InfoQ Homepage Continuous Deployment Content on InfoQ
-
Grafana and GitLab Introduce Serverless CI/CD Observability Integration
In a move to streamline development workflows, Daniel Fritzgerald of GrafanaLabs has published a new open-source solution that links GitLab CI/CD events into Grafana's observability stack via a serverless architecture.
-
HashiCorp Warns Traditional Secret Scanning Tools are Falling behind
HashiCorp has issued a warning that traditional secret scanning tools are failing to keep up with the realities of modern software development. In a new blog post, the company argues that post-commit detection and brittle pattern matching leave dangerous gaps in coverage.
-
AWS Introduces M4 and M4 Pro Mac Instances for Faster Apple App Development
AWS has recently launched two new Mac instances (M4 and M4 Pro) built on Apple's latest M4 silicon. The new EC2 instances provide faster CPU performance, enhanced graphics, and increased memory for building iOS and macOS applications.
-
AWS CDK Refactor Feature: Safe Infrastructure as Code Renaming
AWS's new Cloud Development Kit (CDK) refactor command allows engineers to safely rename and reorganize infrastructure as code without forcing a destructive rebuild. The feature, leveraging a similar AWS CloudFormation capability, automatically computes the necessary mappings to preserve resources like databases, solving a major pain point that previously led to data loss and downtime.
-
Uber Shares Strategy for Controlling Risk in Monorepo Changes That Affect 3,000+ Microservices
Uber has published details on their approach to controlling rollouts of large-scale changes across monorepos that serve thousands of microservices, addressing one of the key challenges in continuous deployment at massive scale.
-
Google Veles is a New Open-Source Secret Scanner Powering GCP
Google Veles is a newly released open-source secret scanner, launched as part of Google's broader OSV-SCALIBR (Software Composition Analysis LIBRary) ecosystem. Veles integrates seamlessly with other OSV-SCALIBR tools and also powers secret scanning in Google Cloud, while remaining available as a standalone module.
-
AWS Lambda Adds Support for GitHub Actions
AWS has recently announced that AWS Lambda now supports GitHub Actions, providing a simplified way to deploy changes to Lambda functions using declarative configuration in GitHub Actions workflows. The new option supports both .zip file and container image deployments.
-
How Amazon Uses Guardrails in Software Development
Carlos Arguelles spoke about Amazon’s inflection points in engineering productivity at QCon San Francisco, where he explained that shift testing left can help catch issues early. He suggested using guardrails such as code reviews and coverage checks. Your repo strategy, monorepo or multirepo, will impact the guardrails that need to be in place.
-
How Docs-as-Code Helped Pinterest Improve Documentation Quality
Over the past few years, Pinterest engineers have been working to adopt Docs-as-Code across the organization. By using the same tools and processes for both code and documentation, they've improved overall documentation quality and team satisfaction. The shift also helped transform Pinterest's documentation culture, fostering collaboration, improving quality control, discoverability, and more.
-
Compromised GitHub Action Highlights Risks in CI/CD Supply Chains
The popular tj-actions/changed-files GitHub Action used by thousands of repositories recently compromised those repositories, exposing a critical weakness in how open-source Actions are published and consumed.
-
OpenSSF Publishes Security Baseline for Open-Source Projects
To help open-source maintainers keep their projects secure, the Open Source Security Foundation (OpenSSF) has published a set of guidelines based on international cybersecurity frameworks, standards, and regulations, the Open Source Project Security Baseline.
-
AWS CodeBuild Now Supports Fastlane to Simplify iOS Deployments
CodeBuild, AWS continuous integration service, now provides Fastlane support to manage tasks such as code signing, screenshot generation, beta distribution, and app store submissions for iOS, iPadOS, watchOS, tvOS, and macOS apps.
-
How to Go from Copy and Paste Deployments to Full GitOps
InnerSource helped reduce the amount of development work involved when introducing GitOps by sharing company-specific logic, Jemma Hussein Allen said at QCon London. She showed how they went from copy and paste deployments to full GitOps. She mentioned that a psychologically safe environment is really important for open and honest discussions that can help resolve pain points and drive innovation.
-
Vercel Expands AI Toolkit with AI SDK 4.0 Update
Vercel has announced version 4.0 of its open-source AI SDK toolkit designed for building AI applications in JavaScript and TypeScript. The update introduces key features like PDF support, computer use integration, and a new xAI Grok API.
-
How to Delight Your Developers with User-Centric Platforms and Practices
By focusing on the users, platform development teams can ensure that they build a platform that tackles the true needs of developers, Ana Petkovska said at QCon London. In her talk, Delight Your Developers with User-Centric Platforms & Practices, she shared what their Developer Experience (DevEx) group looks like and what products and services they provide.