In this episode of Ship It Weekly, Brian discusses the implications of GitHub's paused pricing changes for self-hosted runners and HashiCorp's Terraform Cloud limits.
Now Playing
GitHub Runner Pricing Pause, Terraform Cloud Limits, and AI in CI
Ship It Weekly
0:0012:06
Chapters
Jump to a section in this episode.
Speed & share
Transcript
Hey, I'm Brian. This is Ship It Weekly by Tellers
Tech. If you're new here, I've worn the DevOps,
SRE, and platform engineering hats over the years,
and I do some coaching on the side. This show
is me skimming the noise and pulling out what
actually matters when you're the one running
infra and owning reliability. All right. This
week's theme is pretty obvious. Your CI is a
dependency. Vendor pricing models are shifting
under your feet and AI is getting shoved into
pipelines in ways that create entirely new failure
modes. Let's start with GitHub. So GitHub announced
a pricing change for actions that would have
added a cloud platform charge to self -hosted
runners in private and internal repos. Not compute,
you still pay for your own compute. This was
basically GitHub charging for the orchestration
layer and the control plane side of actions.
People freaked out loud and fast. And GitHub
came out and said they're postponing that billing
change while they reevaluate. So the story isn't
they're charging now, the story is they tried
to charge, got major pushback and hit pause.
Important detail though, they're still moving
forward with reducing hosted runner prices in
2026. So GitHub is still actively tuning the
economics of actions. They're just not ready
to light up the self -hosted runner fee just
yet. Then because timing is hilarious, GitHub
hosted action runners had an incident yesterday.
I'm not even bringing that up to dunk on them.
It just reinforces the point. Actions is not
just CI. GitHub is part of your delivery control
plane. When it's down or degraded, a lot of companies
basically lose their ability to ship, deploy,
or recover cleanly. So here's the platform lesson.
Even if the fee is postponed, this is your warning
shot. GitHub wants to monetize actions like a
platform product. not a free feature. If you
own CI CD, now is the time to get your house
in order. Start measuring actions minutes by
repo and by workflow, especially the expensive
ones. The long integration suites, the run everything
on every PR pipelines, the stuff that's there
because it's always been there. Then go hunt
down dumb minutes, not even because you're scared
of pricing, but because it's usually a straight
win anyway. faster PR feedback, fewer queues,
less flakiness, lower compute costs, and less
why did this run 12 times noise. Also, write
down your GitHub is sad plan, like literally.
If GitHub Actions is down, what can still happen?
Can you still deploy a hotfix? Can you still
promote an image? Can you still roll back? Or
is your plan basically, we wait and refresh the
status page? Even a tiny break glass path is
better than chaos. All right, let's go from GitHub
pricing whiplash to HashiCorp pricing whiplash.
So HashiCorp is finishing the transition off
of the old legacy free plan for HCP Terraform.
The legacy free plan hits end of life on March
31st, 2026, and orgs get moved to the newer free
tier. That newer free tier includes unlimited
users, but it caps at 500 managed resources.
And that managed resources limit is why this
is suddenly a big deal for real teams. Because
500 resources sounds like a lot if you're thinking
workspaces, but it's not workspaces. It's actual
managed infrastructure objects. If you've got
a couple of EKS clusters, they're node groups,
IAM roles, policies, security groups, route tables,
DNS. plus supporting stuff plus a few environments,
you can hit 500 way faster than you think. So
the takeaway here is not HashiCorp is bad or
everyone panic, it's you need to know your numbers.
If you're using Terraform Cloud or HCP Terraform,
go find out. Are you still on legacy -free? How
many managed resources you actually have today?
And how fast that number is growing? Then decide
what your reality -based options are. Maybe you're
fine and this doesn't matter. Maybe you need
to clean up old stacks and dead environments
so you stop paying for zombie infra and zombie
state. Maybe you need a paid tier because you're
not a hobby shop. Or maybe you do want to move
away. But do that as a controlled migration,
not a March 2026 emergency where your pipeline
turns into a pumpkin. This is the part I keep
coming back to. Platform work is interestingly
vendor economics work, not just Kubernetes and
Terraform syntax. You need a basic plan for what
if the rules change. All right, now we're going
to take the your pipeline is a dependency theme
and add AI to it. which is where things get extra
weird. There's a write -up from Akito about what
they're calling prompt pwned. This is basically
the prompt injection meets CI CD story. Here's
the pattern. Teams are wiring AI agents into
GitHub actions or similar pipelines. The agent
reads issues, PR descriptions, commit messages,
logs, test output, and then makes decisions.
Maybe it opens a PR. Maybe it posts a comment.
Maybe it runs scripts. Maybe it has tools. The
problem is, a lot of that input is untrusted.
PR text is untrusted. Issue bodies are untrusted.
commit messages can be untrusted. So if that
untrusted content goes into the model prompt
without guardrails, an attacker can basically
smuggle instructions into the agent. And if the
agent has the ability to run commands or use
privileged tokens, you've created a new kind
of supply chain exploit. It's not run untrusted
code. It's run untrusted text through a system
that has hands. So what do we do about it as
platform folks? Treat AI agent inputs like you
treat user input in an app. Sanitize, filter,
don't just shove raw PR bodies into prompts.
Keep the agent's permissions brutally minimal.
If it doesn't need write, don't give it write.
If it doesn't need cloud creds, don't give it
cloud creds. If it's running in CI, don't give
it a token that can do anything interesting.
And if the agent generates commands, don't auto
execute them like, well, the robot said so. This
whole space is new enough that a lot of people
are still in the, this is fun phase. We're already
entering the, this is now a security boundary
phase. All right. One more main story, and this
one is classic security hygiene. There was a
report that Home Depot had an exposure that allegedly
granted access to internal systems for about
a year. Not trying to pile on them, big companies
have weird internal sprawl and stuff slips. But
the reason I think it's worth mentioning on this
show is because this is the exact kind of incident
that happens in a lot of orgs, just smaller and
quieter. Usually it's some variant of, a token
was exposed somewhere it shouldn't be. The token
had way more access than it needed. Nobody noticed
for way too long. Detection and response was
slower than it should have been. And even if
you rotate creds, the bigger question is, how
did it get there? And why did it have that much
power? So what can you actually take back to
your team from this? Secrets should expire. If
you can't expire them, they should at least be
rotated on a schedule that doesn't require drama.
If it's a long -lived credential that can't be
rotated, that's a smell. Assume exposure will
happen. design the blast radius like it will.
If a token leaks, what can it do? One service,
one environment, or is it basically welcome to
the kingdom? And lastly, detection. How quickly
would you notice a token is being used from a
weird place? Do you even log that in a way you
can query? Do you have alerts? Does anyone own
those alerts? A lot of orgs treat secret scanning
as nice to have. It's not. It's one of the simplest
ways to prevent a year long, how is this still
alive story. All right. Let's do a quick lightning
round. CDK for Terraform. CDK TF is officially
sunset and the repo is archived. If you're using
it, you're now in fork or migrate territory.
The official guidance is basically synthesized
to HCL and move on. Bitbucket is doing cleanup
of free, unused workspaces. If you have dead
orgs or old workspaces that nobody touches, you
don't want to wake up to surprise deactivations
or deletions. Inventory your SaaS, it's boring,
but it's real. And SourceHUD is proposing pricing
changes. I like mentioning this stuff because
it's a reminder that even the indie dev tolling
world is under cost pressure. Different scale
than GitHub, same underlying reality. Infra costs
money, and pricing models eventually shift. All
right, quick human moment before we wrap. This
week is a good example of something nobody is
really talking about. Platform whiplash. Like
GitHub floats a pricing change, everyone scrambles,
then it gets postponed. HashiCorp shifts plan
definitions and suddenly you're doing math on
managed resources. Meanwhile, teams are wiring
AI into CI pipelines, and now you're responsible
for weird new security boundaries you didn't
ask for. None of this is hard tech in a fun way.
It's mental load. It's context switching. It's
the quiet stress of realizing your job isn't
just keeping systems up. It's also keeping your
org from getting surprised by vendor changes.
So if you're the person who owns CI, IAC, or
platform reliability, here's a thing I've started
doing that helps. Make a tiny platform watch
list. Not a big roadmap doc, just a running note
with three columns. What changed, what it breaks,
and what we're doing about it. And the bar for
what we're doing about it can be small. Sometimes
it's literally measure action minutes or check
our Terraform managed resource count or write
down break glass deploy path. Because what burns
people isn't one big outage. It's a constant
drip of little, oh by the way, changes that all
become your problem. So yeah, if this week felt
like chaos, it's not just you. Put it in a lightweight
system so your brain doesn't have to hold it
all. All right. So the vibe this week is GitHub
and HashiCorp are both messing with the economics
of the platforms a lot of us depend on. AI agents
are being wired into pipelines in ways that create
Not because anything is fun and shiny, but because a bunch of the stuff that keeps your org shipping quietly changed shape at the same time: CI economics, IaC platform limits, and new security boundaries thanks to AI agents.
We start with GitHub Actions. GitHub floated a new charge for self-hosted runners, got immediate pushback, and then paused the change while they re-evaluate. The important part isn’t the drama. It’s the signal: Actions is a control plane, and GitHub is clearly thinking hard about how it gets priced. We also got the perfect timing joke with a GitHub incident the same week, which is a reminder that CI isn’t just “dev convenience.” For a lot of teams it’s the delivery pipeline, the GitOps loop, and the break-glass path… until it isn’t.
Then we shift to HashiCorp and Terraform Cloud. Legacy Free orgs are heading toward end-of-life in 2026, with transitions to the newer Free tier capped at 500 managed resources. That number is either totally fine or instantly painful depending on how real your infrastructure is. The practical takeaway is simple: know your resource count, clean up zombie stacks, and decide early whether you’re paying, consolidating, or migrating. Don’t make it a March 2026 emergency.
After that, we talk about PromptPwnd and the broader “AI in CI” problem. Teams are wiring agents into pipelines that read PRs and issues, and if you feed untrusted text into prompts while the agent has tools and tokens, you’ve created a new kind of supply chain risk. The fix is the same boring security posture we always preach: sanitize inputs, minimize permissions, and don’t let an agent auto-execute anything just because it sounds confident.
We also touch a classic security hygiene story around long-lived access exposure as a reminder that secrets, blast radius, and detection still matter more than whatever new automation you just bolted on.
Lightning round hits CDKTF being sunset/archived, Bitbucket cleaning up free unused workspaces, and SourceHut’s proposed pricing changes as more evidence that tooling economics are shifting everywhere.
This episode is basically a reminder that platform engineering isn’t only Kubernetes and Terraform. It’s also vendor models, dependency planning, and making sure your pipelines don’t turn into single points of failure.
Show notes below have the links if you want to dig into the announcements and write-ups.
📝 Notes
Show Notes
This week on Ship It Weekly, Brian looks at how the “platform tax” is showing up everywhere: pricing model shifts, CI dependencies, and new security boundaries thanks to AI agents.
We start with GitHub Actions. GitHub announced a new “cloud platform” charge for self-hosted runners in private/internal repos… then hit pause after backlash. Hosted runner price reductions for 2026 are still planned. We also got the perfect timing joke: a GitHub incident the same week.
Next up is HashiCorp. Legacy HCP Terraform (Terraform Cloud) Free is reaching end-of-life in 2026, with orgs moving to the newer Free tier capped at 500 managed resources. If you’re running real infrastructure, this is a good moment to audit what you’re actually managing and decide whether you’re cleaning up, paying, or planning a migration.
Then we talk PromptPwnd: why stuffing untrusted PR/issue text into AI agent prompts (inside CI) can turn into a supply chain/security problem. The short version: treat AI inputs like hostile user input, keep tokens/permissions minimal, and don’t let agents “run with scissors.”
We also cover the Home Depot report about long-lived access exposure as a reminder that secrets hygiene, blast radius, and detection still matter more than the shiny tools.
In the lightning round: CDKTF is sunset/archived, Bitbucket is cleaning up free unused workspaces, and SourceHut is proposing pricing changes. We wrap with a human note on “platform whiplash” and why a simple watchlist beats carrying all this stuff in your head.
Episode 6 is a “platform tax” week.
Not because anything is fun and shiny, but because a bunch of the stuff that keeps your org shipping quietly changed shape at the same time: CI economics, IaC platform limits, and new security boundaries thanks to AI agents.
We start with GitHub Actions. GitHub floated a new charge for self-hosted runners, got immediate pushback, and then paused the change while they re-evaluate. The important part isn’t the drama. It’s the signal: Actions is a control plane, and GitHub is clearly thinking hard about how it gets priced. We also got the perfect timing joke with a GitHub incident the same week, which is a reminder that CI isn’t just “dev convenience.” For a lot of teams it’s the delivery pipeline, the GitOps loop, and the break-glass path… until it isn’t.
Then we shift to HashiCorp and Terraform Cloud. Legacy Free orgs are heading toward end-of-life in 2026, with transitions to the newer Free tier capped at 500 managed resources. That number is either totally fine or instantly painful depending on how real your infrastructure is. The practical takeaway is simple: know your resource count, clean up zombie stacks, and decide early whether you’re paying, consolidating, or migrating. Don’t make it a March 2026 emergency.
After that, we talk about PromptPwnd and the broader “AI in CI” problem. Teams are wiring agents into pipelines that read PRs and issues, and if you feed untrusted text into prompts while the agent has tools and tokens, you’ve created a new kind of supply chain risk. The fix is the same boring security posture we always preach: sanitize inputs, minimize permissions, and don’t let an agent auto-execute anything just because it sounds confident.
We also touch a classic security hygiene story around long-lived access exposure as a reminder that secrets, blast radius, and detection still matter more than whatever new automation you just bolted on.
Lightning round hits CDKTF being sunset/archived, Bitbucket cleaning up free unused workspaces, and SourceHut’s proposed pricing changes as more evidence that tooling economics are shifting everywhere.
This episode is basically a reminder that platform engineering isn’t only Kubernetes and Terraform. It’s also vendor models, dependency planning, and making sure your pipelines don’t turn into single points of failure.
Show notes below have the links if you want to dig into the announcements and write-ups.