DevOps

This section tracks the operational side of building reliable services: delivery pipelines, observability, cost-aware infrastructure, and the security guardrails that keep them safe. Expect deep dives into CI/CD, cloud-native patterns, and postmortems that highlight what worked as much as what failed.

Argo CD Hooks That Save Your Rollouts

Hooks are one of the most underused features in Argo CD. They let you run Kubernetes jobs at specific stages of a deployment, turning GitOps from “apply YAML” into a full release workflow. After a few production scares last year, mainly schema migrations and feature flags racing each other, I doubled down on hooks. Here’s what actually delivered value. PreSync: stop bad releases early PreSync hooks run before Argo CD applies your manifests. I standardised a Job named db-guardrail that checks both connectivity and the database schema drift: ...

Hardening GitHub Actions Against Supply Chain Attacks

Everyone is talking about supply-chain attacks again, especially after the public campaigns that abused self-hosted and ephemeral runners in early 2025. The common thread: attackers weaponised pull requests to run malicious workflows, exfiltrate long-lived credentials, and ship tampered artifacts to registries. Here’s how I hardened my GitHub Actions estate without grinding the release train to a halt. What the current wave looks like The noisy incidents from the past quarter followed a familiar pattern: ...