Posts

The kubebuilder documentation on finalizers has the following example code for removing a finalizer from an object. c i } o f n r t e e r r r m o r e o l t v l : u e e = r r n o u r u t . c r i U t l p r f . d l i R a . n e t R a m e e l o ( s i v c u z e t l e F x t r i , { n } f a c , r l r o i o e m z n r e J r t r o h ( b e c ) r ; l o i n e s J r t o r b a , ! n = d m y n u F i p i l d n a a { t l e i z i e t r . N a m e ) I found when doing this, if the operation running above this in the Reconcile() function (typically to remove a remote resource from an API) this r.Update() call would return an error like this: ...

If you are working with an application that sends email, you’ve probably come across “DKIM” which is cryptographic signing of emails to prevent impersonation of people within an organisation. Unfortunately AWS SES only supports DKIM signing for domain identities - not single-address identities. This means even if your application only sends email from a single address such as contact@example.com - to set up DKIM you need the entire example.com domain verified. If the SES SMTP credentials were leaked, an attacker could use them to impersonate anyone in your organisation and it would be detected as legitimate. This could have tangible financial and reputational impacts to your organisation - imagine your finance department getting an email from the CEO requesting a (fake) invoice be paid immediately. ...

Drupal uses a few unusual file extensions that contain PHP - notably .module, .theme, and .install. GitHub use linguist for language detection. You can configure linguist using a .gitattributes file in your repo. Add a .gitattributes file with the following contents to your Drupal repo: # . . . l m i t i o n h n d s e g u t m u l a e i e l s l l t l i i l n c n i g o g n u n u g i f i u s i s i t g t s - u - t l r l - a a a l n t n a g i g n u o u g a n a u g g a e f e g = o = e P r P = H H P P s P H y P n t a x h i g h l i g h t i n g i n g i t h u b U I . Now your pull requests and source viewer in Github should have PHP syntax highlighting for these file extensions. ...

Running a fleet of Drupal projects presents a lot of challenges and problems to solve. Some things might fly for a handful of projects, but trying to scale that up will send you directly to the seventh circle of Drupal hell. Video

A bug in older versions of drush stop errors bubbling up to shell exit codes. This is problematic if you have a shell script with a sequence of commands that depend on the previous one completing successfully. It also makes detecting failed CI builds, deployments and cronjobs near impossible. Unfortunately I’m stuck using drush8 as Lagoon does not support dynamic drush aliases in newer versions. The bash function below will terminate a script with exit-code 1 if the output piped to it includes exception or error. ...

Terraform is an extremely powerful tool, but the out-of-the-box workflow can lead to pitfalls such as forgetting to commit and push changes to manifest and terraform.tfstate files. Use this example CircleCI configuration for a rock-solid pull-request workflow for Terraform projects. The Workflow A project contributor creates a pull request with changes to terraform manifests. CircleCI runs a terraform plan and posts the diff as a comment in the pull request. When the PR is merged to master, CircleCI runs terraform apply to resolve the diffs. Additional Requirements ...

Developers often need copies of production data for local development, and standard workflows for getting these dumps have a lot of downsides. Moving SQL dumps around means an increased risk of sensitive data being exposed. Most sanitization methods are a multi-step process. Large databases put strain on slow internet connections. Large databases take way too long to import. The Solution mtk-dump is an extremely powerful replacement for mysqldump. Define your sanitization and minification rules in a simple yaml file, and produce small and safe SQL dumps for development. Check out some configuration examples for the cool stuff it can do. ...

Recently I encountered an issue where a CI tool could not fetch certain dependencies as the SSH key used for cloning the main project did not have access to the other repositories. To work around this, I opted to clone the private dependencies via https, passing the credentials in the URI. The magic to force this without changing composer.json: # Set the COMPOSER_USER and COMPOSER_TOKEN environment variables to a user which has access to clone these repos. git config --global url."https://${COMPOSER_USER}:${COMPOSER_TOKEN}@gitlab.example.com/".insteadOf "git@gitlab.example.com:" You can also clone public repos via the https endpoint rather than ssh like this: ...

I recently worked on a project to push our private docker images to GitHub’s package registry. Our CI only had a GITHUB_TOKEN environment variable set, but docker login requires a username too. Rather than add a new environment variable to the build and an assumption that the username and token had to match, I used this snippet to derive the username from the token and log in to the registry. ...

I am currently in 5 slack organisations and wanted to automate setting my status across all the orgs simultaneously. Unfortunately Slack have deprecated personal api tokens… You may also be in an environment where slack apps are tightly controlled. Don’t lose hope though - with a bit of l33t h4x0ring you can get a personal bearer token from the web UI! Log into slack in a browser with devtools available (a URL like https://your-org.slack.com) ...