Dev Ops
How do you ship code safely, repeatedly, and fast?
DevOps is the union of people, process, and products to enable continuous delivery of value. Three pillars: automate the build, secure the pipeline, measure the flow.
The Pipeline
CODE → BUILD → TEST → DEPLOY → MONITOR → FEEDBACK
│ │ │ │ │ │
▼ ▼ ▼ ▼ ▼ ▼
Git Types Vitest Vercel PostHog Improve
CI E2E Preview Alerts Process
| Stage | Tool | What It Catches | Depth |
|---|---|---|---|
| Typecheck | tsc --noEmit | Type errors, missing imports | CI Infrastructure |
| Unit + Integration | Vitest | Logic bugs, DB contract violations | Testing Strategy |
| E2E | Playwright | Auth flows, critical user journeys | Testing Tools |
| Deploy | Vercel | Preview per PR, production via merge | Cloud Orchestration |
| Monitor | PostHog | Usage patterns, errors, performance | Performance Metrics |
Security
Running unvetted code on machines with private keys, GitHub credentials, and personal files is the primary attack surface.
| Threat | Mitigation |
|---|---|
| Supply chain attacks (compromised packages) | Lock dependencies, audit before upgrade |
| Malicious code repos (interview scams) | Run in unmounted Docker containers |
| Key leaks (env vars in logs, git history) | .env in .gitignore, rotate on exposure |
| Smart contract audit traps | Isolated environment, never run on host |
Emergency response: docker kill <container> → close all windows → remove container entirely.
Git Practices
| Practice | Standard |
|---|---|
| Commit messages | Conventional Commits |
| Branch strategy | Feature branches → PR → main |
| Hooks | Pre-push validation (GitHub) |
| Feature flags | featbit |
| Release automation | Release It |
Monorepo CI
NX affected commands skip unchanged projects. Computation caching reuses previous results. Together they cut CI time by 60-80% on a 10-project monorepo. See Monorepo Build Tools.
CI Cost Economics
CI minutes cost money. The question isn't "should we have CI" — it's "which tests earn their minutes?"
What Runs Where
Every PR: nx affected:build + lint + API contracts
Main push only: E2E browser (Playwright) + full build
Scheduled: Typecheck (3x/week) + dependency audit (weekly)
Local (free): Hooks, link validation, CLI trophy tests
Optimization Playbook
Six changes that cut CI minutes by ~65%:
- Path filter — skip CI on docs-only changes (
paths-ignore: ["**/*.md", "docs/**"]) - E2E on main only — browser tests don't run on feature branches
nx affected— only build what changed, not the whole monorepo- pnpm cache — restore the store between runs
cancel-in-progress— stop old runs when new commits arrive- Scheduled typecheck — 3x/week, not on every push
Trophy Testing
Not everything needs CI. The question from Testing Platform: what's the cheapest test that gives sufficient confidence?
| Test | Where | Why there |
|---|---|---|
| CLI commands work | Worktree (local) | Run it, check the output — zero cost |
| TypeScript compiles | CI (nx affected) | Cross-lib breaks hide locally |
| API contracts hold | CI (per PR) | Contract breaks affect other teams |
| E2E browser flows | CI (main only) | Expensive, catches integration issues |
| Architecture rules | Lint (CI) | Dead lint rules go unnoticed locally |
For infrastructure cost options (self-hosted runners, VPS, serverless), see Infrastructure Economics.
Dig Deeper
- CI Testing Infrastructure — Two-loop pipeline design, preview deploy testing, signal hierarchy, cost controls
- Dev Environment — Docker isolation, container security, safe execution of untrusted code
- GitHub — Source control, hooks, actions, branch protection
- CI Strategy Audit — Gap analysis: three critical gaps, four-phase fix plan, benchmark alignment
- Deploy Checklist — What happens after tests pass — pre-deploy, deploy, post-deploy gates
- Logging Checklist — Structured logging standards, what to log, what not to log
Context
- CI Testing Infrastructure — Pipeline design, preview deploys, cost management
- Dev Environment — Docker, containers, isolation
- GitHub — Source control, hooks, actions
- Deploy Checklist — What happens after tests pass
- Performance Metrics — Measure what matters
Links
- DevOps Roadmap — Visual learning path
- Conventional Commits — Commit message standard
- Better Commits — Practical guide
- Prometheus — Monitoring and alerting
- Cloud Guru — Cloud computing training
- Nigel Poulton — Kubernetes training
Questions
What breaks first when your lone DevOps person is unavailable for a week?
- Which step in your pipeline has the highest false-failure rate — and what does that cost in developer trust?
- If you measured time-from-commit-to-production, where is the bottleneck?
- What security assumption are you making that hasn't been tested?