Welcome to this week’s edition of the DevOps Bulletin.

In this week’s news, we look at what Heroku’s “sustaining engineering” announcement really means for teams still running production workloads there, how GitLab deploys the largest GitLab instance in the world 12x a day, and why Postgres’ postmaster model becomes a scaling bottleneck under extreme concurrency. We also cover ChatGPT Containers now running bash and installing packages, a developer accidentally DDoS-ing their own laptop while learning Go concurrency, and fresh data from the 2025 State of Cloud Security report.

This week’s tutorials go deep into orchestrating specialized AI agent teams, implementing hierarchical AWS Cost Categories for better financial visibility, reducing Kubernetes cold-start latency when scaling nodes from zero, testing whether LLMs can detect hidden backdoors in binaries, building a fully serverless CI/CD pipeline with GitHub Actions and Terraform, understanding Postgres locks visually and conceptually, simplifying Control Tower governance with enhanced CloudFormation Hooks, building a local-first Obsidian RAG with DuckDB and MotherDuck, and generating readable Terraform plan reports for pull request reviews.

The open-source picks include a Kubernetes-native database provisioning platform, a lightweight real-time Docker log viewer, a modern JavaScript-based load testing tool, a GitHub-style diff pager for your terminal, and a security scanner that analyzes AI agent skills for prompt injection and data exfiltration risks.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Newsworthy stories

• Heroku is officially dead

• How we deploy the largest GitLab instance 12 times daily

• ChatGPT Containers can now run bash, pip/npm install packages, and download files

• DDOS'd my own laptop learning Go

• State of cloud security

• Postgres Postmaster does not scale

• The many flavors of .ignore files

Tutorials of the week

• Orchestrating specialized agent teams for compound engineering

• Improve cost visibility and observability with AWS cost categories

• Scaling Kubernetes nodes from zero

• We hid backdoors in binaries — Opus 4.6 found 49% of them

• Building a Serverless CI/CD pipeline on AWS with GitHub Actions and Terraform

• Postgres locks explained

• Simplify AWS Control Tower governance with enhanced AWS CloudFormation Hooks

• Building an Obsidian RAG with DuckDB and MotherDuck

• Create readable Terraform plans for pull request reviews with tfplan2md

Videos of the week

Projects of the week

• A platform to provision, manage, scale, and back up databases such as MySQL, PostgreSQL, and MongoDB using Helm or a CLI.

• Lightweight web UI to stream and search Docker container logs in real time across single or multiple hosts.

• A developer-focused load testing tool that lets you write performance tests in JavaScript and run them locally, in CI, or at scale.

• A git diff pager based on delta but with a file tree, à la GitHub.

• Security scanner that analyzes AI agent skills for prompt injection, data exfiltration, and malicious code using static rules, dataflow analysis, and optional LLM review.

Meme of the week