 on [Unsplash](https://unsplash.com/photos/man-writing-on-paper-OQMZwNd3ThU)](https://sterba.dev/title-picture-sign-git-commits.jpg)
I recently learned that you can simply sign your Git commits with your SSH key. With that there is no need for a (rather complex) PGP/GPG setup! Instead, just re-use the SSH key you are probably already using to interact with your git remote. This is already supported by GitHub 1 and GitLab 2, and you will see a green check mark or verified next to your commit message. You only need the following in your ....
 on [Unsplash](https://unsplash.com/photos/5WQJ_ejZ7y8)](https://sterba.dev/title-picture-buildpacks.jpg)
At KubeCon 2023 Amsterdam I attended a talk about Buildpacks. This is not the first time I heard about Buildpacks, but the talk in the maintainer track was very entertaining and the features like advanced caching and reproducibility sounded very convincing. So in this post I’ll try to replace an existing build pipeline based on pure docker with Buildpacks. I’ll also go a bit in detail on how to use buildpacks and show differences in the resulting images....
 on [Unsplash](https://unsplash.com/photos/ehNRo3eWJAk)](https://sterba.dev/title-picture-analyze-go.jpg)
We often write code without thinking about how performant the code will be in the end. Often it is also not worth to sacrifice cleaner code in terms of readability and future maintainability for the sake of a few percents of performance, be it less CPU cycles needed to compute something or a smaller memory footprint. But as always even if you don’t need to save a few cycles or bytes, it is good to know what you could do to even get started in optimize for performance....
 on [Unsplash](https://unsplash.com/photos/hsg538WrP0Y)](https://sterba.dev/title-picture-automated-updates-post.jpg)
When was the last time you decided to update the dependencies of one of your projects? And not because you needed a new feature, just to get the latest security patches for your project which might be running on the public internet? Well yes, I got the same problem: never. I didn’t update most dependencies of my own software until sometime earlier last year. My TL;DR today is that the setup was very easy, and I can sleep better now, as I know I will receive a notification when one of my applications is vulnerable....
 from [Unsplash](https://unsplash.com/photos/U0_hlwXFLn0)](https://sterba.dev/title-picture-git-worktree-post.jpg)
This post is about the awesome git worktree, that simplified my personal workflow with git very much. In the past I had at least 2 versions of repository checked out locally or fiddled around with git stash to find a thing I did weeks ago. But let’s talk about how I use git and how git worktree helped me. Use Cases When I’m reviewing a Pull or Merge Request, sometimes I would like to see the code in my own IDE instead of the GitLab or GitHub UI....