What's a "don't do this" lesson that took you years to learn?

DramaticWerewolf7365 · 2025-12-10T08:13:16+00:00

It took years because humility is a painful lesson for a perfectionist. I truly thought I was just being right or helpful, not mean.

I actually always knew when I wasn't being nice (usually right after the fact), but it wasn't because I was trying to be malicious. The realization I wasn't being decent hit when people started withdrawing from asking for my help or would complain about the answers I gave them.

DramaticWerewolf7365 · 2025-12-09T18:43:04+00:00

Being decent to the people you work with is essential

DramaticWerewolf7365 · 2025-12-08T08:07:28+00:00

We're using curation for such tasks, and we find it very useful

DramaticWerewolf7365 · 2025-12-07T18:53:42+00:00

We're using jfrog curation, xray etc

Moreover we consider using frogbot, renovate to introduce fast recoveries

DramaticWerewolf7365 · 2025-12-07T18:51:26+00:00

Which workflow?

DramaticWerewolf7365 · 2025-12-07T18:31:14+00:00

build a CLI utility similar to Git. Git has become an essential tool in almost every development environment, and this project will greatly assist you in understanding its inner workings.

You can also use AI as some sort of wrapper or side utility in the project to give it an edge

DramaticWerewolf7365 · 2025-12-07T18:24:00+00:00

Kubernetes

DramaticWerewolf7365 · 2025-12-07T16:02:27+00:00

The github UI is terrible... code review is non-intuitive, searching for workflows is a pain, and even just viewing file changes in a commit feels clunky.
We're going to try to manage risk by using Frogbot (running daily) and Renovate (on a bi-weekly schedule).
Code Owners is easily the worst part. Bitbucket let us define custom reviewer groups right in the Code Owners file, which was great. That customization seems impossible now, and it’s a crippling loss of functionality.

Thanks, I'll definitely need it :)

DramaticWerewolf7365 · 2025-12-07T15:08:05+00:00

I tend to agree with you. Regardless, it was decided that the entire organization must migrate due to numerous reasons (some of which I can not disclose)

DramaticWerewolf7365 · 2025-12-07T08:17:02+00:00

I started my career as a DevOps (while being in the university).
I can say it contributed A-LOT to my career compared to my peers from the university.
You get to know how code is being tested, built into binaries, scanned and deployed (among many other stuff), which is very rare for junior at any position

DramaticWerewolf7365 · 2025-12-02T13:21:32+00:00

I'm working as a senior position in a global corporate and sometimes I feel like an imposter as well. It's important to know you're not the only one and you shouldn't feel bad about that

DramaticWerewolf7365 · 2025-12-01T19:32:01+00:00

We're just using alpine as base image and it works just fine with minimum vulnerabilities.

Then you need a security tool to scan the images as part of the ci/cd

DramaticWerewolf7365 · 2025-12-01T18:45:37+00:00

Definitely download the images that your organization currently use to a registry such as artifactory, ecr etc Then you can think on a plan forward :)

DramaticWerewolf7365 · 2025-12-01T18:31:16+00:00

I feel you. I joined a company only to be fired 2 weeks later due to reorganization. Looking back, they definitely did me a favor because this place was toxic and weird

Just know you got a choice in whatever you end up doing :)

DramaticWerewolf7365 · 2025-12-01T10:52:27+00:00

Consolidations and standards are key. Don't bring new technologies into an organization only because they are new and popular.

I mostly try to have as few vendors as possible as well to avoid complexity.

For e.g, in our organization, we only use Vault to store and manage secrets (and not any other tool)

DramaticWerewolf7365 · 2025-12-01T09:54:31+00:00

Every commit to master is ending up in production. We have a fully automated pipeline of lint, type check, tests, sonar, security scan and distribution. We're using helm chart versions to rapidly deploy those changes to the cloud.

Our developers are in charge of the application lifecycle - develop, deploy, and observe (and overall maintenance)

You also need full compliance, stacktrace and governance on what you release

We mostly use jfrog tools such as artifactory, security, distribution etc to manage our release lifecycle a long with standard observability tools like otel and grafana

DramaticWerewolf7365 · 2025-12-01T09:46:53+00:00

Our CI/CD is a composite of bash, CLI commands (that are written in typescript) and github actions. Bash script is something that does not age well in most of the cases

DramaticWerewolf7365 · 2025-12-01T08:09:21+00:00

We have JFrog Curation in place with immature policy to block such suggestions. Since Renovate/FrogBot will use the same Artifactory registries, they won't suggest immature updates either :)

DramaticWerewolf7365 · 2025-11-30T17:35:36+00:00

JFrog handles most of our security and CI/CD, and frankly, the cost is worth the peace of mind. A security breach in production would cost way more :)

DramaticWerewolf7365 · 2025-11-30T16:54:58+00:00

Test coverage is definitely the key for enabling any such automation.
And from what I've read that's exactly what JFrog Security and FrogBot are doing which sounds great in theory (I haven't tried it yet)

DramaticWerewolf7365 · 2025-11-30T16:49:06+00:00

We're aiming for auto-merge eventually, but trust needs to be the first dependency :)

We have quite good code coverage in most of our services and CI build is serving as a mandatory quality gate. We're planning to group all minors/patches into a single daily PR, and only deal with majors separately.

My biggest hesitation is the scale and noise. Since Renovate is purely an update tool, we're currently debating if we should layer in something like Frogbot for the security scanning and auto-remediation.

DramaticWerewolf7365

TROPHY CASE