Open Source Contributions

Newest to oldest from the last ten years or so. Some of my contributions pre-date GitHub back to IRC/CVS days but those were mostly providing feedback to developers involved with FreeBSD/OpenBSD/Slackware projects.

Sysbox (runc replacement for high-security environments)

Ongoing work that looks like someone else will fix before I can submit a PR. I discovered an issue with using Sysbox in a GKE environment utilizing Dataplane V2 (Cilium Network Provider.)


The Kube IP project is a K8s native service that ensures your “private” type GKE clusters can have static, publicly routable IP addresses. This feature addresses a known issue with GKE clusters that want predictable traffic egress paths (e.g., so your customers can allow-list your traffic.)

My employer was using Kube-IP in their GKE environment, and due to FedRamp regulations, we had a tight timeline for remediating any CVEs in our systems. I worked with the Kube IP team to ensure their CI/CD system was healthy and contributed some small fixes to bump their library versions up to newer releases to resolve various CVEs.

Actions Runner Controller

My contributions here have been primarily financial (as a sponsor before GitHub took over.) I also have been known to frequent the Discussions area to try and help folks get up and running with ARC and avoid some common pitfalls.

Argo Workflows

While trying to resolve a multitude of ongoing issues with a large vulnerability discovery system at-scale in commercial/fedramp GKE environments, I discovered an issue with the way the Argo Workflows GCS driver was catching and handling errors.

I created a bug and found I was not the only one seeing such issues in GCP. I forked the Argo WF project and set up an internal CI/CD process for Argo Workflows within my company’s source control/container management and modified the Terraform controlled Helm templates internally so we could ungate these custom builds into specific environments where I could test my changes and build confidence. I also wrote a large internal Actions workflow that would submit thousands of testing workflows an hour into our Argo Workflows GKE environments to evaluate their success rates based on an expected SLO. If any of these scheduled runs failed they notified the platform/infra team so releases could be put on hold for further investigation in the future.

Golang ‘Vulcain’ module for REST APIs

PR to fix a CI flakiness issue I noticed within this repo when bumping Go up a minor verson.

Golang ‘progressbar’ module

This migrated the repo’s CI checks from Travis (which were not working) to GitHub Actions.

golang-tip Documentation for usage in GitHub Actions

There was an open issue to add support for a nightly Golang build/release to the repo’s CI/CD process. I worked with the owner to go upstream to the nightly build/release repo and add documentation for utilizing the nightly build within their own GitHub Actions workflows. This update allowed the original go-reform/reform repo to update their workflows to use golang-tip and allow future users of go-reform/golang-tip to utilize it within their Actions workflows.

Datree.io the k8s manifest linter for CI/CD pipelines

datree.io homepage

Feature request asking for help to create a https://pre-commit.com plugin/hook for their docker-based CLI tool that performs analysis on kubernetes manifests for detecting common misconfigurations and security issues within CI/CD pipelines and locally on developer workstations. This feature request filled a core part of their product’s functionality.

Feature request to add Go linters/analysis tools to their CI/PR process. I worked with one of their FT engineers to set up some sane defaults for go linting and an Actions Workflow that would execute on PRs submitted to their project.

Issue/bug regarding a previous contribution by another member of the public. The existing PR Title Checker was not working as anticipated. I worked with the Datree Engineering team to better understand the problem and proposed various solutions. Ultimately, we went with a custom GitHub Action Workflow, and I refactored the existing Python code performing the PR title checks to be more resilient and handle edge cases better.

Feature request to migrate the Datree.io CLI product’s build process of public Docker images from Travis to GH Actions. This PR included working with the Engineering team to understand their release process more in-depth while providing suggestions about how they could improve certain areas to be more resilient and helping find/fix any bugs with their existing processes and shell scripting.

I received a personal email from Eyar Zilberman the CPO & Co-Founder of https://datree.io regarding these contributions: “On a personal note, among all our outside contributors, you’re the most professional and communicative contributor we had the chance to work with :)”

Chaos Mesh (CNCF project) for Kubernetes

This PR was an automation project for GitHub Actions that added the Apache Skywalking Eyes tooling to the Chaos Mesh project’s Github.com presence. They had an open issue/request surrounding the licensing concerns of their project. The project was gaining momentum, so the founder was concerned about any potential legal implications regarding not having the correct licenses assigned to all of the code in this large repo. They also wanted automation to add these licenses to code headers when committed where appropriate.

I worked with Chaos Mesh contributors to ensure that we were only adding license headers to code that was theirs, along with working around issues with auto-generated code and how that would interface with the Skywalking Eyes automation being added.

in-toto (BOM security) by NYU

I found this project during Hacktoberfest and thought it looked pretty neat. After searching around in their repos for a bit, I found places where I could contribute some of my expertise with containers and CI/CD.

Bitfinex MarginBot

I had been into Bitcoin for years and was using the Bitfinex platform for margin/equity lending. I used automation during extremely high BTC purchasing activity periods to provide short-term USD liquidity to buyers leveraging up.

This fix solved an outage with the MarginBot product after a Bitfinex API update.

CentOS 7 Box for Vagrant

We had been using Vagrant since CentOS 6, and it was time to migrate to 7. I ran into many issues and found a user who had created their own Box and open-sourced it on GitHub. I tried this out but ran into numerous problems when making the setup/teardown fully automated for Carma’s Vagrant environment for local development. I forked the original repo and made some of my own changes which the upstream Author noticed and merged back into his copy along with a hearty thank you for solving issues that had been causing trouble in their vbox environment.

protobuf RPM spec for CentOS

Protobufs were used extensively for the IoT and backend service communication layers at Carma. If I recall correctly, these were primarily used for our CI/CD runners that were building various projects with protobuf dependencies and we needed to have RPMs available with various library versions on the runners.

nginx pagespeed RPM spec for CentOS

We were looking for ways to optimize the compute/bandwidth usage in our webhosts at Carma. I discovered the Nginx Pagespeed module project that was developed by Google (IIRC.) There was no easy build/release process, so I set this spec up with an external Jenkins pipeline to build Nginx + Pagespeed and bundle these together for release into internal RPM repos within our datacenter racks and packagecloud.io. This was another case of me forking an existing project that was no longer maintained. I made numerous changes (28 ahead of upstream) over the years and tried to maintain it as closely as possible with stable Nginx + PSOL release cadences.

go RPM spec for CentOS

Similar story here for Go. We had started to use it more for backend web stack services in conjunction with some event-driven frameworks. We wanted access to bleeding edge versions since the default CentOS repos lagged far behind the Golang project. This was a fork of another user’s spec, and I did some light customization and fixed a few issues I ran into. I wasn’t a good OSS citizen and did not try to push these back into the upstream codebase from my fork.

haproxy RPM spec for CentOS

There wasn’t any good package management (RPM-wise) for HAProxy. We were using it quite a bit within our infrastructure at Carma. Available releases through upstream repositories such as EPEL were incredibly dated and we were missing out on features for things like TLS security updates. This RPM spec file in conjunction with an existing Jenkins pipeline helped automate the build/release process to VMs using various automation scripting and internal/local RPM repos hosted in our datacenter racks.