Blog¶

2025-11-28
in CI/CD, GitHub Actions, Engineering Patterns
4 min read

Why Release-Please PRs Don't Trigger Your Builds

Update: There's a Better Way

The dual-trigger pattern described below is a workaround, not the real fix. See The Real Fix for Release-Please Triggers for the proper solution using GitHub App tokens.

The release-please PR looked perfect. Clean changelog. Proper version bump. Ready to merge.

One problem: the build pipeline never ran. Branch protection blocked the merge. No required checks had passed, because no checks had started.

This is the story of a GitHub Actions limitation that wastes hours of debugging time, and the pattern that fixes it in two lines of YAML.

2025-11-27
in CI/CD, Resilience, Engineering Patterns
3 min read

Idempotent Automation: Why Reruns Shouldn't Scare You

Your workflow failed at step 47 of 50. Do you fix the issue and rerun from the beginning, or do you manually complete the remaining steps?

The Nervousness Test

If that question makes you nervous, your automation isn't idempotent. And that's a problem.

This post shares the journey to making reruns boring. For the full technical deep-dive, see the Idempotency Pattern Guide.

2025-11-26
in Git, CI/CD, Debugging, Shell Scripting
5 min read

Git Diff Lies: The Untracked File Trap in CI/CD Pipelines

One conditional swap in a change detection script. That's all it took to unblock a file distribution workflow that had been silently failing for weeks.

The bug? git diff --quiet doesn't see untracked files. And when you're distributing files to repositories that don't have them yet, every target file is untracked.

This post dissects the bug, explains why it's so easy to miss, and shows the fix that makes change detection actually work.

2025-11-25
in DevSecOps, GitHub Actions, GitHub Apps, CI/CD, Retrospective
5 min read

One Year of Fidgeting: The Journey to Enterprise-Grade Content Distribution

Today marks a milestone. The Adaptive Enforcement Lab documentation site is live, and with it, a year's worth of battle-tested patterns for GitHub App automation finally have a proper home.

This wasn't a sprint. It was an on-and-off effort spanning twelve months, guided by a simple principle: one building block at a time. Atomic habits applied to infrastructure. Some weeks meant solving a single authentication edge case. Others meant no progress at all. The pieces accumulated slowly, each one small enough to ship, test, and trust before moving on.

Then came today. A marathon session to wire everything together. The discovery stage that had been working in isolation. The distribution logic refined over months of incremental improvements. The idempotency patterns born from countless failed reruns. Today was assembly day. I took a year of atomic improvements and built the complete content distribution system.

This post covers that journey from "let's automate some file syncing" to "we need enterprise-grade security for 40 repositories."