Title should be - Insanely expensive and poorly designed compute platform supports the worst cd/ci service ever.
JojoFatsani · 1h ago
GHA has worked quite well for us especially compared to janky old crap like Jenkins. And lambda is quite cheap if you’re using it as intended.. why don’t you give us your alternatives out of curiosity?
CafeRacer · 32m ago
Here is my rant
debugging complex GH workflows is pita.
You can't imagine now many times I had to reverse ssh from running GH action because of some fucking little intricacy. Act is cool, but still not a 1-1.
If you fixed something you have to commit/push/rinse/repeat.
Then before arm machines... my fucking god, to get a worker connected... for fucks sake. And then your worker environment may be slightly different from whatever ubuntu-latest is and then you'd have to rebuild/fox the workflow again.
It works for something small, but as soon as you'll have an actual process - you probably fucked.
Now, lambdas... the amount of things you have to configure around lambdas is insane. There was serveless framework that used cloud formation, but at this point I am not even sure why cloud formation exists. It's bad. Go ahead argue with me.
Deploying non-binary code is pita. As soon as you have some custom module that needs to compile - there is a chance it'll break.
deploying python lambda that is technically acts as oauth endpoint that needs access to Postgres (psycopg2 and bcrypt). Have fun figuring out what's available on lambda runtime itself and then what's the fucking libc version and why it's so old. And as a developer function code makes sense, you do simple password auth and hash the password. As "deployer" of that it's insane how many hoops you have to jump trough.
how many things do you need to do to have your lambda connect to a Postgres database and also be exposed over api gateway (don't even get me started that piece of shit ever)? Configure this, configure that, run your iac, configure this... oh you made a mistake, now wait for 15 minutes until it rolls back.
Then having a warm lambda negates the entire cost-savings idea. And some lambdas should be fast. And the cost of running lambda is larger that the cost of running same code in vm.
the entire serverless platform on aws is horrible.
I was really trying to love lambdas, even created my own cdktf based deployment framework for lambdas that would do everything I need. It's just there is a resistance at every step. As soon as there is something unknown, you can't be sure it'll work.
Alternatives? I have bash scrips running inside of a container doing my CD/CI. I have a controlled container and scripts that I can easily reproduce locally. GH sends me a webhook, I start the process.
These are simple reproducible bash scrips, that I can run/debug locally.
For functions I was toying around with cloud flare that seems decent'ery. I think you can do more with it, seems like entire workos platform runs on CF. Seems like it has better DX.
In general, I've been heavily frustrated with many of the DevOps advancements.
For example there is Earthly, docker bake, something from redhat that seemingly supposed to help with container builds. Docker started crashing on my Mac and been crashing for two years ever since (Orb is decent, been using podman for a while). Earthly just complicated and weird (I had other issues with it as well). Redhat tool also did not give me flexibility I needed.
Whereas a bash script with ~50 lines of code produces a nice distroless or alpine container with exactly what I need. In 50 lines of code. No ads or enter your email to receive newsletters.
I'm trying to love most of the modern devops things, but most of them is just a reinvention of 50 lines of bash with logo, price tag and reduced flexibility. And you'll encounter resistance every other step.
---
Here is what I'd want from my ideal function experience. First of all, have an access to a full'er production container that has all libc's and whatnot. It'd be ideal if I could also use that to build my binaries and choose whether it's statically linked vs dynamic libs/binaries. Even for scripting languages you may have dependencies that needs compiling.
Then I'd like to be able to preconfigure the environment. I think aws uses fireckacker vm, that I think is actual microvm, not a container. So if I make my lambda run from a container it doesn't make sense anymore because it's container inside of vm. Fuck off aws. So ability to preconfigure the environment itself would be nice. Like ideally ability to push microvm image instead of code would be nice.
I haven't been using lambdas in the last two years. So maybe it's better now.
debugging complex GH workflows is pita.
You can't imagine now many times I had to reverse ssh from running GH action because of some fucking little intricacy. Act is cool, but still not a 1-1.
If you fixed something you have to commit/push/rinse/repeat.
Then before arm machines... my fucking god, to get a worker connected... for fucks sake. And then your worker environment may be slightly different from whatever ubuntu-latest is and then you'd have to rebuild/fox the workflow again.
Commit/push/rinse/repeat... commit/push/rinse/repeat.
It works for something small, but as soon as you'll have an actual process - you probably fucked.
Now, lambdas... the amount of things you have to configure around lambdas is insane. There was serveless framework that used cloud formation, but at this point I am not even sure why cloud formation exists. It's bad. Go ahead argue with me.
Deploying non-binary code is pita. As soon as you have some custom module that needs to compile - there is a chance it'll break.
deploying python lambda that is technically acts as oauth endpoint that needs access to Postgres (psycopg2 and bcrypt). Have fun figuring out what's available on lambda runtime itself and then what's the fucking libc version and why it's so old. And as a developer function code makes sense, you do simple password auth and hash the password. As "deployer" of that it's insane how many hoops you have to jump trough.
how many things do you need to do to have your lambda connect to a Postgres database and also be exposed over api gateway (don't even get me started that piece of shit ever)? Configure this, configure that, run your iac, configure this... oh you made a mistake, now wait for 15 minutes until it rolls back.
Then having a warm lambda negates the entire cost-savings idea. And some lambdas should be fast. And the cost of running lambda is larger that the cost of running same code in vm.
the entire serverless platform on aws is horrible.
I was really trying to love lambdas, even created my own cdktf based deployment framework for lambdas that would do everything I need. It's just there is a resistance at every step. As soon as there is something unknown, you can't be sure it'll work.
Alternatives? I have bash scrips running inside of a container doing my CD/CI. I have a controlled container and scripts that I can easily reproduce locally. GH sends me a webhook, I start the process.
These are simple reproducible bash scrips, that I can run/debug locally.
For functions I was toying around with cloud flare that seems decent'ery. I think you can do more with it, seems like entire workos platform runs on CF. Seems like it has better DX.
In general, I've been heavily frustrated with many of the DevOps advancements.
For example there is Earthly, docker bake, something from redhat that seemingly supposed to help with container builds. Docker started crashing on my Mac and been crashing for two years ever since (Orb is decent, been using podman for a while). Earthly just complicated and weird (I had other issues with it as well). Redhat tool also did not give me flexibility I needed.
Whereas a bash script with ~50 lines of code produces a nice distroless or alpine container with exactly what I need. In 50 lines of code. No ads or enter your email to receive newsletters.
I'm trying to love most of the modern devops things, but most of them is just a reinvention of 50 lines of bash with logo, price tag and reduced flexibility. And you'll encounter resistance every other step.
---
Here is what I'd want from my ideal function experience. First of all, have an access to a full'er production container that has all libc's and whatnot. It'd be ideal if I could also use that to build my binaries and choose whether it's statically linked vs dynamic libs/binaries. Even for scripting languages you may have dependencies that needs compiling.
Then I'd like to be able to preconfigure the environment. I think aws uses fireckacker vm, that I think is actual microvm, not a container. So if I make my lambda run from a container it doesn't make sense anymore because it's container inside of vm. Fuck off aws. So ability to preconfigure the environment itself would be nice. Like ideally ability to push microvm image instead of code would be nice.
I haven't been using lambdas in the last two years. So maybe it's better now.