Welcome to this week’s edition of the DevOps Bulletin.

In this week’s news, we look at why GitHub Actions is becoming a serious productivity bottleneck for many teams, what it actually takes to own a $5M data center instead of paying a $25M cloud bill, and a new SDLC threat framework designed to map real supply-chain risks across CI, registries, and production. We also cover why AI-powered SRE breaks down without system topology, how Preply structures Terraform with minimal modules and policy guardrails, how Salesforce can roll back 1.5 trillion requests in under ten minutes, and how Pinterest built a compute platform capable of billions of async task executions.

This week’s tutorials go deep into running Kubernetes inside a container, partitioning a 17TB PostgreSQL table, closing container supply-chain gaps with admission control, designing effective SLOs, runbooks, and post-mortems, implementing correct readiness checks for Spring Boot, automating Route 53 updates with Terraform, building a minimal Kubernetes cluster on NixOS, and understanding how MFA downgrade attacks and Kubernetes RBAC misconfigurations lead to real-world compromises.

The open-source picks include a VS Code and Cursor extension that detects malicious IDE behavior in real time, a collection of Falco rules for Kubernetes attack detection, a single-binary Kubernetes dashboard with built-in AI, a near-zero-downtime MySQL migration library from Shopify, an idempotent SQL schema management tool, and a high-performance job queue for Bun that replaces Redis with SQLite.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• GitHub Actions is slowly killing your engineering team

• Owning a $5M data center

• The first threat framework dedicated to SDLC infrastructure

• Git shitstorm

• Why AI-SRE needs topology, not just telemetry

• How do we use Terraform at Preply

• Automating global rollback for 1.5 trillion requests in 10min

• How Pinterest built a compute platform for billions of task executions

Tutorials of the week

• Kubernetes in a container

• Partitioning a 17TB table in PostgreSQL

• Offensive security MCP servers

• Closing the supply chain gap in Kubernetes

• SLOs, Runbooks and Post-Mortems

• Container readiness checks for Spring Boot deployments

• Database indexing

• Automating Route 53 DNS updates with Terraform

• A ‘small’ vanilla Kubernetes install on NixOS

• Deep dive into MFA bypass

• Kubernetes remote code execution via Nodes/Proxy GET permission

Videos of the week

Projects of the week

• A VSCode and Cursor extension that provides real-time security monitoring to detect malicious extensions and supply chain attacks inside the IDE.

• A collection of custom Falco rules and test cases to detect real-world Kubernetes attack techniques.

• A single binary Kubernetes dashboard for multi-cluster management with built-in AI assistance.

• A live MySQL data migration library that copies selected data between databases with near zero downtime.

• Idempotent schema management for MySQL, PostgreSQL, SQLite, and SQL Server.

• A high-performance job queue for Bun that uses SQLite for persistence and runs without any external services.

Meme of the week