A blog post was committed and pushed, CI built and pushed the image, but the deployed site showed old content. This post documents the debugging process and the fixes to prevent stale builds. The Problem After pushing a new blog post: GitLab CI pipeline succeeded Kaniko pushed the image to Harbor ArgoCD deployed the new image The blog showed old content - new post missing Root Causes Two caching layers caused the issue: ...
When using glab (the GitLab CLI) with multiple GitLab instances - such as gitlab.com for personal projects and a self-hosted GitLab for work - authentication can become problematic if you’re using the GITLAB_TOKEN environment variable. The Problem glab supports per-host token configuration in its config file (~/.config/glab-cli/config.yml). Each host can have its own token: hosts: gitlab.com: token: glpat-xxxxx gitlab.sehlat.io: token: glpat-yyyyy However, if you set the GITLAB_TOKEN environment variable (commonly done in shell rc files), it overrides all per-host tokens. This means the same token gets used for every GitLab instance, causing 401 Unauthorized errors on instances where that token isn’t valid. ...
IntelliJ was failing to save my GitLab API token. Every time I tried to add or update my GitLab account in Settings, the operation would silently fail or timeout. The IntelliJ logs showed repeated warnings: WARN - #c.i.c.RemoteCredentialStore - Timeout while waiting for credentials Root Cause On Fedora (and other Linux distributions with GNOME), IntelliJ stores credentials in the system’s native keyring via the freedesktop.org Secret Service API. The GNOME Keyring was locked, preventing any credential storage. ...
This post covers deploying a GitLab Runner inside a Kubernetes cluster using the Kubernetes executor. Each CI job spawns as a pod, runs its tasks, and is automatically cleaned up. Docker builds use Kaniko (rootless, no privileged containers), and job artifacts/dependencies are cached in MinIO. Architecture ┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐ │ GitLab CI Job │────▶│ Runner Manager │────▶│ Job Pod │ │ (push to repo) │ │ (polycephala) │ │ (auto-created) │ └─────────────────┘ └──────────────────┘ └─────────────────┘ │ ┌──────────────────┐ │ │ MinIO Cache │◀─────────────┘ │ (shared deps) │ └──────────────────┘ The runner manager pod runs continuously and polls GitLab for jobs. When a job is picked up, it creates a new pod in the gitlab-runner namespace, executes the job, and deletes the pod when complete. ...
I was updating my blog’s Hugo version and PaperMod theme when I realized I hadn’t touched these dependencies in months. The Hugo Docker image was 8 versions behind, and the theme had accumulated dozens of commits. Not broken, just stale. I wanted something that would automatically check for updates and create merge requests - something I could review and merge on my own schedule, without having to remember to check. ...