Inside the Trenches of CI/CD
Inside the Trenches of CI/CD
Stories, insights, and opinions from the team behind Mergify

Sep 25, 2025
∙
4 min
read
Friends Don't Let Friends Use :latest
Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025
∙
4 min
read
Friends Don't Let Friends Use :latest
Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025
∙
4 min
read
Friends Don't Let Friends Use :latest
Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 25, 2025
∙
4 min
read
Friends Don't Let Friends Use :latest
Floating versions like :latest, ^, and ~ promise convenience but deliver broken builds, hidden regressions, and supply chain risks. Here we explain why they undermine reproducibility and security and shows how to pin GitHub Actions, Docker images, and dependencies safely.

Mehdi Abaakouk

Sep 18, 2025
∙
6 min
read
Application vs. Database: Where Should Permissions Live?
Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025
∙
6 min
read
Application vs. Database: Where Should Permissions Live?
Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025
∙
6 min
read
Application vs. Database: Where Should Permissions Live?
Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 18, 2025
∙
6 min
read
Application vs. Database: Where Should Permissions Live?
Permissions drift is real: scattered checks, forgotten filters, and data leaks. PostgreSQL’s Row Level Security (RLS) flips the script: pushing verification into the database for stronger safety, but with trade-offs in debugging and performance.

Fabien Martinet

Sep 10, 2025
∙
14 min
read
The Origin Story of Merge Queues
From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025
∙
14 min
read
The Origin Story of Merge Queues
From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025
∙
14 min
read
The Origin Story of Merge Queues
From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 10, 2025
∙
14 min
read
The Origin Story of Merge Queues
From Bors and Homu to Bulldozer, Kodiak, Mergify, and now GitHub and GitLab, merge queues have shaped how we keep main branches green. This article traces their history, why they emerged, and how they became a standard in modern software development.

Julien Danjou

Sep 8, 2025
∙
4 min
read
What I Learned Building My First Jenkins Plugin
Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025
∙
4 min
read
What I Learned Building My First Jenkins Plugin
Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025
∙
4 min
read
What I Learned Building My First Jenkins Plugin
Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 8, 2025
∙
4 min
read
What I Learned Building My First Jenkins Plugin
Building a Jenkins plugin sounded simple — until it became a crash course in Java, Jenkins internals, and community code review. Here’s what I learned, why the process surprised me, and how it now powers Mergify CI Insights.

Mehdi Abaakouk

Sep 5, 2025
∙
8 min
read
Pull Request Management: Streamline Your Workflow with Automation
Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025
∙
8 min
read
Pull Request Management: Streamline Your Workflow with Automation
Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025
∙
8 min
read
Pull Request Management: Streamline Your Workflow with Automation
Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 5, 2025
∙
8 min
read
Pull Request Management: Streamline Your Workflow with Automation
Pull requests are essential, but they don’t scale without automation. Learn PR basics, best practices, and how to automate reviews, tests, and merges with GitHub Actions or Mergify.

Julien Danjou

Sep 4, 2025
∙
6 min
read
Feature Branch Workflow: A Practical Guide for Git
A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025
∙
6 min
read
Feature Branch Workflow: A Practical Guide for Git
A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025
∙
6 min
read
Feature Branch Workflow: A Practical Guide for Git
A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025
∙
6 min
read
Feature Branch Workflow: A Practical Guide for Git
A feature branch workflow is one of Git’s most popular strategies. Learn how it works, its pros and cons, and how modern automation (like merge queues) keeps feature branches fast, safe, and frustration-free.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Looking for a Bulldozer Alternative? Meet Mergify.
Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Looking for a Bulldozer Alternative? Meet Mergify.
Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Looking for a Bulldozer Alternative? Meet Mergify.
Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Looking for a Bulldozer Alternative? Meet Mergify.
Bulldozer is fine for simple PR automation, but it struggles as teams grow. In this post, we break down its pain points and show how Mergify’s merge queues, flexible rules, and templates make it the smarter choice for modern development workflows.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Stop Abusing .gitignore
.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Stop Abusing .gitignore
.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Stop Abusing .gitignore
.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Sep 4, 2025
∙
4 min
read
Stop Abusing .gitignore
.gitignore is one of Git’s most abused features. Here’s what it’s actually for, why you shouldn’t commit your editor junk into it, and how to use a global ignore file instead.

Julien Danjou

Jun 12, 2025
∙
3 min
read
GitHub's Merge Queue Isn't Enough for Large Teams
Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025
∙
3 min
read
GitHub's Merge Queue Isn't Enough for Large Teams
Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025
∙
3 min
read
GitHub's Merge Queue Isn't Enough for Large Teams
Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou

Jun 12, 2025
∙
3 min
read
GitHub's Merge Queue Isn't Enough for Large Teams
Why large engineering orgs quickly hit the limits of GitHub's queue — and what they actually need.

Julien Danjou
Join our community on Slack
Join our community on Slack
Get tips, news, and resources from Mergify and its users.
Curious where your CI is slowing you down?
Try CI Insights — observability for CI teams.
Curious where your CI is slowing you down?
Try CI Insights — observability for CI teams.
Curious where your CI is slowing you down?
Try CI Insights — observability for CI teams.
Curious where your CI is slowing you down?
Try CI Insights — observability for CI teams.