Austin Reed from horizon.dev…
This week on Ship It Weekly, Brian looks at three different versions of the same problem: systems are getting faster, but human attention is still the bottleneck.We start…
This week on Ship It Weekly, the theme is simple: the automation layer has become a control plane, and that changes how you should think about risk.We start…
This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).In this Ship It: Conversations episode I talk with Gracious James Eluvathingal about…
This week on Ship It Weekly, Brian’s theme is basically: the “automation layer” is not a side tool anymore. It’s part of your perimeter, part of your reliability…
This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).I sat down with Danny Teller, a DevOps Architect and Tech Lead Manager…
This week on Ship It Weekly, Brian kicks off the new year with one theme: automation is getting faster, and that makes blast radius and oversight matter more…
This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).I sat down with Eric Paatey, a Cloud & DevOps Engineer who’s been…
This week on Ship It Weekly, Brian looks at real platform engineering in the wild.We start with Cloudflare’s write-up on building an internal maintenance scheduler on Workers. It’s…
This is a Ship It Weekly conversation episode. The weekly news recaps are still weekly. These interviews drop in between when I find someone worth talking to and…
This week on Ship It Weekly, Brian looks at how the “platform tax” is showing up everywhere: pricing model shifts, CI dependencies, and new security boundaries thanks to…
In this episode of Ship It Weekly, Brian digs into what’s new for people actually running infra: Kubernetes config, EKS control planes and networking, and GitHub’s latest CI/CD…
In this special kickoff episode of Ship It Weekly, Brian walks through three major outages from the last few weeks and what they actually mean for DevOps, SRE,…
Subscribe to Ship It Weekly
New episodes weekly on every major platform
From the newsroom
Prefer to read? On Call Brief is our weekly operator news digest.
Frequently asked questions
What does the GitHub Actions & CI/CD hub cover?
Pipeline blast radius, self-hosted runners, workflow permissions, OIDC to cloud roles, third-party actions, secrets hygiene, and the ways CI/CD became a production control plane.
Who should listen?
Platform, DevOps, and security-minded engineers who rely on GitHub Actions or comparable CI/CD for build, test, and deploy.
How are episodes selected?
Matched on GitHub Actions, workflows, runners, CI/CD, OIDC, supply chain, and deployment automation keywords.
Does this overlap with DevSecOps?
Yes — supply-chain and secrets topics appear in both hubs. DevSecOps skews security; this hub skews pipeline mechanics and toolchain governance.
Where can I subscribe?
Follow Ship It Weekly on Apple Podcasts, Spotify, YouTube, or RSS via the subscribe page.