CI/CD Explained
Plain-English answers to "what is…" questions about CI/CD.
Beginner-friendly explainer articles on continuous integration and delivery: what CI/CD is, how pipelines, runners, and GitHub Actions work, and the concepts behind fast, reliable, cost-efficient automation.
CI/CD basics
What CI/CD, pipelines, and automation are.
Build artifactWhat is a build artifact? Learn what artifacts are, how they are produced and reused, examples, and why "buil…
A buildWhat is a build? A beginner explainer on turning source code into runnable software, what a build produces, a…
ChangelogWhat is a changelog? Learn what a changelog records, how it is organized by release, an example, why users re…
CI serverWhat is a CI server? Learn what a continuous integration server does, how it coordinates builds and runners,…
CI/CD pipelineWhat is a CI/CD pipeline? Learn the stages a change passes through, how they connect, an example pipeline, an…
Code reviewWhat is a code review? Learn how peers examine proposed changes before merging, how the process works, an exa…
Dark launchA dark launch deploys a feature in production without exposing it to users. Learn what it is, how it differs…
Deployment environmentWhat is a deployment environment? Learn what environments are, the common types, how changes move between the…
Deployment gateA deployment gate is a checkpoint that must pass before a release proceeds. Learn what gates are, automated v…
Deployment pipelineWhat is a deployment pipeline? Learn how a change is promoted through environments toward production, the sta…
Deployment strategyWhat is a deployment strategy? Learn how the way you roll out a new version controls risk, the common strateg…
A deploymentWhat is a deployment? Learn what it means to deploy software, how deployments work, an example, the differenc…
Feature branchWhat is a feature branch? Learn how isolating work on its own branch works, how it merges back, an example, t…
Feature flagA feature flag toggles functionality without deploying new code. Learn what feature flags are, how they decou…
Golden pathA golden path is a supported, opinionated route for doing a common task well. Learn what it is, how it guides…
HotfixWhat is a hotfix? Learn what an urgent fix to production is, how it differs from a normal change, an example,…
Kill switchA kill switch instantly disables a feature in an emergency. Learn what a kill switch is, how it relates to fe…
Merge queueWhat is a merge queue? Learn how it serializes merges and tests each change against the latest main, an examp…
Production environmentWhat is a production environment? Learn what "production" means, how it differs from other environments, an e…
Pull request pipelineWhat is a pull request pipeline? Learn how CI runs checks on a proposed change before merge, what it runs, an…
Regression testWhat is a regression test? Learn how these tests catch newly broken behavior that used to work, how they fit…
Release candidateWhat is a release candidate? Learn what an RC is, how it is validated before becoming a final release, an exa…
Release trainA release train ships on a fixed schedule, taking whatever is ready. Learn what it is, how the schedule works…
A releaseWhat is a release? An explainer on making software available to users, how releases are versioned, an example…
RollbackWhat is a rollback? Learn how reverting to a previous known-good version recovers from a bad deploy, how it w…
Rolling deploymentA rolling deployment replaces instances gradually with the new version. Learn what a rolling deployment is, h…
RunbookA runbook is a documented procedure for an operational task or incident. Learn what a runbook is, what makes…
Smoke testWhat is a smoke test? Learn how a quick sanity check confirms the basics work after a build or deploy, how it…
Staging environmentWhat is a staging environment? Learn how this production-like environment catches problems before release, ho…
Status checkWhat is a status check? Learn how CI reports pass/fail results on a commit or pull request, how required chec…
Unit testWhat is a unit test? A beginner explainer on testing one small piece of code in isolation, how it works, an e…
Error budget policyAn error budget policy defines what happens when reliability spend runs low. Learn what an error budget is an…
Incident postmortemAn incident postmortem is a structured review of a failure. Learn what a postmortem is, why it should be blam…
Internal developer platformAn internal developer platform gives engineers self-service access to tooling. Learn what an IDP is, what it…
On-call rotationAn on-call rotation shares responsibility for responding to incidents. Learn what on-call is, how rotations a…
Service level indicatorA service level indicator is a quantitative measure of service health. Learn what an SLI is, common types, an…
Service level objectiveA service level objective is a target for how reliable a service should be. Learn what an SLO is, how it diff…
Automated testingWhat is automated testing? A beginner explainer on tests that run themselves, the main types, an example, why…
Blue-green deploymentWhat is blue-green deployment? Learn how two identical environments enable instant cutover and rollback, with…
Branch protectionWhat is branch protection? Learn how rules guard important branches, the common protections, an example, and…
Build automationWhat is build automation? Learn how scripted, repeatable builds replace manual steps, how build tools work, a…
Canary analysisCanary analysis compares a canary release against the baseline to decide whether to proceed. Learn what it is…
Canary deploymentWhat is canary deployment? Learn how releasing to a small slice of users first limits risk, how it progresses…
Change failure rateChange failure rate measures the share of deployments that cause a failure. Learn what it is, how to count fa…
Chaos engineeringChaos engineering deliberately injects failure to test resilience. Learn what it is, how experiments work, an…
CI/CD explainedCI/CD explained for beginners: what continuous integration and continuous delivery mean, how the pipeline wor…
Configuration driftConfiguration drift is when real infrastructure diverges from its defined state. Learn what it is, what cause…
Continuous deliveryWhat is continuous delivery? Learn how CD keeps software always releasable, how it differs from continuous de…
Continuous deploymentWhat is continuous deployment? An explainer on shipping every passing change to production automatically, how…
Continuous integrationWhat is continuous integration? A plain-English explainer covering what CI is, how it works, a worked example…
Continuous testingContinuous testing runs automated tests throughout the pipeline. Learn what it is, what it includes, and why…
Deployment frequencyDeployment frequency measures how often a team ships to production. Learn what it is, why higher is usually b…
DevOpsWhat is DevOps? A beginner explainer on the culture and practices that unite development and operations, how…
DevSecOpsDevSecOps integrates security into DevOps as a shared responsibility. Learn what it is, how it differs from t…
Distributed tracingDistributed tracing follows a single request across many services. Learn what it is, how spans and trace cont…
Drift detectionDrift detection compares actual infrastructure against its declared state. Learn what drift detection is, how…
End-to-end testingWhat is end-to-end testing? Learn how E2E tests verify whole user journeys through a real system, an example,…
GitOpsWhat is GitOps? A beginner explainer on using Git as the source of truth for infrastructure and deployments,…
Immutable infrastructureImmutable infrastructure replaces servers instead of modifying them. Learn what it is, how it differs from mu…
Infrastructure as codeWhat is infrastructure as code? Learn how to define servers and cloud resources in version-controlled files,…
Integration testingWhat is integration testing? Learn how it verifies that components work together, how it differs from unit te…
Lead time for changesLead time for changes measures how long a commit takes to reach production. Learn what it is, where the time…
Production loggingLogging records discrete events from running software. Learn what production logging is, structured versus un…
Mean time to recoveryMean time to recovery is the average time to restore service after a failure. Learn what MTTR is, its related…
MonitoringMonitoring collects and alerts on known signals of system health. Learn what monitoring is, how it differs fr…
ObservabilityObservability is the ability to understand a system from its outputs. Learn what it is, how it differs from m…
Pipeline as codeWhat is pipeline as code? Learn how defining your CI/CD pipeline in version-controlled files works, an exampl…
Platform engineeringPlatform engineering builds internal products that make developers productive. Learn what it is, how it diffe…
Progressive deliveryProgressive delivery rolls out changes gradually with controls. Learn what it is, the techniques it includes,…
Semantic versioningWhat is semantic versioning? Learn how the major.minor.patch scheme communicates the nature of a change, an e…
Shadow trafficShadow traffic mirrors real requests to a new service version, discarding the responses. Learn what it is, ho…
Shift-left securityShift-left security moves security checks earlier in development. Learn what it is, what gets checked early,…
Shift-leftShift-left moves quality and testing activities earlier in delivery. Learn what shift-left means, why earlier…
Site reliability engineeringSite reliability engineering applies software engineering to operations. Learn what SRE is, how it differs fr…
Test automationWhat is test automation? Learn how automating test execution replaces manual checking, how it works, an examp…
The DORA frameworkDORA defines four key metrics for software delivery performance. Learn what the framework is, what the metric…
Software delivery lifecycleWhat is the software delivery lifecycle? An explainer on the stages from idea to running software, how CI/CD…
Testing pyramidWhat is the testing pyramid? Learn how to balance many fast unit tests against fewer slow end-to-end tests, a…
Time to restore serviceTime to restore service measures how quickly a team recovers from a failure. Learn what it is, what shortens…
Traffic shiftingTraffic shifting gradually moves request load from one version to another. Learn what it is, how weighted rou…
Trunk-based developmentWhat is trunk-based development? Learn how this branching model keeps everyone working close to the main bran…
Value stream mappingValue stream mapping visualizes every step from idea to delivery to find waste. Learn what it is, how it expo…
Zero-downtime deploymentZero-downtime deployment releases new versions without interrupting service. Learn what it is, the techniques…
GitHub Actions explained
Workflows, jobs, steps, actions, runners.
What are Actions minutes?GitHub Actions minutes are the billing unit for GitHub-hosted runners: wall-clock job time, multiplied by an…
What is a composite action?A composite action bundles multiple steps into a single reusable action defined in YAML, so you can share ste…
What is a concurrency group?A concurrency group limits a workflow to one in-progress run per key, automatically canceling or queuing olde…
What is a context?A context in GitHub Actions is a structured object of run data, like github, env, and secrets, that you read…
What is a cron schedule?A cron schedule triggers a GitHub Actions workflow at recurring times using cron syntax under the schedule ev…
What is a deployment?A deployment in GitHub Actions is a tracked release to an environment, recording status and history so you ca…
What is a runner?A runner is the machine that executes a GitHub Actions job. It can be GitHub-hosted, self-hosted, or a manage…
What is a secret?A GitHub Actions secret is an encrypted variable for sensitive values like API keys, available to workflows a…
What is a workflow file?A GitHub Actions workflow is a YAML file in .github/workflows that defines which events trigger automation an…
What is a job?A job in GitHub Actions is a group of steps that runs on a single runner. Jobs run in parallel by default and…
What is a job output?A job output is a value a job exposes so dependent jobs can read it through the needs context, passing data a…
What is a job summary?A job summary is custom Markdown a step writes to GITHUB_STEP_SUMMARY, rendered on the run page to surface re…
What is a larger runner?A larger runner is a GitHub-hosted runner with more CPU, memory, or a GPU than standard runners, used for hea…
What is a Marketplace action?A Marketplace action is a published, shareable action listed in the GitHub Marketplace that you can drop into…
What is a matrix build?A matrix build runs the same job many times across combinations of variables, like multiple OS or language ve…
What is a required status check?A required status check is a CI check that must pass before a pull request can merge, enforced by branch prot…
What is a reusable workflow?A reusable workflow is a whole workflow called from another workflow with workflow_call, letting you share CI…
What is a runner group?A runner group is an organization-level collection of self-hosted runners with access policies controlling wh…
What is a runner label?A runner label is a tag on a runner that jobs match in runs-on, letting you route work to runners with the ri…
What is a self-hosted runner?A self-hosted runner is a machine you own and register to GitHub to run Actions jobs, giving control over har…
What is a service container?A service container is a Docker container GitHub Actions runs alongside your job, like a database, so tests c…
What is a step?A step in GitHub Actions is a single task in a job. It either runs a shell command with run or invokes a reus…
What is a step output?A step output is a named value a step writes to GITHUB_OUTPUT so later steps in the same job can read it via…
What is a workflow run?A workflow run is a single execution of a workflow triggered by an event, with its own logs, status, and a un…
What is a trigger?A workflow trigger is the event that starts a GitHub Actions workflow. Triggers are declared in the on key, s…
What is ARC?Actions Runner Controller (ARC) is a Kubernetes operator that autoscales self-hosted GitHub Actions runners a…
What is actions/cache?actions/cache stores and restores files like dependencies between runs using a key, speeding up workflows by…
What is actions/checkout?actions/checkout is the official action that clones your repository onto the runner so subsequent steps can b…
What is an action?An action is a reusable, packaged unit of work you invoke from a step with uses. Actions can be JavaScript, D…
What is an artifact?An artifact is a file or set of files a job uploads so they can be downloaded later or shared with other jobs…
What is an environment?An environment in GitHub Actions is a named deployment target like staging or production, with its own secret…
What is an expression?An expression in GitHub Actions is logic inside ${{ }} that evaluates contexts, functions, and operators to c…
What is continue-on-error?continue-on-error lets a failing step or job be treated as a non-blocking failure, so the workflow keeps goin…
What is fail-fast?fail-fast controls whether one failing matrix job cancels the rest. It defaults to true; set it false to let…
What is GitHub Actions?GitHub Actions is the CI/CD platform built into GitHub. It runs automated workflows in response to repository…
GITHUB_ACTIONGITHUB_ACTION is the unique identifier of the current step or action in GitHub Actions. Learn where it is use…
GITHUB_ACTORGITHUB_ACTOR is the username that triggered a GitHub Actions workflow run. Learn how it is set and used for a…
GITHUB_API_URLGITHUB_API_URL is the REST API base URL in a GitHub Actions run. Learn how to use it for portable API calls.
GITHUB_BASE_REFGITHUB_BASE_REF is the target branch of a pull request in GitHub Actions. Learn how it is used in diffs and m…
GITHUB_EVENT_NAMEGITHUB_EVENT_NAME is the webhook event that triggered a GitHub Actions workflow, like push or pull_request. L…
GITHUB_EVENT_PATHGITHUB_EVENT_PATH is the path to the JSON file with the full webhook payload in GitHub Actions. Learn how to…
GITHUB_HEAD_REFGITHUB_HEAD_REF is the source branch of a pull request in GitHub Actions. Learn when it is set and how to use…
GITHUB_JOBGITHUB_JOB is the job_id of the currently running job in GitHub Actions. Learn how it maps to your workflow Y…
GITHUB_REF_NAMEGITHUB_REF_NAME is the short branch or tag name for a GitHub Actions run, like main or v1.2.0. Learn how it d…
GITHUB_REF_TYPEGITHUB_REF_TYPE tells you whether a GitHub Actions run was triggered by a branch or a tag. Learn how to branc…
GITHUB_REFGITHUB_REF is the fully-formed ref (branch or tag) that triggered a GitHub Actions run, like refs/heads/main.…
GITHUB_REPOSITORY_OWNERGITHUB_REPOSITORY_OWNER is the user or organization that owns the repo in a GitHub Actions run. Learn how it…
GITHUB_REPOSITORYGITHUB_REPOSITORY is the owner/name slug of the repo running a GitHub Actions workflow, like octocat/hello-wo…
GITHUB_RUN_ATTEMPTGITHUB_RUN_ATTEMPT counts how many times a GitHub Actions run has been attempted. Learn how to use it for ret…
GITHUB_RUN_IDGITHUB_RUN_ID is the unique identifier for a GitHub Actions workflow run. Learn how to use it for logs, artif…
GITHUB_RUN_NUMBERGITHUB_RUN_NUMBER is the incrementing run count for a GitHub Actions workflow. Learn how it differs from GITH…
GITHUB_SERVER_URLGITHUB_SERVER_URL is the base URL of the GitHub server in a GitHub Actions run. Learn why it matters on GitHu…
GITHUB_SHAGITHUB_SHA is the commit SHA that triggered a GitHub Actions workflow run. Learn what it contains and how to…
What is GITHUB_TOKEN?GITHUB_TOKEN is an automatic, short-lived credential GitHub injects into each workflow run so steps can call…
GITHUB_WORKFLOWGITHUB_WORKFLOW is the name of the workflow running in GitHub Actions. Learn what it returns and how to use i…
GITHUB_WORKSPACEGITHUB_WORKSPACE is the directory where your repository is checked out in GitHub Actions. Learn what it point…
What is OIDC?OIDC in GitHub Actions lets a workflow request a short-lived identity token to authenticate to cloud provider…
RUNNER_ARCHRUNNER_ARCH is the CPU architecture of a GitHub Actions runner, such as X64 or ARM64. Learn how to use it in…
RUNNER_NAMERUNNER_NAME is the name of the GitHub Actions runner executing a job. Learn how it helps debug runner issues.
RUNNER_OSRUNNER_OS tells you the operating system of a GitHub Actions runner: Linux, Windows, or macOS. Learn how to b…
RUNNER_TEMPRUNNER_TEMP is a cleaned-up temporary directory on a GitHub Actions runner. Learn why to use it over /tmp.
the CI VariableCI is a boolean environment variable set to true on virtually every CI system, including GitHub Actions. Lear…
What is GITHUB_ENV?GITHUB_ENV is a file a step writes to in order to set environment variables that persist for the remaining st…
What is needs?The needs keyword makes one job wait for another to finish, creating a dependency graph and giving access to…
What is workflow_dispatch?workflow_dispatch is a trigger that lets you run a GitHub Actions workflow manually from the UI or API, optio…
What is workflow_call?workflow_call is the trigger that makes a workflow reusable, allowing other workflows to invoke it and pass i…
Runners explained
Hosted, self-hosted, managed, and ephemeral runners.
What is a build minute?A build minute is the billing unit for CI compute - one minute of runner time. Learn how OS multipliers and r…
What is a CI runner?A CI runner is the machine or container that executes your pipeline jobs. Learn what runners do, how they con…
What is a cold start in CI?A cold start is the delay while a fresh runner is provisioned before your job runs. Learn what causes it and…
What is a GitHub-hosted runner?A GitHub-hosted runner is a fresh VM GitHub provisions for each job. Learn how they work, what they cost, and…
What is a GPU runner?A GPU runner is a CI runner with a graphics processing unit for ML, CUDA, or rendering workloads. Learn when…
What is a hosted runner incident?A hosted runner incident is an outage or degradation of a CI provider runner fleet that you cannot fix yourse…
What is a JIT runner?A JIT (just-in-time) runner registers with a single-use config generated right before launch. Learn how JIT d…
What is a larger GitHub runner?A larger GitHub runner is a hosted runner with more vCPU and memory than the standard size, billed at a premi…
What is a Linux runner?A Linux runner is a CI runner running Linux - the default and cheapest option for most builds. Learn why it i…
What is a macOS runner?A macOS runner is a CI runner running macOS for iOS and Apple builds. Learn why macOS runners exist, why they…
What is a managed CI platform?A managed CI platform operates your runner fleet end to end - provisioning, scaling, images, caching, and rel…
What is a managed runner?A managed runner is CI compute a third party operates for you - hosted-like ease without the vendor price or…
What is a runner cache?A runner cache stores dependencies and build outputs so ephemeral runners skip redoing expensive work. Learn…
What is a runner fleet?A runner fleet is the whole collection of runners an organization operates. Learn what fleet management invol…
What is a runner group?A runner group is a named collection of runners with access controls. Learn how groups scope which repos can…
What is a runner image?A runner image is the preconfigured disk template a runner boots from, with the OS and preinstalled tools. Le…
What is a runner label?A runner label is a tag that routes a job to a matching runner via runs-on. Learn how labels work, why mismat…
What is a runner pool?A runner pool is a managed set of runners that jobs draw from on demand. Learn how pools differ from warm poo…
What is a runner queue?A runner queue is the backlog of jobs waiting for an available runner. Learn what causes queueing, how to rea…
What is a runner registration token?A runner registration token authorizes a new runner to join your repo or org. Learn how it works, why it expi…
What is a runner sandbox?A runner sandbox restricts a CI job to a confined environment so it cannot reach beyond its boundaries. Learn…
What is a runner sidecar?A runner sidecar is a helper process running alongside the job to provide services like caching, monitoring,…
What is a self-hosted runner?A self-hosted runner is the GitHub Actions agent running on your own infrastructure. Learn how it works, why…
What is a spot instance runner?A spot instance runner uses discounted, interruptible cloud capacity to cut CI cost. Learn how it works, the…
What is a stale runner?A stale runner is one running an outdated agent, image, or accumulated state that causes failures. Learn how…
What is a warm pool?A warm pool is a set of pre-booted runners kept ready so jobs start instantly instead of waiting for a cold s…
What is a Windows runner?A Windows runner is a CI runner running Windows for .NET, MSVC, and Windows-native builds. Learn what it is f…
What is Actions Runner Controller?Actions Runner Controller (ARC) is a Kubernetes operator that autoscales self-hosted GitHub runners. Learn wh…
What is an ARM runner?An ARM runner is a CI runner on ARM64 (aarch64) hardware. Learn why ARM runners are cheaper and faster per do…
What is an ephemeral runner?An ephemeral runner is created for a single job and destroyed afterward. Learn why fresh, single-use runners…
What is per-job runner billing?Per-job runner billing charges for the runner time a job actually uses, often per second. Learn how it differ…
What is runner autoscaling?Runner autoscaling automatically adds and removes CI runners based on job demand. Learn how it works, why it…
What is runner concurrency?Runner concurrency is how many CI jobs can run simultaneously. Learn how limits cause queues, how to size con…
What is runner isolation?Runner isolation keeps each CI job separate so one cannot read or corrupt another. Learn the levels of isolat…
What is runner ops?Runner ops is the ongoing operational work of keeping self-hosted runners patched, scaled, secure, and online…
What is runner provisioning?Runner provisioning is the process of creating and preparing a runner to accept a job. Learn the steps, where…
What is runner scaling lag?Runner scaling lag is the delay between demand rising and new runners coming online. Learn what causes it and…
What is runner utilization?Runner utilization is the share of paid runner time doing useful work. Learn how low utilization wastes money…
Reliability explained
Flaky tests, transient failures, self-healing CI.
What is a CI incident?A CI incident is a disruption to your pipeline that blocks or degrades delivery. What counts, how incidents d…
What is a CI timeout?A CI timeout cancels a job or step that runs longer than its limit. Learn why timeouts exist, what causes the…
What is a circuit breaker?A circuit breaker stops sending requests to a failing dependency to let it recover and fail fast. The open, c…
What is a dead-letter?A dead-letter is where a message or job goes after it has failed too many times to retry. The dead-letter pat…
What is a deterministic failure?A deterministic failure happens every run because the cause is in the code or config. How it differs from a t…
What is a flaky test?A flaky test passes and fails on the same code without any change. Learn what causes flakiness, why it erodes…
What is a flaky-test dashboard?A flaky-test dashboard tracks which tests fail intermittently and how often. What it surfaces, why visibility…
What is a health check?A health check is a probe that tests whether a service is working. Learn how health checks gate traffic, surf…
What is a mechanical failure?A mechanical failure is a CI failure in the underlying machine or infrastructure, not your code. Learn what c…
What is a network blip?A network blip is a brief, transient connectivity failure that disrupts a CI job. What causes blips, how they…
What is a non-deterministic test?A non-deterministic test gives different results on the same inputs because it depends on uncontrolled factor…
What is a pipeline failure rate?A pipeline failure rate is the share of CI runs that fail over a period. How to measure it, why splitting tra…
What is a quarantined test?A quarantined test is a known-flaky test moved out of the blocking path so it does not fail builds while it i…
What is a race condition?A race condition is a bug whose outcome depends on timing or ordering. Learn why race conditions make tests f…
What is a rate limit error?A rate limit error means a service is rejecting requests because you sent too many too fast. Learn why CI hit…
What is a re-run?A re-run executes a failed CI job or workflow again. The difference between manual and automatic re-runs, whe…
What is a readiness probe?A readiness probe checks whether an instance is ready to serve traffic yet. How it differs from liveness and…
What is a registry timeout?A registry timeout is when a package or image registry is too slow to respond during CI. Why registries time…
What is a retry storm?A retry storm is when many clients retry a failing service at once and overwhelm it. How retry storms form, w…
What is a transient failure?A transient failure is a CI failure from a temporary condition that clears on its own. Learn to tell transien…
Transient vs deterministic?Transient failures come and go and are retryable; deterministic failures recur and need a fix. How to tell th…
What is an automatic retry?An automatic retry re-runs a failed operation without human intervention. Learn when retries help, when they…
What is an error budget?An error budget is the allowed amount of unreliability before action is required. How error budgets balance s…
What is an infrastructure failure?An infrastructure failure is a CI failure from the platform running the job, not your code. What counts, why…
What is an OOM kill?An OOM kill is when the kernel terminates a process for using too much memory. Why it happens on CI runners,…
What is build resilience?Build resilience is a pipeline’s ability to keep producing trustworthy results despite transient failures. Le…
What is build stability?Build stability is how consistently your CI produces correct, trustworthy results. Learn what undermines it a…
What is CI flakiness?CI flakiness is the overall rate at which your pipeline gives unreliable, non-reproducible results. What driv…
What is CI observability?CI observability is understanding pipeline behavior from its outputs: logs, metrics, and traces. What to inst…
What is exit code 137?Exit code 137 means a process was killed by SIGKILL, almost always the out-of-memory killer in CI. Learn the…
What is exponential backoff?Exponential backoff doubles the wait between retries so failures back off quickly. Learn the formula, why jit…
What is graceful degradation?Graceful degradation is keeping a system partly working when a component fails, instead of failing entirely.…
What is idempotency?Idempotency means an operation produces the same result whether run once or many times. Learn why it makes re…
What is MTTR?Mean time to recovery (MTTR) is the average time to restore service after a failure. Learn how it applies to…
What is retry with backoff?Retry with backoff waits a growing interval between attempts instead of retrying immediately. Learn why it pr…
What is self-healing CI?Self-healing CI automatically detects and recovers from transient and mechanical failures so a one-off blip d…
What is test isolation?Test isolation means each test runs independently without leaking state to others. Learn why isolation preven…
What is change failure rate?Change failure rate is the share of deployments that cause a production failure. How this DORA metric works a…
CI cost explained
CI minutes, pricing, and cutting your bill.
What are GitHub Actions minutes?GitHub Actions minutes are the metered runner time GitHub bills for private repos. Learn the included tier, p…
What is a CI billing cycle?A CI billing cycle is the monthly period over which your minutes and storage are metered and reset. Learn how…
What is a CI budget?A CI budget is a planned, enforced limit on what your pipelines may spend. Learn how to set one, track it, an…
What is a CI cost audit?A CI cost audit is a structured review of pipeline spend to find waste and savings. Learn what an audit exami…
What is a CI cost calculator?A CI cost calculator estimates your pipeline spend from minutes, runner size, and waste. Learn what inputs ma…
What is a CI cost spike?A CI cost spike is a sudden, sharp increase in pipeline spend. Learn the common causes, how to detect spikes…
What is a CI minute?A CI minute is the basic unit of metered build time. Learn how CI minutes are counted, rounded, and billed, a…
What is a managed runner price?A managed runner price is what you pay to run CI jobs on right-sized cloud instances without operating the fl…
What is a spending limit in GitHub Actions?A GitHub Actions spending limit caps how much you can be billed for metered usage. Learn how it works, what h…
What is CI cost optimization?CI cost optimization is reducing CI spend without slowing delivery. Learn the main levers: caching, right-siz…
What is CI/CD cost?CI/CD cost is the total spend to build, test, and ship software automatically. Learn the direct compute costs…
What is compute cost in CI?Compute cost in CI is what you pay for runner CPU time executing your jobs. Learn how it is calculated, what…
What is cost attribution in CI?Cost attribution in CI assigns pipeline spend to the teams, repos, and workflows that drive it. Learn why it…
What is cost per build?Cost per build is the average CI spend for one pipeline run. Learn how to calculate it, what drives it up, an…
What is cost per deployment?Cost per deployment is the total CI/CD spend to ship one release to production. Learn how to calculate it, wh…
What is FinOps for CI/CD?FinOps for CI/CD applies cloud financial management to pipelines: visibility, attribution, and optimization o…
What is idle runner cost?Idle runner cost is what you pay for runner capacity that is provisioned but idle. Learn where it comes from…
What is included vs metered CI usage?Included CI usage is your free monthly allowance; metered usage is billed per unit beyond it. Learn the diffe…
What is macOS runner cost?macOS runners are the most expensive CI option, roughly ten times Linux per minute. Learn why, where the cost…
What is overage billing?Overage billing is the per-unit charge for CI usage beyond your included allowance. Learn how it accrues, whe…
What is per-minute billing?Per-minute billing charges for CI by the minute of runner time, usually rounded up per job. Learn how roundin…
What is reserved vs on-demand compute?Reserved compute commits to capacity for a lower rate; on-demand pays per use. Learn the trade-offs for CI an…
What is rightsizing a runner?Rightsizing a runner means choosing the smallest machine that runs a job efficiently. Learn how to find the r…
What is runner pricing?Runner pricing is how a CI provider charges for the machines that run your jobs. Learn per-minute models, siz…
What is showback/chargeback for CI?Showback reports CI spend to the teams that drive it; chargeback bills it back. Learn the difference, when to…
What is the 2,000 free minutes tier?The 2,000 free minutes tier is GitHub Actions’ monthly allowance for private repos on the free plan. Learn wh…
What is the cost of a flaky pipeline?A flaky pipeline costs you in re-run minutes, lost engineering time, and delayed delivery. Learn how to quant…
What is the cost of CI queue time?CI queue time is the wait before a job gets a runner. Learn its direct and indirect costs, and how warm pools…
What is the cost of cold starts?Cold-start cost is the billed time a runner spends booting and setting up before useful work begins. Learn ho…
What is the cost of over-provisioning?Over-provisioning in CI is paying for more runner capacity or size than jobs use. Learn where it comes from,…
What is the cost of re-runs?Re-run cost is the extra spend from re-executing jobs that already ran, usually from flakiness. Learn to quan…
What is the cost of self-hosted runners?Self-hosted runners look cheap per minute but carry idle and operational costs. Learn the true cost of self-h…
What is the GitHub Actions free tier?The GitHub Actions free tier gives private repos a monthly allowance of minutes and storage. Learn the limits…
What is TCO for CI?Total cost of ownership for CI sums compute, storage, operations, reliability, and delivery impact. Learn the…
What is wasted CI spend?Wasted CI spend is money paid for minutes that produce no value - cold starts, flaky re-runs, idle headroom,…
What is Windows runner cost?Windows runners cost about twice a Linux minute on GitHub Actions. Learn why the multiplier exists, where Win…
Core concepts
Containers, caching, artifacts, OIDC, and more.
What are Core Web Vitals?Core Web Vitals are Google metrics for loading, interactivity, and visual stability of a page. Learn what the…
What is file permissions?File permissions control who can read, write, or execute a file on Unix. Learn how the rwx model works and wh…
a .dockerignore fileThe .dockerignore file excludes files from the Docker build context. Learn its CI impact.
a .env fileA .env file holds environment variables for local development. Learn why it is risky in CI.
a .gitattributes fileThe .gitattributes file controls Git behavior per path. Learn its CI relevance.
a .prettierrc fileThe .prettierrc file configures Prettier formatting. Learn how CI enforces it.
a .python-version fileThe .python-version file pins the Python version. Learn how pyenv and CI use it.
What is a 429 Too Many Requests?A 429 Too Many Requests means you exceeded an API rate limit and must slow down. Learn what causes 429s in CI…
What is a 502 Bad Gateway?A 502 Bad Gateway means a proxy got an invalid response from an upstream server. Learn what causes 502s and w…
What is a background job?A background job is a command run with & so the shell continues without waiting. Learn how background jobs wo…
What is a base image?A base image is the starting point a Dockerfile builds on via FROM. Learn how to choose one, the trade-offs o…
Batch job explainedA batch job explained: a process that handles a bounded set of data at once on a schedule, how it differs fro…
What is a bearer token?A bearer token grants access to anyone who presents it, sent in the Authorization header. Learn what bearer t…
Binary format explainedBinary format explained: data encoded as raw bytes rather than readable text, why it is compact and fast, and…
What is a bounded context?A bounded context is a boundary within which a domain model is consistent and terms have one meaning. Learn h…
What is a breaking change?A breaking change forces existing callers to update or they break. Learn how to spot one, why it matters for…
What is a browser target?A browser target is the set of browsers and versions your build must support. Learn how it drives transpilati…
What is a build agent?A build agent is the machine, container, or VM that picks up a job from the CI server and executes it. Learn…
What is a build artifact repository?A build artifact repository stores versioned build outputs for deploy and reuse. Learn how it underpins build…
What is a build artifact?A build artifact is a file your pipeline produces and hands off - a binary, image, or report. Learn how artif…
What is a build badge?A build badge is a small status image, often in a README, showing whether a pipeline is passing or failing. L…
What is a build cache?A build cache stores the outputs of build steps so unchanged work is skipped on the next run. Learn how build…
What is a build fingerprint?A build fingerprint is a hash that uniquely identifies a build by its inputs, used for caching and skipping u…
What is a build graph?A build graph models tasks and their dependencies so a build runs only what is needed, in the right order. Le…
What is a build matrix?A build matrix produces one build per combination of platforms, versions, or configs. Learn how it differs fr…
What is a build queue?A build queue is the line of jobs waiting for an available agent to run them. Learn how queues form, why queu…
What is a build server?A build server is the central system that schedules pipelines, hands jobs to agents, stores results, and show…
What is a build stage?A build stage is the pipeline phase that compiles source and produces artifacts before testing or deploying.…
What is a build target?A build target tells the build which environment and feature level the output must support. Learn how targets…
What is a build trigger?A build trigger is the event or condition that starts a pipeline run, such as a push, pull request, schedule,…
What is a bundler?A bundler combines many JavaScript and CSS modules into a few optimized files the browser can load fast. Lear…
Byte order mark explainedByte order mark explained: the invisible bytes at the start of a text file that signal encoding, why a UTF-8…
What is a cache key?A cache key is the identifier that decides whether CI restores a saved cache or starts fresh. Learn how to bu…
What is a cache layer?A cache layer stores hot data in fast memory to avoid repeated slow lookups. Learn the trade-offs of caching…
What is a callback?A callback is a function passed into other code to be invoked later, often when an asynchronous operation fin…
What is a canary metric?A canary metric is a signal watched during a canary release to decide whether to proceed or roll back. Learn…
What is a CDN cache?A CDN cache stores your static assets at edge locations close to users for fast delivery. Learn how it caches…
What is a CDN edge?A CDN edge is a server near users that caches and serves content to cut latency. Learn what an edge node is a…
What is a CDN?A CDN caches content on servers near users to deliver it faster and offload your origin. Learn what a CDN is…
Certificate authority explainedCertificate authority explained: the trusted party that signs certificates to vouch for identity, how the cha…
Character encoding explainedCharacter encoding explained: how text becomes bytes, the difference from character sets, why mismatches caus…
Checksum explainedChecksum explained: a small fingerprint computed from data to detect corruption or tampering, the difference…
What is a chunk?A chunk is one of the output files a bundler emits when it splits your code. Learn how chunks are created and…
What is a CI/CD platform?A CI/CD platform is the full system that builds, tests, and deploys software, combining a server, runners, co…
What is a closure?A closure is a function bundled with the variables from the scope where it was created, which it can access l…
What is a cloud region?A cloud region is a geographic location of provider data centers where your resources run. Learn what regions…
What is a cluster?A cluster is a group of machines managed as one pool of compute. Learn what a Kubernetes cluster contains and…
What is a CNAME record?A CNAME record aliases one hostname to another so it resolves to the target. Learn what CNAMEs are and how de…
What is a coverage report?A code coverage report measures how much of your code the tests actually exercise. Learn how coverage is coll…
a CODEOWNERS fileA CODEOWNERS file maps paths to required reviewers. Learn how it gates merges.
What is a compiler?A compiler translates human-readable source code into machine code or another lower-level form ahead of time.…
What is a component library?A component library is a shared set of reusable UI components used across apps. Learn how component libraries…
What is a ConfigMap?A ConfigMap stores non-secret configuration that Kubernetes injects into pods as env vars or files. Learn how…
What is a container orchestrator?A container orchestrator automates deploying, scaling, networking, and healing containers across many machine…
What is a container registry?A container registry stores and distributes images by repository and tag. Learn how push and pull work, what…
What is a container runtime?A container runtime is the low-level software that starts and runs containers from images. Learn the high-lev…
What is a container?A container packages an application with its dependencies and runs as an isolated process on a shared kernel.…
What is a content hash in filenames?A content hash in a filename is a fingerprint of the file content, so the name changes only when the content…
What is a content security policy?A content security policy (CSP) tells the browser which sources of scripts and resources to trust, mitigating…
What is a coroutine?A coroutine is a function that can suspend its execution and resume later, enabling lightweight concurrency w…
What is a counter metric?A counter metric is a value that only increases, used to count events. Learn how counters work, why you query…
What is a cron job?A cron job is a command scheduled to run automatically at set times by the cron daemon. Learn how cron works…
What is a CSRF token?A CSRF token is an unpredictable value that proves a request came from your own app, blocking cross-site requ…
What is a CSS preprocessor?A CSS preprocessor adds variables, nesting, and functions, compiling to plain CSS. Learn how preprocessors li…
What is a CVE?A CVE is a unique identifier for a publicly known security vulnerability. Learn what CVE IDs mean and how the…
What is a daemon?A daemon is a long-running background process that provides a service. Learn what daemons are and how they sh…
DAG in data pipelines explainedA DAG in data pipelines explained: how a directed acyclic graph models task dependencies so steps run in orde…
What is a dashboard?A dashboard is a visual display of metrics and signals at a glance. Learn what makes a good dashboard and how…
Data contract explainedA data contract explained: the enforceable schema and quality guarantees between a data producer and its cons…
Data fixture in tests explainedA data fixture in tests explained: the known sample data a test runs against for repeatable results, why it m…
Data lake explainedA data lake explained: the low-cost store that holds raw structured and unstructured data at scale in open fo…
Data pipeline explainedA data pipeline explained: how automated steps move and transform data from source to destination, the batch…
Data quality check explainedA data quality check explained: an automated assertion that data meets a standard for accuracy, completeness,…
Data warehouse explainedA data warehouse explained: the centralized, structured store optimized for analytical queries over large dat…
What is a database replica?A database replica is a copy that takes read traffic and provides failover. Learn how replication works, its…
What is a deadlock?A deadlock occurs when two or more tasks each wait for a resource the other holds, so none can proceed. Learn…
a dependabot.yml fileThe dependabot.yml file configures automated dependency updates. Learn how it works.
What is a Deployment?A Kubernetes Deployment manages a set of replica pods and handles rolling updates and rollbacks. Learn how it…
What is a deployment job?A deployment job is a pipeline job that releases a build to an environment, like staging or production. Learn…
What is a deployment pipeline stage?A deployment pipeline stage is the phase that releases an artifact to an environment, usually after build and…
What is a deployment unit?A deployment unit is the smallest packaged artifact you deploy and roll back as one. Learn how its size shape…
What is a design token?A design token is a named value for a design decision like a color or spacing unit, shared across platforms.…
Digital signature explainedDigital signature explained: how a private key signs data that anyone can verify with the public key, proving…
What is a directed acyclic graph in CI?A directed acyclic graph (DAG) models pipeline jobs as nodes and dependencies as edges with no cycles. Learn…
What is a distributed system?A distributed system spreads work across many networked machines that act as one. Learn the failure modes it…
What is a distroless image?A distroless image contains your app and runtime but no shell or package manager. Learn what is stripped out…
What is a Docker image?A Docker image is an immutable, layered template for containers. Learn how layers, tags, and digests work and…
What is a Dockerfile?A Dockerfile is a text recipe of instructions that builds a Docker image. Learn the key instructions, layerin…
What is a downstream pipeline?A downstream pipeline is a pipeline triggered by another upstream pipeline, used to chain builds across proje…
What is a fan-out build?A fan-out build splits one piece of work into many parallel jobs, then often fans back in to combine results.…
What is a favicon pipeline?A favicon pipeline generates the many icon sizes and formats browsers and devices need from one source image.…
Feature pipeline explainedA feature pipeline explained: the automated process that turns raw data into reusable ML features and writes…
Feature store explainedA feature store explained: the system that computes, stores, and serves ML features consistently for training…
What is a feature toggle architecture?A feature toggle architecture wraps new code in runtime switches so deploy and release are separate. Learn ho…
What is a file descriptor?A file descriptor is a number the OS uses to refer to an open file or stream. Learn how descriptors 0, 1, and…
What is a firewall rule?A firewall rule specifies which network traffic is allowed or denied by protocol, port, and address. Learn wh…
What is a flame graph?A flame graph is a visualization that shows where time or resources are spent across nested operations. Learn…
What is a forward proxy?A forward proxy sits between clients and the internet, brokering outbound requests for filtering and control.…
What is a gauge metric?A gauge metric is a value that can go up or down, capturing a current measurement. Learn how gauges differ fr…
What is a GCP service account?A GCP service account is a non-human identity that apps and pipelines use to access Google Cloud. Learn what…
What is a generic?A generic lets you write code that works with many types while staying type-safe, parameterizing functions an…
What is a hard link?A hard link is an additional directory entry pointing at the same file data. Learn how hard links differ from…
What is a hardcoded secret?A hardcoded secret is a credential written directly into source code or config. Learn why it is dangerous and…
What is a hardened runner?A hardened runner is a CI machine configured to resist tampering and limit damage. Learn the hardening techni…
What is a hardware security module?A hardware security module (HSM) is tamper-resistant hardware that stores keys and performs crypto so keys ne…
Hash function explainedHash function explained: how an algorithm maps any input to a fixed-size fingerprint, the properties of crypt…
What is a health check endpoint?A health check endpoint is a URL that reports whether a service is alive and ready to serve. Learn what it is…
What is a heartbeat check?A heartbeat check expects a periodic signal and alerts when it stops arriving. Learn how heartbeat monitoring…
What is a Helm chart?A Helm chart is a templated, versioned package of Kubernetes manifests with configurable values. Learn how ch…
What is a here-document?A here-document feeds a block of inline text to a command as its standard input. Learn how here-docs work and…
Heredoc in YAML explainedHeredoc in YAML explained: how to embed a shell heredoc inside a multiline run block, the indentation and exp…
What is a hermetic build?A hermetic build runs in a sealed environment with all inputs declared, isolated from network and host. Learn…
What is a hidden file?A hidden file is one whose name starts with a dot, hidden from default listings. Learn how dotfiles work and…
What is a histogram metric?A histogram metric records the distribution of values across buckets, enabling percentiles. Learn how histogr…
a JenkinsfileA Jenkinsfile defines a Jenkins pipeline as code. Learn its two syntaxes.
What is a job dependency?A job dependency declares that one job must finish before another starts, ordering the pipeline. Learn how de…
JWT explainedJWT explained: the compact, signed token format that carries claims between services, its three base64url par…
What is a JUnit report?A JUnit report is a standard XML format for test results that almost every CI tool understands. Learn what it…
Jupyter notebook in CI explainedA Jupyter notebook in CI explained: what notebooks are, why running them in pipelines is tricky, and how to e…
JWT claim explainedJWT claim explained: the statements in a tokens payload such as issuer, subject, and expiry, the standard ver…
What is a Kubernetes Secret?A Kubernetes Secret stores sensitive data like passwords and tokens for pods to consume. Learn how it works,…
What is a leaked credential?A leaked credential is a secret that has escaped into a place it should not be. Learn the common leak paths a…
What is a Lighthouse score?A Lighthouse score rates a page on performance, accessibility, SEO, and best practices. Learn how scores are…
Line ending explainedLine endings explained: the invisible newline characters that end each line of text, why Windows and Unix dif…
What is a linker?A linker combines compiled object files and libraries into a single executable, resolving references between…
What is a liveness probe?A liveness probe lets Kubernetes detect a hung container and restart it. Learn how it works, how it differs f…
What is a load balancer tier?A load balancer tier distributes incoming traffic across many instances and routes around unhealthy ones. Lea…
What is a load balancer?A load balancer distributes incoming traffic across multiple servers for scale and reliability. Learn what lo…
What is a lockfile?A lockfile pins the exact versions of every dependency so installs are reproducible. Learn why CI should inst…
What is a log?A log is a timestamped record of a discrete event. Learn what logs are, structured vs unstructured logging, a…
What is a login shell?A login shell is the first shell of a session that reads profile startup files. Learn how login shells differ…
a MakefileA Makefile defines build tasks and dependencies. Learn how teams use it in CI.
What is a malicious dependency?A malicious dependency is a package that secretly carries hostile code. Learn how attackers plant them and ho…
What is a managed database?A managed database is a cloud-run database where the provider handles backups and patching. Learn what manage…
What is a manual approval?A manual approval is a pipeline pause that waits for a person to authorize the next step, often before a prod…
What is a matrix strategy?A matrix strategy runs the same job across many combinations of inputs - versions, OSes, configs - in paralle…
What is a memory leak?A memory leak is memory a program allocates but never releases, causing usage to grow over time. Learn what c…
What is a message broker?A message broker receives, routes, and delivers messages between services. Learn how brokers like RabbitMQ an…
What is a message queue?A message queue holds messages so producers and consumers work at their own pace. Learn how queues enable asy…
What is a metric?A metric is a numeric measurement tracked over time. Learn what metrics are, the common types, and how they p…
What is a microservice?A microservice is a small service owning one capability that ships on its own schedule. Learn how microservic…
Model card explainedA model card explained: the short document describing a model purpose, data, performance, and limits for resp…
Model registry explainedA model registry explained: the central catalog that versions, stages, and tracks trained ML models, and how…
What is a modular monolith?A modular monolith keeps strict internal module boundaries inside one deployable app. Learn how it balances s…
What is a module bundler?A module bundler resolves your import graph and emits combined output the browser can run. Learn how module f…
What is a monolith?A monolith is a single deployable application holding all features in one codebase. Learn the strengths, the…
What is a monorepo architecture?A monorepo architecture keeps many projects in one repository with shared tooling. Learn its benefits and the…
What is a monorepo build (frontend)?A monorepo build compiles many related frontend packages in one repository, building only what changed. Learn…
What is a monorepo?A monorepo keeps many projects in one repository with shared tooling and history. Learn the CI implications:…
What is a multi-arch image?A multi-arch image is a single tag backed by a manifest list of per-architecture images. Learn how the runtim…
What is a multi-stage build?A multi-stage build uses several FROM stages so build tools stay out of the final image. Learn how it works,…
What is a namespace?A Kubernetes namespace is a logical partition of a cluster for isolating and organizing resources. Learn what…
What is a network load balancer?A network load balancer distributes incoming traffic across multiple backend servers for scale and resilience…
What is a nightly build?A nightly build is a pipeline that runs on a schedule, usually overnight, to do heavier checks than every-com…
What is a node?A node is a worker machine in a Kubernetes cluster that runs pods. Learn what the kubelet and container runti…
What is a non-interactive shell?A non-interactive shell runs commands from a script without a prompt or user input. Learn how it differs from…
What is a nonce?A nonce is a number used once to prevent replay attacks and ensure freshness. Learn how nonces protect reques…
What is a null pointer?A null pointer is a reference that points to no valid object, and dereferencing one causes errors or crashes.…
What is a one-time password?A one-time password (OTP) is a code valid for a single login or short window. Learn how TOTP and HOTP work an…
What is a parent-child pipeline?A parent-child pipeline splits a large pipeline into a parent that triggers smaller child pipelines, often pe…
PEM file explainedPEM file explained: the base64-wrapped text container for keys and certificates, its BEGIN and END markers, a…
What is a personal access token?A personal access token (PAT) is a scoped, revocable credential that stands in for your password when calling…
What is a pipe (shell)?A pipe connects one command's output to the next command's input. Learn how shell pipes work and why pipefail…
What is a pipeline dashboard?A pipeline dashboard is the view that shows pipeline runs, statuses, durations, and trends in one place. Lear…
What is a pipeline event?A pipeline event is a signal, like a push or pull request, that the CI system reacts to by deciding whether t…
What is a pipeline run?A pipeline run is a single execution of a pipeline triggered by an event, with its own jobs, logs, status, an…
What is a pipeline stage?A pipeline stage is a named group of jobs that run together as one phase of a pipeline, such as build, test,…
What is a pipeline status?A pipeline status is the outcome state of a run, like success, failure, pending, or cancelled. Learn how stat…
What is a pipeline step?A pipeline step is a single command or action inside a job, like checking out code or running tests. Learn ho…
What is a pipeline template?A pipeline template is a reusable, parameterized pipeline definition many projects share to avoid copy-pastin…
What is a pipeline trigger token?A pipeline trigger token is a secret credential that lets an external system start a pipeline run via an API…
What is a pipeline variable?A pipeline variable is a named value available to jobs and steps in a run, used for config, environment names…
What is a pipeline-as-code file?A pipeline-as-code file is the version-controlled config that defines your CI/CD pipeline, living alongside y…
What is a plugin architecture?A plugin architecture lets features be added as modules loaded at runtime against a stable interface. Learn h…
What is a pod?A pod is the smallest deployable unit in Kubernetes - one or more containers that share a network and storage…
What is a poisoned pipeline execution?A poisoned pipeline execution runs attacker-controlled code with the pipeline's privileges. Learn the PPE att…
What is a polyfill?A polyfill is code that implements a missing browser feature so older browsers can run modern apps. Learn how…
What is a polyrepo architecture?A polyrepo architecture gives each project its own repository and pipeline. Learn its independence benefits a…
What is a polyrepo?A polyrepo splits each project into its own repository. Learn the trade-offs versus a monorepo and what polyr…
What is a port?A port is a number that identifies a specific service on a host so traffic reaches the right process. Learn w…
What is a post-deployment check?A post-deployment check verifies that a release is healthy after it goes live, catching bad deploys quickly.…
What is a postmortem?A postmortem is a structured review after an incident to learn and prevent recurrence. Learn what goes in one…
What is a pre-commit hook?A pre-commit hook runs checks on your machine before a commit is created, catching issues before they reach C…
Private key explainedPrivate key explained: the secret half of a key pair used to sign and decrypt, why it must never leak, and ho…
What is a private network?A private network keeps hosts reachable only internally, off the public internet. Learn what private networks…
What is an environment (process)?A process environment is the set of variables a program inherits from its parent. Learn how the environment i…
What is a process (OS)?A process is a running instance of a program with its own memory and resources. Learn how processes work and…
What is a process?A process is an instance of a running program with its own isolated memory and resources. Learn what a proces…
What is a progressive web app?A progressive web app is a website that can be installed, work offline, and behave like a native app. Learn w…
What is a promise?A promise is an object representing the eventual result of an asynchronous operation, which may succeed or fa…
What is a promotion step?A promotion step advances the same artifact from one environment to the next, like staging to production, wit…
Protobuf schema explainedProtobuf schema explained: how a .proto file defines a compact binary message format and generates code, plus…
Public key explainedPublic key explained: the shareable half of a key pair used to verify signatures and encrypt messages, why it…
What is a pure function?A pure function always returns the same output for the same input and has no side effects. Learn why pure fun…
What is a quality gate stage?A quality gate stage enforces automated criteria (coverage, scans, lint) that a build must pass to proceed. L…
What is a quality gate?A quality gate is a pass/fail condition that blocks a change from merging unless it meets defined thresholds.…
What is a race condition?A race condition is a bug where the outcome depends on the unpredictable timing of concurrent operations. Lea…
What is a readiness probe?A readiness probe tells Kubernetes when a pod is ready to receive traffic. Learn how it works, how it differs…
What is a refresh token?A refresh token lets an app obtain new access tokens without asking the user to log in again. Learn how refre…
What is a relative path?A relative path locates a file relative to the current working directory. Learn how relative paths work and w…
What is a release pipeline?A release pipeline takes a tested build through environments to production, often with approvals and promotio…
What is a remote cache?A remote cache stores build and dependency artifacts in shared storage so every CI runner can reuse them. Lea…
a renovate.json fileThe renovate.json file configures Renovate dependency automation. Learn how it compares to Dependabot.
What is a reproducible build?A reproducible build produces byte-for-byte identical output from the same source, every time. Learn what bre…
Reproducible ML pipeline explainedA reproducible ML pipeline explained: how pinning data, code, environment, and seeds lets a pipeline produce…
What is a REST API?A REST API exposes resources over HTTP using standard methods and status codes. Learn what REST is and how CI…
What is a reverse proxy?A reverse proxy sits in front of servers, receiving client requests and forwarding them to backends. Learn wh…
What is a reverse proxy?A reverse proxy sits in front of backend servers, forwarding requests and adding TLS, caching, and routing. L…
What is a rollback job?A rollback job restores the previous known-good version after a bad deploy, quickly returning the system to a…
What is a salt (hashing)?A salt is random data added before hashing so identical inputs produce different hashes. Learn how salts defe…
What is a sandboxed build?A sandboxed build runs in a confined environment with restricted access. Learn how sandboxing limits what a b…
What is a scheduled pipeline?A scheduled pipeline runs automatically on a time-based schedule, like a cron expression, independent of code…
What is a secret in CI?A CI secret is a sensitive value - token, key, password - stored encrypted and injected into jobs at runtime.…
What is a secrets manager?A secrets manager is a dedicated service that stores, encrypts, and serves credentials on demand. Learn what…
What is a security advisory?A security advisory is a published notice describing a vulnerability and its fix. Learn what advisories conta…
What is a security gate?A security gate is a CI check that blocks a build when it fails a security policy. Learn what gates enforce a…
What is a security group?A security group is a stateful virtual firewall that controls inbound and outbound traffic to cloud resources…
What is a security header?Security headers are HTTP response headers that instruct browsers to enforce protections. Learn the key ones…
What is a security patch?A security patch is an update that fixes a known vulnerability. Learn why fast, automated patching through CI…
What is a segfault?A segmentation fault is a crash that happens when a program accesses memory it is not allowed to. Learn what…
What is a service account?A service account is a non-human identity that automation like CI uses to authenticate. Learn how it differs…
What is a service container?A service container is a sidecar like Postgres or Redis that CI starts alongside your job for integration tes…
What is a service mesh?A service mesh handles service-to-service networking, retries, and security via sidecars. Learn what it offlo…
What is a service principal?A service principal is an Azure identity that apps and pipelines use to authenticate to resources. Learn what…
What is a service worker?A service worker is a background script that intercepts network requests to enable offline support and cachin…
What is a session cookie?A session cookie stores a token that keeps a user logged in across requests. Learn how session cookies work a…
SHA-256 hash explainedSHA-256 hash explained: the secure 256-bit hash from the SHA-2 family, why it is the modern integrity standar…
What is a shebang line?A shebang line is the first line of a script that tells the OS which interpreter to run it with. Learn how sh…
What is a shell script?A shell script is a file of shell commands run in sequence to automate a task. Learn how shell scripts work a…
What is a shell?A shell is the program that reads your typed commands and asks the operating system to run them. Learn what a…
What is a side effect?A side effect is any observable change a function makes beyond returning a value, like writing a file or muta…
What is a sidecar container?A sidecar is a helper container in the same pod as your app, sharing its lifecycle and network. Learn the pat…
What is a signal (OS)?A signal is an OS message that interrupts a process to ask it to act, like stopping. Learn how signals such a…
What is a signing key?A signing key is a private key used to create digital signatures that prove authenticity. Learn how signing k…
What is a single-page application?A single-page application loads once and updates the view with JavaScript instead of full page loads. Learn h…
What is a software bill of materials?A software bill of materials lists every component in your software. Learn what an SBOM contains and why it i…
What is a SolarWinds-style attack?A SolarWinds-style attack injects a backdoor during the build so signed updates carry it to every customer. L…
What is a source map?A source map links minified production code back to your original source so stack traces stay readable. Learn…
What is a span?A span is a single timed operation within a trace. Learn what spans contain, how they nest into a trace, and…
What is a stack overflow?A stack overflow happens when a program uses more call-stack memory than is available, usually from runaway r…
What is a stateful service?A stateful service holds data that must persist across requests and restarts. Learn why databases are statefu…
What is a static asset?A static asset is a file served as-is, like an image, font, or script, with no server processing. Learn how t…
What is a status page?A status page publicly communicates the current health and incident history of a service. Learn what status p…
Streaming pipeline explainedA streaming pipeline explained: how data is processed continuously as events arrive for low latency, the tool…
What is a subnet?A subnet is a logical slice of a larger network defined by an address range. Learn what subnets are and how p…
What is a subshell?A subshell is a child shell that runs commands in an isolated copy of the environment. Learn how subshells wo…
What is a supply chain attack?A supply chain attack compromises software through its dependencies, tools, or build process. Learn the forms…
What is a symbolic link?A symbolic link is a file that points to another path by name. Learn how symlinks work, how they differ from…
What is a synthetic monitor?A synthetic monitor runs scripted, simulated user flows on a schedule to catch problems proactively. Learn ho…
What is a TCP connection?A TCP connection is a reliable, ordered byte stream established between two endpoints. Learn what it is and w…
Template variable explainedTemplate variable explained: a named placeholder a templating engine replaces with a value to generate config…
What is a test report?A test report summarizes a test run - totals, failures, durations, and flakiness - in a readable form. Learn…
What is a thread?A thread is the smallest sequence of instructions a scheduler can run, sharing memory with other threads in t…
What is a threat model?A threat model is a structured analysis of what could go wrong and how attackers might strike. Learn how thre…
What is a tmpfs?A tmpfs is a filesystem that lives in memory rather than on disk. Learn how tmpfs works, its trade-offs, and…
What is a token scope?A token scope limits the actions a credential is allowed to perform. Learn how scopes enforce least privilege…
What is a trace?A trace records the end-to-end path of a single request across services. Learn what traces are, how they are…
Training pipeline explainedA training pipeline explained: the automated sequence from data to a registered model - prepare, train, evalu…
What is a transpiler?A transpiler translates source code from one language or version into another at a similar level of abstracti…
What is a transpiler?A transpiler converts source code from one language or version to another, like TypeScript to JavaScript. Lea…
What is a trap (shell)?A trap runs a command when the shell receives a signal or exits. Learn how traps work and how CI scripts use…
What is a type system?A type system is the set of rules a language uses to assign types to values and check that operations on them…
What is a umask?A umask sets the default permissions stripped from newly created files. Learn how umask works and why it affe…
Vector database explainedA vector database explained: a store built to index and search high-dimensional embeddings by similarity, why…
What is a language VM?A language virtual machine is a runtime that executes bytecode, abstracting away the real hardware. Learn how…
What is a virtual machine?A virtual machine is a software-emulated computer with its own OS running on shared hardware. Learn what VMs…
What is a visual regression test?A visual regression test screenshots the UI and compares it to a baseline to catch unintended visual changes.…
What is a VPC?A VPC is an isolated virtual network in the cloud where you run resources with your own addressing and rules.…
What is a vulnerability database?A vulnerability database catalogs known security flaws and the software they affect. Learn what feeds it and…
What is a vulnerability scan?A vulnerability scan checks your code, dependencies, or images against databases of known security flaws. Lea…
What is a vulnerability?A vulnerability is a flaw that an attacker can exploit to compromise a system. Learn how vulnerabilities aris…
What is a web font subset?A web font subset is a trimmed font file containing only the glyphs your site uses, cutting download size. Le…
What is a web manifest?A web manifest is a JSON file that tells the browser how to install and display your app. Learn what it conta…
What is a webhook architecture?A webhook architecture lets one system push events to another via HTTP callbacks. Learn how webhooks drive in…
What is a webhook in CI?A webhook is an HTTP callback that fires on an event like a push, to trigger a pipeline or notify a service.…
What is a webhook?A webhook is an HTTP callback a service sends when an event happens, pushing data instead of waiting to be po…
What is a WebSocket?A WebSocket is a persistent, full-duplex connection for real-time messaging between client and server. Learn…
What is a wildcard?A wildcard is a character like * or ? that stands in for others in a pattern. Learn how shell wildcards work…
What is a workflow file?A workflow file is the YAML document that defines a pipeline: its triggers, jobs, and steps. Learn how a work…
What is a working directory?The working directory is the folder a process treats as its current location. Learn how it affects relative p…
YAML anchor explainedYAML anchors explained: how anchors and aliases let you define a block once and reuse it, with merge keys, in…
YAML multiline string explainedYAML multiline strings explained: the block scalar styles for writing long text, the difference between folde…
What is a zero-day?A zero-day is a vulnerability unknown to the vendor, with no patch available. Learn what makes zero-days dang…
What is AOT compilation?Ahead-of-time compilation translates code to native machine code before the program runs, giving instant peak…
What is alerting fatigue?Alerting fatigue is when too many alerts cause people to ignore them, including real ones. Learn what causes…
What is Amazon CloudFront?Amazon CloudFront is AWS CDN, caching content at edge locations worldwide for low latency. Learn what CloudFr…
What is Amazon ECR?Amazon ECR is AWS managed container registry for storing and pulling Docker images. Learn what ECR is and how…
What is Amazon ECS?Amazon ECS is AWS native container orchestration that runs and scales Docker containers on EC2 or Fargate. Le…
What is Amazon EKS?Amazon EKS is AWS managed Kubernetes service, running the control plane for you so you focus on workloads. Le…
What is Amazon S3?Amazon S3 is AWS object storage for files of any size, accessed over HTTP with high durability. Learn what S3…
an .editorconfig fileThe .editorconfig file standardizes editor settings across a team. Learn its role.
an .eslintrc fileThe .eslintrc file configures ESLint rules. Learn how it gates CI.
an .npmrc fileThe .npmrc file configures npm, including registries and auth. Learn how CI uses it.
an .nvmrc fileThe .nvmrc file pins the Node.js version for a project. Learn how CI uses it.
What is an A record?An A record maps a hostname directly to an IPv4 address in DNS. Learn what A records are and how deploys use…
What is an ABI?An ABI is the low-level binary interface that lets compiled code interoperate, defining calling conventions a…
What is an absolute path?An absolute path specifies a file's full location from the filesystem root. Learn how absolute paths work and…
What is an access control list?An access control list (ACL) attaches explicit permission entries to a resource. Learn how ACLs work and wher…
What is an access token?An access token is a short-lived credential an app presents to access protected resources. Learn how access t…
What is an alert?An alert is an automated notification that fires when a monitored condition is met. Learn what makes a good a…
What is an API contract?An API contract is the agreed shape and behavior of an interface that callers depend on. Learn how contracts…
What is an API gateway?An API gateway is a single entry point that routes, authenticates, and rate-limits API traffic. Learn what it…
What is an API key?An API key is a string that identifies and authenticates a caller to a service. Learn how API keys work, thei…
Embedding explainedAn embedding explained: a numerical vector capturing the meaning of text, images, or other data so similar it…
What is an entry point?An entry point is the file where a bundler starts building the dependency graph. Learn how entry points shape…
What is an environment promotion?Environment promotion is the practice of advancing a release through a chain of environments, like dev to sta…
What is an environment variable?An environment variable in CI is a named value passed into your job to configure behavior. Learn how they are…
What is an environment variable?An environment variable is a named value processes inherit from their parent. Learn how env variables work an…
What is an ephemeral credential?An ephemeral credential is a short-lived secret minted for a single task and discarded. Learn why ephemeralit…
What is an event bus?An event bus is a shared channel that carries events between decoupled components. Learn how it works in-proc…
What is an event loop?An event loop is a runtime mechanism that handles many tasks on one thread by processing events from a queue.…
What is an exception?An exception is a signal that an error occurred, interrupting normal flow so it can be handled elsewhere. Lea…
What is an exit code?An exit code is the number a program returns to say whether it succeeded. Learn how exit codes work and why t…
HMAC explainedHMAC explained: how a secret key plus a hash function authenticates a message, why webhooks use it, and how C…
What is an HTTP status code?An HTTP status code is a number the server returns to report the outcome of a request. Learn what status code…
What is an IAM role?An IAM role is an assumable AWS identity that grants temporary credentials instead of permanent keys. Learn w…
What is an idempotent request?An idempotent request produces the same result whether sent once or many times. Learn what idempotency is and…
What is an image digest?An image digest is a SHA-256 hash that names exact image content and never moves. Learn how digests differ fr…
What is an image tag?An image tag is a human-friendly, movable label on a repository like myapp:1.4. Learn tagging strategies, the…
What is an incremental build?An incremental build rebuilds only the parts affected by a change, reusing earlier outputs for the rest. Lear…
What is an ingress?An Ingress routes external HTTP/S traffic to Services inside a cluster by host and path. Learn how it works,…
What is an init container?An init container runs to completion before a pod’s app containers start. Learn what it is for, how it differ…
What is an interpreter?An interpreter executes source code directly at runtime instead of compiling it ahead of time. Learn how inte…
What is an IP address?An IP address is the numeric identifier that locates a host on a network so traffic can reach it. Learn what…
MD5 hash explainedMD5 hash explained: the legacy 128-bit hash function, why it is broken for security but still used for non-se…
What is an OAuth token?An OAuth token grants delegated, scoped access to an API on behalf of a user or app. Learn what OAuth tokens…
What is an OIDC role for GitHub Actions?An OIDC role lets GitHub Actions assume an AWS IAM role using a signed token, with no stored keys. Learn how…
What is an SBOM?An SBOM is a software bill of materials - a complete inventory of every component in your build. Learn the fo…
What is an SLA?An SLA is a formal commitment about service performance, often with penalties. Learn what SLAs are, how they…
What is an SSL certificate?An SSL/TLS certificate proves a server identity and enables encrypted HTTPS connections. Learn what it is and…
What is an SVG sprite?An SVG sprite combines many SVG icons into one file so the browser fetches them in a single request. Learn ho…
What is an uptime check?An uptime check probes a service from outside to confirm it is reachable. Learn how uptime checks work and ho…
X.509 certificate explainedX.509 certificate explained: the standard format that binds a public key to an identity with a CA signature,…
What is anomaly detection?Anomaly detection automatically flags metrics that deviate from normal behavior, without fixed thresholds. Le…
Apache Airflow explainedApache Airflow explained: the open-source platform for authoring, scheduling, and monitoring data workflows a…
Apache Spark explainedApache Spark explained: the open-source engine for large-scale, in-memory distributed data processing across…
What is API versioning?API versioning lets you ship breaking changes while old clients keep using the old version. Learn the common…
What is API-first design?API-first design defines the API contract before writing implementation. Learn how it enables parallel work,…
What is APM?APM is application performance monitoring: code-level insight into how an app behaves in production. Learn wh…
What is Argo CD?Argo CD is a GitOps controller that syncs Kubernetes clusters to manifests in Git. Learn how Applications, sy…
What is artifact attestation?An artifact attestation is a signed statement about a build artifact. Learn what attestations assert and how…
What is artifact retention?Artifact retention is how long CI keeps your uploaded artifacts before deleting them. Learn how retention aff…
What is artifact signing?Artifact signing attaches a cryptographic signature to a build output so consumers can verify its integrity a…
What is asymmetric encryption?Asymmetric encryption uses a public and private key pair, enabling secure key exchange and digital signatures…
What is async/await?Async/await is syntax that lets you write asynchronous, non-blocking code that reads like ordinary sequential…
What is attribute-based access control?Attribute-based access control (ABAC) decides access from attributes of the user, resource, and context. Lear…
What is authentication?Authentication is the process of proving an identity is who it claims to be. Learn how it works for users and…
What is authorization?Authorization decides what an authenticated identity is permitted to do. Learn how permission models work and…
What is automated dependency updating?Automated dependency updating uses bots to keep your packages current and patched. Learn how it works and how…
What is AWS CodeDeploy?AWS CodeDeploy automates deployments to EC2, Lambda, and ECS with rolling and blue-green strategies. Learn wh…
What is AWS Fargate?AWS Fargate runs containers without managing servers, sizing compute per task for ECS and EKS. Learn what Far…
What is AWS IAM?AWS IAM controls who and what can access AWS resources through users, roles, and policies. Learn what IAM is…
What is AWS Lambda?AWS Lambda runs your code in response to events without managing servers, billing per millisecond. Learn what…
What is AWS?Amazon Web Services (AWS) is a cloud offering compute, storage, networking, and managed services on demand. L…
What is Azure App Service?Azure App Service is a managed platform for hosting web apps and APIs without managing servers. Learn what Ap…
What is Azure Container Apps?Azure Container Apps runs containers serverlessly with autoscaling and scale-to-zero. Learn what Container Ap…
What is Azure Container Registry?Azure Container Registry (ACR) stores and manages container images for Azure deployments. Learn what ACR is a…
What is Azure Kubernetes Service?Azure Kubernetes Service (AKS) is Azure managed Kubernetes for running containerized workloads. Learn what AK…
What is backward compatibility?Backward compatibility means new versions still work with existing clients and data. Learn why it underpins s…
Base64 encoding explainedBase64 encoding explained: how binary data is turned into safe ASCII text, why it is not encryption, and how…
What is Bash?Bash is the most common Unix shell and the default for most CI scripts. Learn what Bash is, how it differs fr…
What is bcrypt?bcrypt is a password-hashing function designed to be slow and tunable, resisting brute force. Learn how its w…
What is Browserslist?Browserslist is a shared config that declares supported browsers for your build tools. Learn how it works and…
What is build integrity?Build integrity is the assurance that an artifact was produced from the expected source by an untampered proc…
What is build orchestration?Build orchestration is the coordination of jobs, dependencies, and pipelines so work runs in the right order…
What is build provenance?Build provenance is a signed, verifiable record of how an artifact was built and from what source. Learn how…
build.gradlebuild.gradle is the Gradle build script. Learn what it configures for CI.
What is BuildKit?BuildKit is Docker’s modern build engine with parallel stages, better caching, and build secrets. Learn what…
What is bytecode?Bytecode is a compact, portable instruction format that a virtual machine executes instead of native CPU inst…
What is cache busting?Cache busting forces browsers and CDNs to download a new asset by changing its URL when its content changes.…
What is cardinality in metrics?Cardinality is the number of unique time series a metric produces from its label combinations. Learn why high…
Cargo.lockCargo.lock pins exact Rust dependency versions. Learn when to commit it.
Cargo.tomlCargo.toml is the manifest for a Rust crate. Learn what it declares for CI builds.
What is chmod?chmod is the Unix command that changes a file's permissions. Learn how chmod works and why CI scripts use chm…
CI_COMMIT_BRANCHCI_COMMIT_BRANCH is the branch name in a GitLab CI branch pipeline. Learn when it is set versus empty.
CI_COMMIT_MESSAGECI_COMMIT_MESSAGE is the full commit message in a GitLab CI pipeline. Learn how to skip CI or parse it.
CI_COMMIT_REF_NAMECI_COMMIT_REF_NAME is the branch or tag name for a GitLab CI pipeline. Learn how to use it in rules and namin…
CI_COMMIT_SHACI_COMMIT_SHA is the full commit hash that triggered a GitLab CI pipeline. Learn what it holds and how to use…
CI_COMMIT_SHORT_SHACI_COMMIT_SHORT_SHA is the abbreviated commit hash in GitLab CI. Learn how it is used to tag builds and image…
CI_COMMIT_TAGCI_COMMIT_TAG is the tag name in a GitLab CI tag pipeline. Learn how to trigger release jobs with it.
CI_DEFAULT_BRANCHCI_DEFAULT_BRANCH is the name of a GitLab project default branch in CI. Learn how to gate deploys with it.
CI_ENVIRONMENT_NAMECI_ENVIRONMENT_NAME is the deployment environment of a GitLab CI job, like staging or production. Learn how e…
CI_JOB_IDCI_JOB_ID is the unique ID of a GitLab CI job. Learn how to use it for artifacts and API calls.
CI_JOB_NAMECI_JOB_NAME is the name of the current GitLab CI job as defined in your .gitlab-ci.yml. Learn where it is use…
CI_JOB_STAGECI_JOB_STAGE is the pipeline stage of the current GitLab CI job, like build, test, or deploy. Learn how stage…
CI_JOB_TOKENCI_JOB_TOKEN is a short-lived token GitLab CI jobs use to authenticate to GitLab. Learn what it can and canno…
CI_MERGE_REQUEST_IIDCI_MERGE_REQUEST_IID is the merge request number in a GitLab merge request pipeline. Learn when it is set.
CI_PIPELINE_IDCI_PIPELINE_ID is the globally unique ID of a GitLab CI pipeline. Learn how it differs from CI_PIPELINE_IID.
CI_PIPELINE_IIDCI_PIPELINE_IID is the per-project pipeline number in GitLab CI. Learn how it is used as a build number.
CI_PIPELINE_SOURCECI_PIPELINE_SOURCE is how a GitLab CI pipeline was triggered: push, merge_request_event, schedule, and more.…
CI_PROJECT_DIRCI_PROJECT_DIR is the directory where GitLab CI checks out your repository. Learn why it matters in scripts.
CI_PROJECT_IDCI_PROJECT_ID is the unique numeric ID of a GitLab project in CI. Learn how to use it in API calls.
CI_PROJECT_NAMECI_PROJECT_NAME is the name of the GitLab project running a pipeline. Learn how it differs from the path.
CI_PROJECT_PATHCI_PROJECT_PATH is the namespace/project path of a GitLab project in CI, like mygroup/myapp. Learn its uses.
CI_REGISTRY_IMAGECI_REGISTRY_IMAGE is the base image path for a project in the GitLab Container Registry. Learn how to tag ima…
CI_REGISTRYCI_REGISTRY is the address of the GitLab Container Registry available to CI jobs. Learn how to log in and pus…
What is Cloudflare Pages?Cloudflare Pages builds and hosts front-end sites on Cloudflare global edge network from Git. Learn what Page…
What is Cloudflare Workers?Cloudflare Workers runs serverless code at the edge close to users, with near-zero cold starts. Learn what Wo…
What is code splitting?Code splitting breaks a bundle into smaller chunks loaded on demand so users download only what they need. Le…
What is command substitution?Command substitution captures a command's output and inserts it where a value is expected. Learn how it works…
composer.jsoncomposer.json is the manifest for a PHP project. Learn what Composer and CI do with it.
composer.lockcomposer.lock pins exact PHP dependency versions. Learn why CI needs it.
What is concurrency?Concurrency is structuring a program to deal with many tasks at once, whether or not they run simultaneously.…
What is configuration management?Configuration management keeps system and app settings consistent and version-controlled. Learn how it preven…
What is container scanning?Container scanning inspects an image for known vulnerabilities and misconfigurations. Learn how scanners work…
Continuous training explainedContinuous training explained: the MLOps practice of automatically retraining models on fresh data or trigger…
What is CORS?CORS is a browser rule controlling which sites may call an API from another origin. Learn what CORS is and ho…
What is CQRS?CQRS splits a system into separate models for reading and writing data. Learn when the pattern pays off and h…
What is credential exfiltration in CI?Credential exfiltration is when an attacker steals secrets from a running pipeline. Learn how it happens and…
What is critical CSS?Critical CSS is the minimal CSS needed to render above-the-fold content, inlined for fast first paint. Learn…
CRLF vs LF explainedCRLF vs LF explained: the Windows versus Unix newline difference, why it breaks scripts and diffs in CI, and…
CSV explainedCSV explained: the simple tabular text format of comma-separated rows, its quoting and escaping pitfalls, and…
What is CVSS scoring?CVSS scoring rates the severity of a vulnerability on a 0-10 scale. Learn what the score measures and how to…
Data drift explainedData drift explained: how the distribution of a model input data changes over time, why it degrades predictio…
Data lineage explainedData lineage explained: the map of where data comes from and how it transforms through a platform, why it mat…
Data validation explainedData validation explained: the automated checks that confirm data meets expectations on shape, type, and rang…
Data versioning explainedData versioning explained: how teams snapshot and track datasets over time so ML experiments are reproducible…
What is database sharding?Database sharding splits one dataset across multiple databases by a shard key. Learn why it scales writes, wh…
What is Datadog?Datadog is a cloud monitoring and observability platform covering metrics, logs, traces, and more. Learn what…
dbt explaineddbt explained: the data build tool that lets analysts transform warehouse data with version-controlled, teste…
What is Dependabot?Dependabot opens pull requests to update vulnerable or outdated dependencies. Learn how it works and how it k…
What is dependency caching?Dependency caching stores downloaded packages between CI runs so jobs skip re-fetching them. Learn how it wor…
What is dependency confusion?Dependency confusion tricks a build into pulling a public package instead of your private one. Learn how the…
What is dependency injection?Dependency injection passes a component its dependencies instead of having it create them. Learn how it impro…
What is dependency scanning?Dependency scanning checks your third-party libraries against databases of known vulnerabilities. Learn how i…
What is deployment monitoring?Deployment monitoring watches system health across a release to catch and respond to bad deploys fast. Learn…
Deserialization explainedDeserialization explained: how a byte stream is turned back into in-memory data, why untrusted input is dange…
What is DevSecOps?DevSecOps integrates security into DevOps so it is everyone's responsibility and automated into the pipeline.…
What is DNS propagation?DNS propagation is the delay before a DNS record change is seen everywhere as caches expire. Learn what it is…
What is DNS?DNS translates human-readable hostnames into IP addresses so clients can find servers. Learn what DNS is and…
What is docker buildx?docker buildx is the BuildKit-powered CLI for advanced and multi-platform image builds. Learn what builders a…
What is Docker Hub?Docker Hub is the default public registry for container images, hosting official and community images. Learn…
What is Docker layer caching?Docker layer caching reuses unchanged layers so rebuilds skip redundant work. Learn how the cache invalidates…
What is Docker-in-Docker?Docker-in-Docker (DinD) runs a Docker daemon inside a container so jobs can build images. Learn how it works,…
What is Docker?Docker is a platform for building, shipping, and running containers. Learn what the Docker engine, CLI, and i…
What is duck typing?Duck typing decides whether an object can be used based on the methods and properties it has, not its declare…
DVC explainedDVC explained: the open-source Data Version Control tool that versions datasets and models alongside Git, def…
What is dynamic linking?Dynamic linking resolves references to shared libraries when a program loads or runs, rather than baking them…
What is dynamic typing?Dynamic typing checks the types of values while the program runs, not at compile time. Learn how dynamic typi…
What is egress filtering in CI?Egress filtering restricts the outbound connections a CI job can make. Learn how it blocks data exfiltration…
What is egress traffic?Egress traffic is data flowing out of a network to external destinations. Learn what egress is and how egress…
What is Elastic Beanstalk?AWS Elastic Beanstalk deploys and scales web apps by managing the underlying AWS resources for you. Learn wha…
ELT explainedELT explained: the extract, load, transform pattern that loads raw data into the warehouse first and transfor…
What is encryption at rest?Encryption at rest protects data while it is stored on disk. Learn how it works and why it matters for CI sec…
What is encryption in transit?Encryption in transit protects data as it moves across a network. Learn how TLS secures pipeline traffic and…
What is encryption?Encryption transforms readable data into ciphertext that only a key can reverse. Learn how encryption protect…
Env var interpolation explainedEnvironment variable interpolation explained: how a tool substitutes variable values into text, the quoting a…
What is error handling?Error handling is the practice of anticipating and responding to failures so a program degrades gracefully in…
ETL explainedETL explained: the extract, transform, load pattern for moving data into a target system by transforming it b…
What is event sourcing?Event sourcing stores every change as an immutable event and rebuilds state by replaying them. Learn its bene…
What is event-driven architecture?Event-driven architecture connects components through events instead of direct calls. Learn how it decouples…
What is eventual consistency?Eventual consistency means data becomes consistent over time, not instantly. Learn the trade-off behind it an…
Experiment tracking explainedExperiment tracking explained: recording the parameters, code, data, and metrics of every ML training run so…
What is fan-out / fan-in?Fan-out splits work across many parallel jobs; fan-in gathers their results into one. Learn this pipeline pat…
What is Fly.io?Fly.io runs your app in containers (Firecracker microVMs) in regions near your users. Learn what Fly.io is an…
What is garbage collection?Garbage collection automatically reclaims memory that a program no longer uses, so developers do not free it…
GemfileGemfile declares Ruby gem dependencies. Learn how Bundler and CI use it.
Gemfile.lockGemfile.lock pins exact Ruby gem versions. Learn its role in reproducible CI.
What is GHCR?GHCR is GitHub Container Registry, hosting images under ghcr.io tied to GitHub identities. Learn how auth, pe…
GITLAB_CIGITLAB_CI is a variable set to true whenever code runs inside GitLab CI/CD. Learn how scripts detect the envi…
What is GitOps?GitOps manages infrastructure declaratively from Git, with an agent reconciling the cluster to match. Learn t…
What is globbing?Globbing is the shell expanding wildcard patterns into matching filenames. Learn how globbing works and how i…
go.modgo.mod declares a Go module and its dependencies. Learn how CI uses it.
go.sumgo.sum records checksums for Go dependencies. Learn its security role in CI.
What is Google Artifact Registry?Google Artifact Registry stores container images and language packages on GCP with IAM integration. Learn wha…
What is Google Cloud Build?Google Cloud Build runs build, test, and deploy steps as containers inside GCP. Learn what Cloud Build is and…
What is Google Cloud Platform?Google Cloud Platform (GCP) is Google public cloud offering compute, storage, and data services. Learn what G…
What is Google Cloud Run?Google Cloud Run runs containers serverlessly, scaling to zero and up automatically from a single image. Lear…
What is Google Kubernetes Engine?Google Kubernetes Engine (GKE) is GCP managed Kubernetes service for running containerized workloads. Learn w…
GPU CI explainedGPU CI explained: running CI/CD jobs on GPU-equipped runners for ML training, inference tests, and CUDA build…
What is Grafana?Grafana is an open-source tool for visualizing metrics, logs, and traces as dashboards. Learn how it works an…
What is GraphQL?GraphQL is an API query language that lets clients request exactly the data they need in one call. Learn what…
Great Expectations explainedGreat Expectations explained: the open-source Python framework for declaring, running, and documenting data q…
gRPC reflection explainedgRPC reflection explained: how a server exposes its service definitions at runtime so clients and tools can c…
What is gRPC?gRPC is a fast, binary RPC framework built on HTTP/2 and protocol buffers. Learn what gRPC is and how it show…
What is Helm?Helm is the package manager for Kubernetes, installing and upgrading apps packaged as charts. Learn what Helm…
What is Heroku?Heroku is a platform-as-a-service that runs apps from a Git push without managing servers. Learn what Heroku…
What is Honeycomb?Honeycomb is an observability tool built for high-cardinality, event-based data and fast exploration. Learn h…
What is horizontal scaling?Horizontal scaling adds more instances to handle load instead of bigger ones. Learn why it favors stateless d…
What is hot module replacement?Hot module replacement swaps changed modules into a running app without a full reload, preserving state. Lear…
HTTP 100 ContinueHTTP 100 Continue is an interim response during large uploads. Learn what it signals.
HTTP 101 Switching ProtocolsHTTP 101 Switching Protocols signals an upgrade, e.g. to WebSocket. Learn where it appears.
HTTP 200 OKHTTP 200 OK means the request succeeded. Learn what it signals and how CI health checks use it.
HTTP 201 CreatedHTTP 201 Created means a request succeeded and a new resource was created. Learn how APIs and CI use it.
HTTP 204 No ContentHTTP 204 No Content means success with no response body. Learn where it is used in APIs and CI.
HTTP 206 Partial ContentHTTP 206 Partial Content is returned for range requests. Learn how it speeds downloads.
HTTP 301 Moved PermanentlyHTTP 301 Moved Permanently is a permanent redirect. Learn how it affects API calls and CI checks.
HTTP 302 FoundHTTP 302 Found is a temporary redirect. Learn how it differs from 301 and affects CI requests.
HTTP 304 Not ModifiedHTTP 304 Not Modified means a cached copy is still valid. Learn how it speeds up CI downloads.
HTTP 307 Temporary RedirectHTTP 307 Temporary Redirect preserves the request method. Learn how it differs from 302.
HTTP 308 Permanent RedirectHTTP 308 Permanent Redirect is like 301 but preserves the method. Learn when it matters.
HTTP 400 Bad RequestHTTP 400 Bad Request means the server could not understand the request. Learn common CI causes.
HTTP 401 UnauthorizedHTTP 401 Unauthorized means authentication failed or is missing. Learn the common CI causes.
HTTP 403 ForbiddenHTTP 403 Forbidden means you are authenticated but not allowed. Learn how it shows up in CI.
HTTP 404 Not FoundHTTP 404 Not Found means the resource does not exist. Learn common CI and deploy causes.
HTTP 405 Method Not AllowedHTTP 405 Method Not Allowed means the HTTP method is not supported for that URL. Learn the fix.
HTTP 408 Request TimeoutHTTP 408 Request Timeout means the server timed out waiting for the request. Learn how CI handles it.
HTTP 409 ConflictHTTP 409 Conflict means the request conflicts with the current resource state. Learn common causes.
HTTP 410 GoneHTTP 410 Gone means the resource was permanently removed. Learn how it differs from 404.
HTTP 413 Payload Too LargeHTTP 413 Payload Too Large means the request body exceeds the server limit. Learn the CI fix.
HTTP 415 Unsupported Media TypeHTTP 415 Unsupported Media Type means the Content-Type is not accepted. Learn the fix.
HTTP 418 I am a teapotHTTP 418 I am a teapot is a joke status from an April Fools RFC. Learn its real-world use.
HTTP 422 Unprocessable EntityHTTP 422 Unprocessable Entity means the request was well-formed but failed validation. Learn the fix.
HTTP 423 LockedHTTP 423 Locked means the resource is locked. Learn where it appears in CI.
HTTP 425 Too EarlyHTTP 425 Too Early means the server is unwilling to risk replaying a request. Learn the context.
HTTP 426 Upgrade RequiredHTTP 426 Upgrade Required means the client must switch protocols. Learn when CI sees it.
HTTP 428 Precondition RequiredHTTP 428 Precondition Required means the server requires a conditional request. Learn the fix.
HTTP 429 Too Many Requests RetryHTTP 429 in CI means you are rate-limited. Learn how runners and retries handle it (status code deep dive).
HTTP 431 Request Header Fields Too LargeHTTP 431 means request headers are too large. Learn the common CI cause.
HTTP 451 Unavailable For Legal ReasonsHTTP 451 means content is blocked for legal reasons. Learn the context.
HTTP 500 Internal Server ErrorHTTP 500 Internal Server Error means the server hit an unexpected error. Learn how CI should react.
HTTP 501 Not ImplementedHTTP 501 Not Implemented means the server does not support the request method. Learn the fix.
HTTP 503 Service UnavailableHTTP 503 Service Unavailable means the server is temporarily overloaded or down. Learn how CI handles it.
HTTP 504 Gateway TimeoutHTTP 504 Gateway Timeout means an upstream server did not respond in time. Learn how CI should react.
HTTP 505 HTTP Version Not SupportedHTTP 505 means the server does not support the HTTP version used. Learn when it appears.
HTTP 511 Network Authentication RequiredHTTP 511 means network access requires authentication (captive portal). Learn when CI sees it.
What is HTTP?HTTP is the request-response protocol that web clients and servers use to exchange data. Learn what HTTP is a…
What is HTTPS?HTTPS is HTTP wrapped in TLS encryption so traffic cannot be read or tampered with. Learn what HTTPS is and w…
What is hydration?Hydration attaches JavaScript event handlers to server-rendered HTML so a static page becomes interactive. Le…
What is image scanning?Image scanning inspects a container image for known vulnerabilities, secrets, and misconfigurations. Learn ho…
What is image signing?Image signing attaches a verifiable signature to a container image. Learn how it works and how it stops tampe…
What is immutability?Immutability means once data is created it cannot be changed; updates produce new values instead. Learn why i…
What is incident management?Incident management is the process of detecting, responding to, and resolving service disruptions. Learn its…
What is incremental static regeneration?Incremental static regeneration rebuilds individual static pages after deploy so content stays fresh without…
What is ingress traffic?Ingress traffic is data flowing into a network from outside. Learn what ingress is and how ingress rules and…
JSON Schema explainedJSON Schema explained: how a schema describes the allowed shape of JSON or YAML so tools and editors can vali…
JSON explainedJSON explained: the lightweight text format for objects and arrays that powers APIs, config files, and CI too…
What is JIT compilation?Just-in-time compilation translates code to native machine code at runtime, after the program starts, to spee…
What is key rotation?Key rotation is the practice of regularly replacing cryptographic keys and credentials. Learn why it limits e…
What is keyless signing?Keyless signing uses short-lived certificates tied to an identity instead of long-lived private keys. Learn h…
What is kubectl?kubectl is the CLI that talks to the Kubernetes API to inspect and change cluster state. Learn the essential…
What is Kubernetes?Kubernetes runs and manages containers across a cluster of machines. Learn its core ideas - desired state, po…
What is lazy loading?Lazy loading defers loading code, images, or data until they are actually needed, speeding initial load. Lear…
What is least privilege?Least privilege means giving each CI job only the permissions it needs and nothing more. Learn how to scope t…
What is least-privilege CI?Least-privilege CI grants pipelines the minimum permissions required for each job. Learn how to apply it and…
What is linking?Linking is the build phase that resolves references between compiled units and produces a runnable program. L…
What is linting?Linting analyzes code for style issues, likely bugs, and bad patterns using configurable rules. Learn how lin…
What is log aggregation?Log aggregation collects logs from many sources into one searchable system. Learn how it works and why centra…
What is log retention?Log retention is how long logs are kept before deletion, balancing cost, compliance, and usefulness. Learn ho…
Markdown explainedMarkdown explained: the lightweight, plain-text markup for formatting READMEs, docs, PR descriptions, and CI…
What is Microsoft Azure?Microsoft Azure is Microsoft public cloud offering compute, storage, and managed services. Learn what Azure i…
What is minification?Minification removes whitespace, comments, and long names to shrink JS and CSS without changing behavior. Lea…
MLflow explainedMLflow explained: the open-source platform for experiment tracking, model packaging, and a model registry acr…
MLOps explainedMLOps explained: the practices that bring CI/CD discipline to machine learning, covering data, training, regi…
Model drift explainedModel drift explained: how a deployed model becomes less accurate as the world changes, the types of drift, a…
Model training in CI explainedModel training in CI explained: how to run machine learning training as an automated pipeline job, why it nee…
Model versioning explainedModel versioning explained: how teams track every trained model version with its data, code, and metrics so r…
What is monitoring?Monitoring is collecting and watching signals to know when a system is unhealthy. Learn what it is, how it di…
What is multi-factor authentication?Multi-factor authentication (MFA) requires two or more independent proofs of identity. Learn how it works and…
What is mutual TLS?Mutual TLS authenticates both client and server with certificates, not just the server. Learn what mTLS is an…
What is NAT?NAT, network address translation, lets private hosts reach the internet through a shared public address. Lear…
What is Netlify?Netlify is a platform for deploying web front ends and serverless functions from Git with previews. Learn wha…
What is New Relic?New Relic is an observability platform known for application performance monitoring. Learn what it does and h…
Notebook testing explainedNotebook testing explained: the practices and tools for verifying Jupyter notebooks run cleanly and produce e…
What is OAuth 2.0?OAuth 2.0 is a standard for delegated authorization that lets apps access resources on your behalf without yo…
What is object storage?Object storage keeps files as objects in flat buckets, accessed over HTTP at scale. Learn what object storage…
What is observability?Observability is the ability to understand a system from its outputs. Learn what it means, how it differs fro…
What is OCI?The Open Container Initiative (OCI) standardizes image and runtime formats so containers work across tools. L…
What is OIDC in CI?OIDC lets CI authenticate to cloud providers with short-lived tokens instead of stored secrets. Learn how the…
What is OIDC token exchange?OIDC token exchange lets a pipeline trade its identity for a short-lived cloud credential, with no stored sec…
What is on-call?On-call is the practice of having engineers available to respond to incidents around the clock. Learn how rot…
What is OpenID Connect?OpenID Connect (OIDC) is an identity layer on OAuth 2.0 that verifies who a user is. Learn how OIDC powers ke…
What is OpenTelemetry?OpenTelemetry is an open standard for generating and exporting metrics, logs, and traces. Learn how OTel work…
package-lock.jsonpackage-lock.json pins exact npm dependency versions. Learn why CI relies on it.
package.jsonpackage.json is the manifest for a Node.js project. Learn what it declares and how CI uses it.
What is PagerDuty?PagerDuty is a platform for incident alerting, on-call scheduling, and escalation. Learn what it does and how…
What is parallelism in CI?Parallelism in CI means running independent jobs or tests at once to cut wall-clock time. Learn the differenc…
What is parallelism?Parallelism is executing multiple computations at literally the same time, usually across multiple CPU cores.…
What is password hashing?Password hashing stores a one-way transform of a password instead of the password itself. Learn why slow, sal…
What is pipeline observability?Pipeline observability is the ability to understand why your pipelines behave as they do, using metrics, logs…
What is pipeline parallelism?Pipeline parallelism runs independent jobs at the same time instead of one after another, cutting wall-clock…
What is pipeline poisoning?Pipeline poisoning is the manipulation of a CI/CD pipeline to run attacker-controlled code. Learn the forms i…
pnpm-lock.yamlpnpm-lock.yaml pins dependencies for pnpm projects. Learn how CI uses it.
pom.xmlpom.xml is the Maven project configuration. Learn what it declares for Java CI.
What is PostCSS?PostCSS is a tool that transforms CSS using JavaScript plugins for autoprefixing, minification, and more. Lea…
What is Prometheus?Prometheus is an open-source metrics monitoring system with a pull model and its own query language. Learn ho…
What is provenance?Provenance is verifiable metadata describing how a software artifact was built. Learn what it records and why…
What is publish-subscribe?Publish-subscribe lets one message reach many independent subscribers. Learn how pub/sub decouples services a…
pyproject.tomlpyproject.toml is the modern Python project config. Learn what it declares for CI.
What is quoting in shell?Quoting in the shell controls how text is split and expanded. Learn the difference between single and double…
What is Railway?Railway is a platform for deploying apps, databases, and infrastructure with minimal configuration. Learn wha…
What is rate limiting?Rate limiting caps how many requests a client may make in a window to protect a service. Learn what it is and…
What is real user monitoring?Real user monitoring (RUM) measures the experience of actual users in production. Learn how RUM works and how…
What is recursion?Recursion is a technique where a function solves a problem by calling itself on smaller inputs. Learn how rec…
What is Render?Render is a cloud platform that hosts web services, static sites, and databases with Git deploys. Learn what…
requirements.txtrequirements.txt lists Python dependencies. Learn how CI installs from it.
What is role-based access control?Role-based access control (RBAC) grants permissions through roles assigned to users. Learn how RBAC structure…
What is runner isolation?Runner isolation keeps each CI job in its own environment so one cannot affect another. Learn why isolation i…
What is SAML?SAML is an XML-based standard for exchanging authentication data between an identity provider and application…
What is SAST?SAST is static application security testing - analyzing source code for security flaws without running it. Le…
What is secret masking?Secret masking automatically replaces secret values in CI logs with asterisks so they are not exposed. Learn…
What is secret rotation?Secret rotation is the practice of regularly replacing credentials so a leaked value stops working. Learn why…
What is secret scanning?Secret scanning detects credentials accidentally committed to code, logs, or history. Learn how scanners work…
What is secrets management?Secrets management is the practice of storing, distributing, and controlling access to credentials like API k…
What is Sentry?Sentry is an error-monitoring tool that captures exceptions with context for debugging. Learn how it works an…
Serialization explainedSerialization explained: how in-memory data is turned into a storable, transmittable byte stream, the format…
What is server-side rendering?Server-side rendering builds HTML on the server for each request so users see content fast. Learn how SSR wor…
What is serverless?Serverless lets you run code without provisioning or managing servers, paying only for actual use. Learn what…
What is service discovery?Service discovery lets services find each other dynamically as instances come and go. Learn what it is and ho…
What is service-oriented architecture?Service-oriented architecture composes systems from reusable, network-accessible services. Learn how SOA rela…
What is service-to-service auth?Service-to-service authentication is how one machine proves its identity to another without a human. Learn ho…
What is set -e?set -e makes a Bash script exit immediately when a command fails. Learn how it works, its caveats, and why it…
What is set -o pipefail?set -o pipefail makes a pipeline fail if any command in it fails, not just the last. Learn why it is essentia…
What is set -u?set -u makes a Bash script error when it uses an unset variable. Learn how it catches typos and missing input…
What is shift-left security?Shift-left security moves security checks earlier in development so issues are caught sooner. Learn the pract…
What is Sigstore?Sigstore is an open-source project that makes signing and verifying software artifacts easy. Learn how Cosign…
What is single sign-on?Single sign-on (SSO) lets users authenticate once and access many applications. Learn how it works and what i…
What is statelessness?A stateless service keeps no client state between requests, making instances interchangeable. Learn why it un…
What is static analysis?Static analysis inspects code without running it to find bugs, smells, and risky patterns. Learn how it diffe…
What is static site generation?Static site generation pre-renders every page to HTML at build time so a CDN can serve it instantly. Learn ho…
What is static typing?Static typing checks the types of values at compile time, before the program runs, catching many errors early…
What is stderr?stderr is the standard error stream a program writes diagnostics and errors to. Learn how stderr works, how i…
What is stdin redirection?stdin redirection feeds a file or stream into a command as its standard input. Learn how the < operator works…
What is stdin?stdin is the standard input stream a program reads from by default. Learn how stdin works, how it is redirect…
What is stdout?stdout is the standard output stream a program writes its normal results to. Learn how stdout works, how it i…
What is Storybook?Storybook is a tool for building and documenting UI components in isolation. Learn how stories work and how S…
What is structured logging?Structured logging emits logs as key-value data instead of plain text, so they can be searched and aggregated…
What is supply chain security?Supply chain security protects everything that goes into your software - dependencies, build tools, pipelines…
What is symmetric encryption?Symmetric encryption uses one shared key to both encrypt and decrypt data. Learn how it works, why it is fast…
What is test sharding?Test sharding splits a test suite into slices that run in parallel on separate runners. Learn how shards are…
the .github/workflows directoryThe .github/workflows directory holds GitHub Actions workflow files. Learn how it works.
the .gitlab-ci.yml fileThe .gitlab-ci.yml file defines a GitLab CI/CD pipeline. Learn its structure.
What is the critical path of a pipeline?The critical path of a pipeline is the longest chain of dependent jobs, which sets the minimum possible run t…
What is the ELK stack?The ELK stack is Elasticsearch, Logstash, and Kibana combined for log aggregation and search. Learn what each…
What is the heap?The heap is a region of memory for dynamically allocated, longer-lived data managed manually or by a garbage…
INI format explainedINI format explained: the classic key=value config style with bracketed sections, its lack of a real standard…
What is the PATH variable?PATH is the environment variable telling the shell which directories to search for executables. Learn how PAT…
What is the principle of least privilege?The principle of least privilege grants each identity only the access it needs. Learn how applying it to CI/C…
What is the saga pattern?The saga pattern coordinates a multi-service transaction as a series of local steps with compensating actions…
What is the SLSA framework?SLSA is a framework of levels for securing the software supply chain. Learn what each SLSA level requires and…
What is the stack?The stack is a region of memory that tracks function calls and local variables in last-in, first-out order. L…
What is the strangler fig pattern?The strangler fig pattern replaces a legacy system incrementally by routing pieces to new code. Learn how it…
What is the twelve-factor app?The twelve-factor app is a set of principles for building portable, deployable cloud services. Learn the fact…
What is TLS?TLS is the protocol that encrypts and authenticates network connections, underpinning HTTPS. Learn what TLS i…
What is token scoping?Token scoping restricts a credential to specific actions and resources. Learn how scoping limits the damage a…
TOML explainedTOML explained: the minimal, unambiguous configuration format used by Cargo, pyproject.toml, and tooling, and…
What is tree shaking?Tree shaking removes code your app never uses so bundles stay small. Learn how it relies on ES modules and ho…
tsconfig.jsontsconfig.json configures the TypeScript compiler. Learn the options that matter in CI.
What is type inference?Type inference lets a compiler deduce the types of values automatically, so you get static checking without w…
What is typosquatting?Typosquatting registers package names that look like popular ones to catch typos. Learn how it spreads malwar…
URL encoding explainedURL encoding explained: how percent-encoding makes special characters safe inside URLs, why it matters for to…
UTF-8 explainedUTF-8 explained: the dominant Unicode encoding that represents every character as one to four bytes, why it i…
What is Vercel?Vercel is a platform for deploying front-end apps and serverless functions with Git-based previews. Learn wha…
What is vertical scaling?Vertical scaling adds CPU, memory, or disk to a single machine to handle more load. Learn its simplicity, its…
What is workload identity federation?Workload identity federation lets external workloads like CI assume a cloud identity using their own tokens,…
What is Workload Identity Federation?Workload Identity Federation lets external workloads access Google Cloud with their own tokens, no service-ac…
XML explainedXML explained: the verbose, tag-based markup format behind Maven poms, JUnit reports, and many configs, plus…
YAML explainedYAML explained: the indentation-based, human-friendly data format used to write CI workflow files, Kubernetes…
yarn.lockyarn.lock pins exact dependency versions for Yarn projects. Learn its role in CI.
Tools explained
npm, Docker, Jest, Terraform, and the rest of the toolchain.
Go modules explainedGo modules explained: how Go manages dependencies with go.mod and go.sum, a usage example, their role in CI/C…
Ansible explainedAnsible explained: how the agentless automation tool configures servers with playbooks over SSH, a playbook e…
Babel explainedBabel explained: how the JavaScript compiler transforms modern syntax for older environments, presets and plu…
Bazel explainedBazel explained: how the hermetic, cache-driven build system scales to large monorepos, BUILD files, an examp…
BuildKit explainedBuildKit explained: how Docker's modern build engine speeds up image builds with parallelism and better cachi…
Bundler explainedBundler explained: how Ruby's dependency manager works with the Gemfile and Gemfile.lock, a usage example, it…
Cargo explainedCargo explained: how Rust's build tool and package manager work, crates and Cargo.toml, a usage example, its…
CMake explainedCMake explained: how the cross-platform build-system generator works for C and C++, configure and build steps…
Composer explainedComposer explained: how PHP's dependency manager works with composer.json and composer.lock, autoloading, a u…
Cypress explainedCypress explained: how the front-end end-to-end testing tool runs in the browser, its developer experience, a…
Docker Compose explainedDocker Compose explained: how a YAML file defines and runs multi-container applications, a compose example, i…
Docker (the tool) explainedDocker explained as a build and deploy tool: how images and containers work, a Dockerfile example, its centra…
esbuild explainedesbuild explained: how the Go-based bundler and transpiler achieves its speed, a usage example, its role in C…
ESLint explainedESLint explained: how the JavaScript and TypeScript linter finds problems and enforces style, rules and confi…
Gradle explainedGradle explained: what the JVM build tool is, how its task graph and build cache work, a usage example, its r…
Helm explainedHelm explained: how the Kubernetes package manager templates and deploys applications with charts, a usage ex…
Jest explainedJest explained: what the JavaScript testing framework is, how matchers, mocks, and snapshots work, a test exa…
kubectl explainedkubectl explained: how the Kubernetes command-line tool inspects and manages cluster resources, a usage examp…
Lerna explainedLerna explained: how the monorepo tool manages versioning and publishing of many packages, a usage example, i…
Make explainedMake explained: how the classic build tool uses Makefiles, targets, and dependencies to automate tasks, an ex…
Maven explainedMaven explained: what the Java build tool is, how the POM and lifecycle work, a usage example, its role in CI…
Mocha explainedMocha explained: how the flexible JavaScript test framework works, pairing it with an assertion library, a te…
Node.js explainedNode.js explained: what the JavaScript runtime is, how the event loop works, a small example, its central rol…
npm explainednpm explained: what the Node.js package manager is, how it installs dependencies, a worked example with packa…
npx explainednpx explained: how it runs Node.js CLI packages without a global install, a usage example, its role in CI/CD…
Nx explainedNx explained: how the monorepo build system uses a project graph, caching, and affected commands to speed bui…
pip explainedpip explained: what the Python package installer is, how it installs from PyPI, a requirements.txt example, i…
Playwright explainedPlaywright explained: how the end-to-end browser automation tool drives real browsers, auto-waiting, a test e…
pnpm explainedpnpm explained: how the content-addressable store makes installs fast and disk-efficient, a usage example, it…
Poetry explainedPoetry explained: how it manages Python dependencies, virtual environments, and packaging with a lockfile, a…
Prettier explainedPrettier explained: how the opinionated code formatter standardizes style automatically, a usage example, its…
pytest explainedpytest explained: what the Python testing framework is, how fixtures and assertions work, a test example, its…
Rollup explainedRollup explained: how the bundler produces clean, tree-shaken output for libraries, a config example, its rol…
Selenium explainedSelenium explained: how the browser automation standard drives browsers via WebDriver, a test example, its ro…
SWC explainedSWC explained: how the Rust-based compiler transpiles and bundles JavaScript and TypeScript fast, a usage exa…
Terraform explainedTerraform explained: how the infrastructure-as-code tool provisions cloud resources declaratively, plan and a…
GitHub CLI explainedThe GitHub CLI (gh) explained: how it brings GitHub workflows to the terminal, a usage example, its role in C…
TypeScript compiler explainedThe TypeScript compiler (tsc) explained: how it type-checks and transpiles TypeScript, tsconfig.json, a usage…
Turborepo explainedTurborepo explained: how the high-performance monorepo build tool caches tasks and runs them in parallel, a c…
uv explaineduv explained: the fast Rust-based Python package installer, resolver, and project manager, a usage example, i…
virtualenv explainedvirtualenv explained: what a Python virtual environment is, how it isolates dependencies, a usage example, it…
Vite explainedVite explained: how the fast front-end build tool uses native ESM and esbuild for instant dev servers, a conf…
Vitest explainedVitest explained: how the fast, Vite-native test framework works, its Jest-compatible API, a test example, it…
Webpack explainedWebpack explained: how the JavaScript module bundler builds a dependency graph, loaders and plugins, a config…
Yarn explainedYarn explained: what the Yarn package manager is, Classic vs Berry, Plug and Play, a usage example, its role…
Testing explained
TDD, mocking, coverage, and test types.
Flaky test explainedFlaky tests explained: tests that pass and fail on the same code, the common causes, an example, the damage t…
Golden file explainedGolden files explained: storing expected output as a checked-in reference and comparing test output against i…
Headless browser test explainedHeadless browser tests explained: running a real browser with no visible UI to test web apps, why CI uses hea…
JUnit XML report explainedJUnit XML reports explained: the de facto test-result format CI tools understand, its structure, why it is fr…
Mock explainedMocks explained: how a mock stands in for a real dependency and verifies interactions, how it differs from st…
Smoke suite explainedSmoke suites explained: a small curated set of fast critical-path tests run first or after deploy, how to cho…
Spy explainedSpies explained: how a spy records calls to a real or wrapped function so you can assert on them, how it comp…
Stub explainedStubs explained: how a stub returns canned responses to keep a test deterministic, how it differs from a mock…
Test double explainedTest doubles explained: the umbrella term for mocks, stubs, spies, fakes, and dummies, when to reach for each…
Test fixture explainedTest fixtures explained: the known, repeatable state a test runs against, setup and teardown, an example, and…
Test harness explainedTest harnesses explained: the supporting setup that lets tests run, its parts, how it differs from a test run…
Test matrix explainedTest matrices explained: running the same tests across combinations of OS, runtime versions, and configs, why…
Test report explainedTest reports explained: the structured summary of a test run, what they contain, common formats, an example,…
Test runner explainedTest runners explained: the tool that discovers, executes, and reports on your tests, what features they prov…
Unit test explainedUnit testing explained: what a unit is, why these tests are small and fast, a simple example, common pitfalls…
Acceptance testing explainedAcceptance testing explained: verifying software meets business requirements and is ready to ship, user vs au…
Assertion explainedAssertions explained: the statements that check a test outcome against an expectation, types of assertions, a…
Integration test explainedIntegration testing explained: how it checks that components work together, real dependencies vs fakes, an ex…
BDD explainedBehavior-driven development explained: Given-When-Then scenarios, shared language between developers and stak…
Branch coverage explainedBranch coverage explained: how it measures each decision path, why it is stricter than line coverage, a clear…
Code coverage explainedCode coverage explained: the main coverage types, how instrumentation works, what the numbers do and do not m…
Continuous testing explainedContinuous testing explained: running automated tests throughout the delivery pipeline for constant feedback,…
Contract testing explainedContract testing explained: how consumer and provider verify a shared API contract without full integration,…
E2E testing explainedEnd-to-end testing explained: simulating a real user through the whole stack, an example, why E2E tests are s…
Exploratory testing explainedExploratory testing explained: simultaneous learning, test design, and execution by a human, how it complemen…
Fuzz testing explainedFuzz testing explained: feeding random or malformed input to find crashes and security bugs, coverage-guided…
Load testing explainedLoad testing explained: how it checks behavior under expected traffic, key metrics, a tool example, and how l…
Mutation testing explainedMutation testing explained: how it grades your tests by introducing bugs and checking if tests catch them, th…
Performance testing explainedPerformance testing explained: the umbrella for load, stress, and soak tests, key metrics, an example, and ho…
Property-based testing explainedProperty-based testing explained: how it checks invariants across many generated inputs, shrinking, an exampl…
Regression testing explainedRegression testing explained: how it ensures old features still work after changes, regression suites, an exa…
Shift-left testing explainedShift-left testing explained: moving testing earlier in the lifecycle to catch bugs sooner and cheaper, what…
Smoke testing explainedSmoke testing explained: a quick check that the most critical paths work before deeper testing, an example, a…
Snapshot testing explainedSnapshot testing explained: how it captures output and compares future runs against it, where it shines and f…
Stress testing explainedStress testing explained: pushing a system past its limits to find the breaking point and how it fails, an ex…
Test coverage explainedTest coverage explained: what it measures, why high coverage is not the same as good tests, how to use it wel…
Test isolation explainedTest isolation explained: why each test must run independently of others, how shared state breaks suites, an…
Test parallelization explainedTest parallelization explained: running tests concurrently to cut wall-clock time, the isolation requirement,…
Test sharding explainedTest sharding explained: splitting a test suite across multiple machines or jobs to run in parallel, balancin…
TDD explainedTest-driven development explained: the red-green-refactor cycle, how writing tests first shapes design, a wor…
Testing pyramid explainedThe testing pyramid explained: why you want many fast unit tests, fewer integration tests, and few E2E tests,…
Visual regression testing explainedVisual regression testing explained: catching unintended UI changes by comparing screenshots to a baseline, a…
Git & version control
Commits, branches, merges, and pull requests.
.gitignoreWhat is a .gitignore file? An explainer on telling Git which files to ignore, common patterns, and why ignori…
CODEOWNERSWhat is a CODEOWNERS file? An explainer on mapping paths to owners who must review changes, how it automates…
Commit SHAWhat is a commit SHA? Learn how Git derives a unique hash for each commit, how short SHAs work, and why pinni…
Conventional commitWhat is a conventional commit? An explainer on the structured commit message format, its type and scope prefi…
Detached HEADWhat is a detached HEAD in Git? Learn how it happens when you check out a commit directly, why CI often runs…
Fast-forward mergeWhat is a fast-forward merge? An explainer on how Git simply moves a pointer when no divergence exists, the l…
Feature branchWhat is a feature branch? Learn how an isolated branch holds work on one feature until it is reviewed and tes…
ForkWhat is a fork? Learn how forking creates your own server-side copy of a repository, how it powers open-sourc…
Git branchWhat is a Git branch? Learn how branches are lightweight movable pointers, how they enable parallel work, and…
Git commitWhat is a Git commit? An explainer covering what a commit records, its message and hash, how commits form his…
Git hookWhat is a Git hook? Learn how hooks run scripts at points in the Git workflow, the difference between local a…
Git mergeWhat is a Git merge? An explainer on how merging combines branches, fast-forward versus merge commits, confli…
Git rebaseWhat is a Git rebase? Learn how rebasing replays commits onto a new base for a linear history, how it differs…
Git remoteWhat is a Git remote? An explainer on named connections to hosted repositories, how push and fetch use them,…
Git submoduleWhat is a Git submodule? An explainer on embedding one repository inside another at a pinned commit, why subm…
Git tagWhat is a Git tag? An explainer on lightweight versus annotated tags, how tags mark specific commits like rel…
Hotfix branchWhat is a hotfix branch? Learn how a branch off production lets you patch a live bug fast, and how a streamli…
Merge conflictWhat is a merge conflict? Understand why conflicts happen, how to read conflict markers, how to resolve them,…
Merge queueWhat is a merge queue? Learn how it serializes pull-request merges, tests each against the latest main, and p…
MonorepoWhat is a monorepo? An explainer on housing many projects in one repository, the benefits and challenges, and…
Pre-commit hookWhat is a pre-commit hook? An explainer on running checks before a commit is created, common uses like lintin…
Protected branchWhat is a protected branch? An explainer on rules that guard important branches like main, requiring reviews…
Pull requestWhat is a pull request? An explainer on how PRs propose changes, gather review, run CI checks, and serve as t…
Release branchWhat is a release branch? An explainer on stabilizing a version on a dedicated branch, accepting only fixes,…
Release tagWhat is a release tag? Learn how version tags mark shippable commits, how semantic versioning structures them…
Required status checkWhat is a required status check? Learn how marking a CI check as required blocks merges until it passes, maki…
Shallow cloneWhat is a shallow clone? Learn how cloning with limited history speeds up CI checkouts, the tradeoffs of trun…
Signed commitWhat is a signed commit? Learn how cryptographic signatures prove who authored a commit, how verification wor…
Squash mergeWhat is a squash merge? Learn how squashing collapses a branch into one commit on merge, the tradeoffs for hi…
Cherry-pickWhat is git cherry-pick? Learn how it copies a single commit onto another branch, when to use it for backport…
fetch-depthWhat is fetch-depth in CI checkouts? Learn how this setting controls how much Git history a job fetches, why…
git cloneWhat is git clone? An explainer on how cloning copies a repository with its full history, sets up the origin…
Git LFSWhat is Git LFS? Learn how Large File Storage keeps big binaries out of Git history with pointers, why it spe…
git stashWhat is git stash? An explainer on temporarily shelving uncommitted changes to switch context, how to restore…
GitWhat is Git? A plain-English explainer of the distributed version control system that tracks code history, en…
GitFlowWhat is GitFlow? An explainer on the branching model with develop, release, feature, and hotfix branches, whe…
HEADWhat is HEAD in Git? An explainer on how HEAD points to your current commit or branch, how it moves as you co…
Origin remoteWhat is the origin remote in Git? Learn why origin is the default name for the repository you cloned from, ho…
Staging areaWhat is the Git staging area? Learn how the index lets you choose exactly what goes into a commit, the add-co…
Trunk-based developmentWhat is trunk-based development? Learn how short-lived branches and frequent merges to a single trunk keep in…
Explore other topics
GitHub ActionsWorkflow, runner, and YAML errors - diagnosed and fixed.
Node.js & npmnpm, yarn, and pnpm failures in CI - solved.
DockerBuild, run, compose, and registry errors - explained.
Pythonpip, poetry, venv, and pytest failures - fixed.
Java & JVMMaven, Gradle, and JVM failures in CI - resolved.
GoGo build, module, and test failures - diagnosed.