Blog
Thoughts on engineering, design, and building great products.
Things GitHub Actions Tutorials Tend to Skip
After Part 1's first pipeline, this article covers 9 things basic CI/CD tutorials skip about GitHub Actions: concurrency control (with the github.ref gotcha), the branch rule for reading YAML on external events, the workflow_* family (dispatch, call, run — with the head_sha gotcha), cache dependencies, matrix strategy, Docker Hub instead of building on the server, GITHUB_TOKEN permissions, OIDC for AWS (no more long-lived SSH keys), and environment + required reviewers.
CI/CD Concepts and Your First Pipeline on AWS EC2
A step-by-step guide to deploying a React + Node.js web app to AWS EC2 with Docker, then wiring up an automated CI/CD pipeline with GitHub Actions. Walks through CI/CD fundamentals, the difference between Continuous Delivery and Continuous Deployment, the standard pipeline stages (Source → Build → Test → Quality Gate → Package → Deploy → Verify), GitHub Actions terminology, common deploy strategies, then builds a first end-to-end pipeline. Aimed at DevOps newcomers.
CI/CD: Automating Build and Canary Deploy With Rollback
Throughout the series we deployed by typing sam deploy by hand. This article builds CI/CD: a GitHub Actions workflow that builds and validates the template on every push, and deploys safely with canary via CodeDeploy, shifting traffic gradually and rolling back automatically if an error alarm fires. Plus two real traps hit along the way: esbuild missing from the CI PATH, and a circular dependency between the function and the alarm.
Capstone (2): The Complete Production Pipeline
Closing the series: a pipeline that carries code from a CodeCommit commit, through build and test, through an approval gate, then blue/green deploys onto an Auto Scaling Group behind an ALB — running for real end-to-end, one commit becoming one zero-downtime production release. Then tearing everything down and wrapping up the whole series with a roadmap for what's next.
Capstone (1): Building the Target Infrastructure via CLI
Opening the capstone: assembling every piece of infrastructure we've learned into a production target environment for a complete pipeline. A launch template and Auto Scaling Group behind an Application Load Balancer, a blue/green deployment group with rollback — all via the AWS CLI. The next article wires up a pipeline that runs straight into this infrastructure.
Quality and Notifications in the Pipeline
A pipeline needs two more things to use for real: running test/scan as a blocking gate (broken code never reaches Deploy) and firing status notifications so nobody has to sit watching the console. This article uses tests in the Build stage as a gate, then sets up a notification rule that pushes pipeline events to SNS — reading a real notification through SQS to prove the chain works.
A Pragmatic Pipeline: Approval Gate, Parallelism, and Triggers
A pipeline that runs isn't yet a pipeline you can use at work. This article adds three pragmatic things: a manual approval gate that blocks deploy until someone signs off (demoed for real over the CLI), running multiple actions in parallel with runOrder, and trigger filtering so the pipeline runs only for the right branch — using pipeline type V2.