<![CDATA[My migration from GitHub to Gitea became stalled when I realized that you can tie self-hosted Actions runners to]]>My migration from GitHub to Gitea became stalled when I realized that you can tie self-hosted Actions runners to

* Repos (per repo token)
* Orgs
* not to the Pro Account with all repos

If you migrate, you have a parallel setup.

Gitea allows global runners. It's by far less complex. Which is a strength.

To self-host a combined GitHub and Gitea Actions runner, I need to queue jobs. Per repo as well.

I also need to keep the jobs compatible.

To archive this, I use Dagger(.io). My GitHub Action YAML only defines the triggers in GitHub (on push etc.). Dagger works locally, on-prem and in the cloud. It's a compatibility layer that is much more sane than YAML.

With Dagger and a custom queue, it's possible to move away from Actions without much effort. But there is a certain vendor lock-in effect with GitHub Actions.

The other consideration is, that cloud-hosted GitHub Actions runners exist for Linux (AArch64, x86), Windows (same), macOS (x86, Silicon). And they are super cheap.

To get the best out of both worlds:

1. use Dagger where it's possible
2. build a custom combined builder queue

]]>https://board.circlewithadot.net/topic/9672688d-3cd8-4c9a-86c2-ae3fa6a1e9a3/my-migration-from-github-to-gitea-became-stalled-when-i-realized-that-you-can-tie-self-hosted-actions-runners-toRSS for NodeSat, 30 May 2026 15:14:51 GMTSat, 16 May 2026 08:49:47 GMT60<![CDATA[Reply to My migration from GitHub to Gitea became stalled when I realized that you can tie self-hosted Actions runners to on Sun, 17 May 2026 15:43:06 GMT]]>
Link Preview Image
GitHub - Infisical/agent-vault: A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more.

A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more. - Infisical/agent-vault

favicon

GitHub (github.com)

This looks fascinating.

An open-source credential broker by Infisical that sits between your agents and the APIs they call.
Agents should not possess credentials. Agent Vault eliminates credential exfiltration risk with brokered access.

And that can be self-hosted or operated as SaaS. Going to follow this up next week, looking to see if this scales for larger dev teams.

The best defense against supply-chain compromise is being able to manage credentials. For many new AI threats, that will be the same.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116590679604775124https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116590679604775124Sun, 17 May 2026 15:43:06 GMT<![CDATA[Reply to My migration from GitHub to Gitea became stalled when I realized that you can tie self-hosted Actions runners to on Sat, 16 May 2026 16:16:47 GMT]]>Decided to deploy Infisical with `pyinfra`(not using Ansible because of Yaml hell).

`pyinfra` is faster. 🙂

Since we can use `uv` easily nowadays, the whole venv setup also becomes much simpler.

Good stuff.

Link Preview Image
]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116585149698235199https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116585149698235199Sat, 16 May 2026 16:16:47 GMT<![CDATA[Reply to My migration from GitHub to Gitea became stalled when I realized that you can tie self-hosted Actions runners to on Sat, 16 May 2026 14:16:05 GMT]]>
Link Preview Image
Self-Hosting Infisical: A Guide to Securing Your Homelab'...

Learn how to self-host Infisical to secure your homelab secrets. Step-by-step tutorial covers Docker deployment, backup key protection, and just-in-time secret injection.

favicon

Infisical Blog (infisical.com)

I am thinking of using Infisical over Vault after the license change / IBM acquisition.

I think Vault is unnecessarily complex, and I have seen IBM simplifying software.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116584675134313847https://board.circlewithadot.net/post/https://infosec.exchange/users/windsheep/statuses/116584675134313847Sat, 16 May 2026 14:16:05 GMT