Inside the Trenches of CI/CD

Inside the Trenches of CI/CD

Stories, insights, and opinions from the team behind Mergify

Sep 25, 2025

4 min

read

Friends Don't Let Friends Use :latest

Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025

4 min

read

Friends Don't Let Friends Use :latest

Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025

4 min

read

Friends Don't Let Friends Use :latest

Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025

4 min

read

Friends Don't Let Friends Use :latest

Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 18, 2025

6 min

read

Application vs. Database: Where Should Permissions Live?

Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025

6 min

read

Application vs. Database: Where Should Permissions Live?

Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025

6 min

read

Application vs. Database: Where Should Permissions Live?

Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025

6 min

read

Application vs. Database: Where Should Permissions Live?

Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 10, 2025

14 min

read

The Origin Story of Merge Queues

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025

14 min

read

The Origin Story of Merge Queues

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025

14 min

read

The Origin Story of Merge Queues

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025

14 min

read

The Origin Story of Merge Queues

From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 8, 2025

4 min

read

What I Learned Building My First Jenkins Plugin

Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025

4 min

read

What I Learned Building My First Jenkins Plugin

Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025

4 min

read

What I Learned Building My First Jenkins Plugin

Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025

4 min

read

What I Learned Building My First Jenkins Plugin

Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 5, 2025

8 min

read

Pull Request Management: Streamline Your Workflow with Automation

Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025

8 min

read

Pull Request Management: Streamline Your Workflow with Automation

Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025

8 min

read

Pull Request Management: Streamline Your Workflow with Automation

Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025

8 min

read

Pull Request Management: Streamline Your Workflow with Automation

Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 4, 2025

6 min

read

Feature Branch Workflow: A Practical Guide for Git

A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025

6 min

read

Feature Branch Workflow: A Practical Guide for Git

A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025

6 min

read

Feature Branch Workflow: A Practical Guide for Git

A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025

6 min

read

Feature Branch Workflow: A Practical Guide for Git

A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025

4 min

read

Looking for a Bulldozer Alternative? Meet Mergify.

Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025

4 min

read

Looking for a Bulldozer Alternative? Meet Mergify.

Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025

4 min

read

Looking for a Bulldozer Alternative? Meet Mergify.

Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025

4 min

read

Looking for a Bulldozer Alternative? Meet Mergify.

Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025

4 min

read

Stop Abusing .gitignore

.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025

4 min

read

Stop Abusing .gitignore

.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025

4 min

read

Stop Abusing .gitignore

.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025

4 min

read

Stop Abusing .gitignore

.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Jun 12, 2025

3 min

read

GitHub's Merge Queue Isn't Enough for Large Teams

Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025

3 min

read

GitHub's Merge Queue Isn't Enough for Large Teams

Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025

3 min

read

GitHub's Merge Queue Isn't Enough for Large Teams

Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025

3 min

read

GitHub's Merge Queue Isn't Enough for Large Teams

Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Join our community on Slack

Join our community on Slack

Get tips, news, and resources from Mergify and its users.

Curious where your CI is slowing you down?

Try CI Insights — observability for CI teams.

Curious where your CI is slowing you down?

Try CI Insights — observability for CI teams.

Curious where your CI is slowing you down?

Try CI Insights — observability for CI teams.

Curious where your CI is slowing you down?

Try CI Insights — observability for CI teams.