34 posts tagged with "DevOps"

Your deploy was fine. Your WAF rule update was also fine. Both hitting the same service within fifteen minutes at 2 a.m.? That is where the outage lives, and your single-metric dashboards will smile green the entire time. Cloudflare wrote an entire postmortem about this blind spot — stacked low-signal anomalies that every alert evaluates in isolation and nobody evaluates together — so I turned it into an enforceable playbook before the next on-call learns the lesson the hard way.

Somewhere a team is shipping a product that uses passkey credentials as data-encryption keys, and they are genuinely proud of the elegance. They will be less proud the first time a user switches phones and watches their data evaporate. The passkeys critique made this failure mode impossible to ignore — so here are the guardrails I would enforce in any architecture review before that elegant design reaches production.

Gemini API keys are now under stricter governance: leaked keys can be disabled by Google, and API terms and cloud key controls are evolving. Agent workflows that chain multiple jobs and providers are the most exposed. A single leaked key in logs, prompts, or commits can halt automation and trigger incident response.

I reviewed the policy changes and built a concrete key management update plan.

If AI agents can open pull requests, secret scanning must become a hard merge gate, not a best-effort report. The practical baseline is: pre-commit scanning for fast feedback, CI blocking checks for enforceability, and policy-controlled break-glass paths with audit logs.

I reviewed the GitGuardian MCP integration pattern and tested it against agent-generated PRs.

As of February 25, 2026, the short answer is: move production to Node 24.14.0 LTS first, test Node 25.7.0 in a non-blocking lane, and treat native addons plus framework engine ranges as the main risk surface. Both were released on February 24, 2026, but 25.x is still the Current line while 24.x is LTS.

Use WarpBuild runners for the compute-heavy parts of your DDEV Drupal pipeline, keep cache keys deterministic, and gate rollout by p95 runtime and failure-rate SLOs. This gives you faster CI without turning your pipeline into a probabilistic black box. I verified this playbook against DDEV v1.25.1 (released February 23, 2026) and WarpBuild docs as of February 25, 2026.

Vault sprawl in multi-team CI/CD is usually a governance failure, not a tooling failure. The practical model that works is: short-lived identity-based access (OIDC/workload identity), path ownership boundaries, policy-as-code with review gates, and measurable rotation/usage controls per team.

DDEV is one of the few local dev tools I actually trust for PHP work. Stas Zhuk joined as a core maintainer, and since then the project has been moving faster on the things that matter: broader platform compatibility, newer runtime support, and less friction in day-to-day workflows.

I have been tracking Stas's contributions. The direction is solid.

DDEV v1.25.0 fundamentally improves how we share work in progress. The new modular share provider system with Cloudflare Tunnel as the default is the best developer experience improvement in DDEV in years. Zero config, zero accounts, zero friction.

I have been using it daily since the release, and the old ngrok workflow feels ancient.

PHP 8.4 introduces stricter type and error handling, converting many E_WARNING messages into hard-throwing TypeError and ArgumentCountError exceptions. I built this playbook for identifying potential issues and mitigating them before upgrading.

Drupal is finally moving project issue management from the custom-built Drupal.org queue to GitLab issues. This is one of the biggest infrastructure shifts the project has made in years, and it was overdue.

Drupal 12 lands mid-2026. The deprecation list is long, the database API is changing, and most teams will not discover their exposure until the upgrade breaks something in production. Static analysis catches the problems early. But terminal output is not enough when you need to share findings with project managers, clients, or stakeholders who do not read diffs.

The Drupal 12 Readiness CLI now ships with an HTML report generator, GitHub Actions CI across three PHP versions, and coverage for all 32 deprecated database API functions.

Drupal 12 is on the horizon, and with it comes the final removal of a long-standing legacy layer: the procedural Database API wrappers. If your codebase still relies on db_query(), db_select(), or db_insert(), you are looking at a hard break when D12 lands. These functions have been deprecated since Drupal 8, but they have stuck around for backward compatibility. That grace period is ending.

DDEV 1.25.0 ships experimental support for Podman and Docker rootless. This opens up corporate-friendly runtimes, but introduces trade-offs that the announcement does not emphasize enough.

I built a CLI that audits your global_config.yaml so you know before you flip the switch.