Blog
Thoughts, tutorials, and insights about web development
SLSA, Provenance, and Actually Signing Things: A Practical Supply Chain Setup
Build provenance, image signing with Sigstore, and policy enforcement in Kubernetes — the parts that are now table stakes, and the parts that are still over-engineered for most teams.
GitOps with Argo CD and Kustomize: What I'd Build Today
A pragmatic GitOps layout for multi-cluster, multi-environment Kubernetes — including the repo structure, the promotion model, and the parts where I think Argo CD's defaults are wrong.
OIDC, Workload Identity Federation, and the End of Long-Lived CI Secrets
How GitHub Actions OIDC tokens replace static cloud credentials, what the trust policy actually does, and the misconfigurations that quietly leave you wide open.
Reusable Workflows vs Composite Actions: Choosing the Right Abstraction in 2026
A practical decision framework for when to reach for reusable workflows, composite actions, or just a plain shell script — with the tradeoffs that actually bite you in production.
Scaling Actions Runner Controller on EKS Without Melting Your Cluster
Lessons from running tens of thousands of GitHub Actions jobs per day on Actions Runner Controller — autoscaling, node pool design, and the failure modes nobody warns you about.