Skip to content

Instantly share code, notes, and snippets.

View philpennock's full-sized avatar

Phil Pennock philpennock

View GitHub Profile
@philpennock
philpennock / gist:233f1cdbcef54efac2a5959eeda89e5d
Created March 15, 2025 03:46
tj-actions/changed-files tags as of 2025-03-10
v45.0.8 -> 9200e69
v45 -> dcc7a0c
v45.0.7 -> dcc7a0c
v45.0.6 -> d6e91a2
v45.0.5 -> bab30c2
v45.0.4 -> 4edd678
v45.0.3 -> c3a1bb2
v45.0.2 -> 48d8f15
v45.0.1 -> e9772d1
v45.0.0 -> 40853de
@philpennock
philpennock / icinga-monitor-nats.conf
Created August 2, 2023 16:26
An amalgamation of NATS-related content from multiple Icinga config files
# ~~~~~~~~~~~~~~~~~~~~~~~~8< Your Commands File >8~~~~~~~~~~~~~~~~~~~~~~~~
object CheckCommand "nats-server" {
import "plugin-check-command"
command = [PluginDir+"/nats", "server", "check", "connection"]
# If the context has been defined, outside Icinga alas, then that's the best way to just check for some context
env.NATS_CONTEXT = "$nats_context$"
env.NATS_URL = "$nats_url$"
env.NATS_CREDS = "$nats_creds_file$"
@philpennock
philpennock / find_to_repo
Last active March 25, 2025 02:35
Find VCS repos under the cwd and report their paths
#!/usr/bin/env python3
# /// script
# requires-python = ">=3.7"
# ///
#
# I think this should work in 3.6, when f-strings were introduced,
# but I don't have 3.6 around and 3.7 is the earliest I can test with,
# so for PEP 723 script metadata purposes I am declaring >= 3.7.
"""
@philpennock
philpennock / git-nuke-branch.sh
Last active June 7, 2024 23:08
git delete branch just on, and push deletion upstream. Install in $PATH as `git-nuke-branch` and/or `git nb`; the nb spelling will auto-handle squashed commits
#!/usr/bin/env bash
set -euo pipefail
#
# git nuke-branch / nb
# getopts defaults needed for usage text:
declare -i squashed_recent_commits=50
USAGE="[-npsSu] [-r <recent>] <branch> [<branch> ...]"
LONG_USAGE="\
@philpennock
philpennock / aws-free-ips.sh
Created February 4, 2022 16:53
Report on AWS free IPs
#!/bin/sh -eu
: "${VPC_ID:=}"
ShowVPCPrefix=''
format_subnets() {
jq -r '.Subnets[]
| "'"${ShowVPCPrefix}"'\(.AvailabilityZone)\t\(.SubnetId)\t\(.CidrBlock)\t\(.AvailableIpAddressCount)\t\(
if .Tags then .Tags[]|select(.Key=="Name")|.Value else "<none>" end)"' |
sort
@philpennock
philpennock / makepassword.py
Last active December 20, 2022 03:28
makepassword: make a decentish password
#!/usr/bin/env python3
"""
makepassword: make a decentish password
The -D/--dice option makes a diceware passphrase wordlist; the -B/--bitcoin
option makes a random passphrase wordlist using the Bitcoin BIP39 dictionaries.
The --skey option uses the RFC1751 word-list (but not that algorithm).
Without any of these options, a more traditional password is generated.
@philpennock
philpennock / docker-ecr-login.sh
Last active October 20, 2021 15:07
This is an extract from an image build script I have, showing how I handle docker creds expiration
#!/usr/bin/env bash
set -euo pipefail
progname="$(basename "$0" .sh)"
note() { printf >&2 '%s: %s\n' "$progname" "$*"; }
# ...
# This bit happens _after_ the build, before the push, so that the time remaining in credentials doesn't need to
# account for build duration
readonly aws_ecr='public.ecr.aws'
@philpennock
philpennock / git-pb
Last active January 5, 2023 22:38
git pb sub-command, "push branch"
#!/usr/bin/env bash
set -euo pipefail
#
# git pb: push branch
# implicit: force with lease, set upstream if needed, etc
#
# Path coercion for platforms where git might be in multiple places and I can't
# mess with the ordering "normally" but want to explicitly pick up newer git
# here.
@philpennock
philpennock / pdp_dirname_subdirs.zsh
Created August 3, 2021 21:52
Be able to declare certain prefices to refer to certain sub-dir owning areas
# There's a great example in zshexpn(1) "Dynamic named directories" about
# shortening a path to be named by the perforce area it's in; I usually want
# this for git repos, and a whole bunch of them. In fact, it's a common
# pattern and one I don't want to repeat.
local label="${1:?need a label for this completion set}"
local short="${2:?need a short prefix for this completion set}"
local based="${3:?need a directory for this completion set}"
local elide_prefix="${4:-}"
local flags="${5:-}"
@philpennock
philpennock / jwt-audit.py
Created March 24, 2021 16:10
NATS CVE-2021-3127 account scanning tool to find exploit attempts
#!/usr/bin/env python3
"""jwt-audit: audit a packfile of JWTs for security issues.
See CVE-2021-3127 for more details.
"""
import argparse
import base64
import json