Engineering
- Engineering
- Last Updated: June 03, 2024
- Jessie Young
Heroku has many public API endpoints. Each of these endpoints needs to be tested so that we know how they work, and documented so that our customers (and other API consumers) know how they work. Follow along, and we’ll learn how Heroku uses JSON Schema to test and document our Platform API – and how it helped us uncover an unexpected bug, rooted in the way the Oj gem parses Big Decimals.
JSON Schema files …
- Engineering
- Last Updated: June 03, 2024
- Terence Lee, Joe Kutner
When we open-sourced buildpacks nearly seven years ago, we knew they would simplify the application deployment process. After a developer runs git push heroku master, a buildpack ensures the application’s dependencies and compilation steps are taken care of as part of the deploy.
As previously announced, we’ve taken the same philosophies that made buildpacks so successful and applied them towards creating Cloud Native Buildpacks (CNB), a standard for turning source code into Docker images without the need for Dockerfiles. In this post, we’ll take a look at how CNBs work, how they aim to solve many of the problems that exist with Dockerfile, and how you can use them with the recent beta release of the buildpacks.io project. As part of this release, we’ve created a Heroku buildpacks builder image for Ruby, Node.js, Java, Python, PHP, and Go that works with the CNB tooling.
- Engineering
- Last Updated: April 30, 2024
- Wade
There’s obviously more to security than humans, technology, and vendors with all of their implementations and expertise. At Heroku we believe that security is a byproduct of excellence in engineering.
All too often, software is written solely with the happy path in mind, and security assurances of that software has its own dangerous assumptions. A mature security program should challenge assumptions of security controls, move to testing continuously, and prepare for the unexpectable.
This means …
- Engineering
- Last Updated: March 20, 2019
- Amy Unger
This blog post is adapted from a talk given by Amy Unger at RailsConf 2018 titled "Knobs, buttons & switches: Operating your application at scale."
We've all seen applications that keel over when a single, upstream service goes down. Despite our best intentions, sometimes an unexpected outage has us scrambling to make repairs. In this blog post, we'll take a look at some tools you can integrate into your application before disaster strikes. …
- Engineering
- Last Updated: June 03, 2024
- Christine Dodrill
Progressive web apps (or PWAs) enable websites to function more like native mobile apps in exchange for some flexibility. You get cross-platform native mobile app functionality (or close to it) without all the overhead of app store approvals and tons of platform-specific native code.
Users can install a progressive web app to their home screen and launch it just like a native app. However, …
- Engineering
- Last Updated: May 02, 2024
- Mars Hall
The recent introduction of Platform Events and Change Data Capture (CDC) in Salesforce has launched us into a new age of integration capabilities. Today, it's possible to develop custom apps that respond to activity in Salesforce. Whether you're creating a memorable customer interaction or implementing an internal workflow for employees, consider an event-sourced design to improve responsiveness and durability of the app.
In this article, we'll look at an event-sourced app architecture that consumes the …
- Engineering
- Last Updated: May 14, 2024
- Richard Schneeman
Debugging is an important skill to develop as you work your way up to more complex projects. Seasoned engineers have a sixth sense for squashing bugs and have built up an impressive collection of tools that help them diagnose and fix bugs.
I’m a member of Heroku’s Ruby team and creator of CodeTriage and today we’ll look at the tools that I used on a journey to fix a gnarly bug in Sprockets. Sprockets …
- Engineering
- Last Updated: April 04, 2024
- Joe Kutner
This blog post is adapted from a talk given by Joe Kutner at Devoxx 2018 titled “10 Mistakes Hackers Want You to Make.”
Building self-defending applications and services is no longer aspirational–it’s required. Applying security patches, handling passwords correctly, sanitizing inputs, and properly encoding output is now table stakes. Our attackers keep getting better, and so must we.
In this blog post, we’ll take a look at several commonly overlooked ways to secure …
- Engineering
- Last Updated: June 03, 2024
- Stella Cotton
This blog post is adapted from a talk given by Stella Cotton at RailsConf 2018 titled “So You’ve Got Yourself a Kafka.”
In recent years, designing software as a collection of services, rather than a single, monolithic codebase, has become a popular way to build applications. In this post, we’ll learn the basics of Kafka and how its event-driven process can be used to power your Rails services. We’ll also talk about practical …
- Engineering
- Last Updated: March 29, 2024
- Jonan Scheffler
The Ruby committers have again continued their annual holiday tradition of gifting us a new Ruby version: Ruby 2.6 was released today, including the long awaited Just-In-Time (JIT) compiler that the Ruby team has been working on for more than a year.
Just-In-Time compilation requires Ruby to spin up a compiler process on startup, and we’re proud to say that this feature is supported today on Heroku thanks to the diligent efforts of our very …
Subscribe to the full-text RSS feed for Engineering.