Devops

Hooks are one of the most underused features in Argo CD. They let you run Kubernetes jobs at specific stages of a deployment, turning GitOps from “apply YAML” into a full release workflow. After a few production scares last year, mainly schema migrations and feature flags racing each other, I doubled down on hooks. Here’s what actually delivered value. PreSync: stop bad releases early PreSync hooks run before Argo CD applies your manifests. I standardised a Job named db-guardrail that checks both connectivity and the database schema drift: ...

Everyone is talking about supply-chain attacks again, especially after the public campaigns that abused self-hosted and ephemeral runners in early 2025. The common thread: attackers weaponised pull requests to run malicious workflows, exfiltrate long-lived credentials, and ship tampered artifacts to registries. Here’s how I hardened my GitHub Actions estate without grinding the release train to a halt. What the current wave looks like The noisy incidents from the past quarter followed a familiar pattern: ...