TL;DR: Using the ca field to specify custom CAs (certificate authorities) in Node.js is a footgun. It replaces (rather than appends to) the root trust store which can lead to unintended consequences. I've seen this behavior cause outages in production when a third party server does a routine …

This is a story of a brief outage caused by a slightly unintuitive API¹ that has some very sharp corners for the uninitiated. The outage, though brief, was of the "wake up at 4am" variety so the lesson was especially salient.

This is not a post trying to tear …

The "obvious" way to write a custom GitHub Action is using Node.js, however it's not the only way. As it turns out, a GitHub Action really just communicates with the "orchestrator" via environment variables (as inputs) and STDOUT (to produce custom outputs).

Options

When defining an action, there are …

This is a tiny little note that can help with debugging in some situations. We'll use netcat (nc) to view the raw data sent to and returned from an HTTP server¹.

Capture a Request

We'll run a dummy listener via nc and directly inspect the body of an HTTP …

I recently put on my detective hat and tracked down a bug in network error recovery in a popular PostgreSQL library. Below, we'll walk through the process of bugfinding and iteratively making the feedback loop smaller and smaller. In order to find and fix the bug I

• Confirmed the root …