March 1, 2026

Behind the Scenes: DevOps Improvements at Maklarinfo

How we're making our CI/CD pipeline faster, our deployments more reliable, and our infrastructure more observable without compromising security.

By Mattias Hising

TL;DR

We've made significant investments in our CI/CD pipeline, logging infrastructure, and deployment reliability over the past three months. Pull request checks now run 50% faster through parallelization. We've added structured logging across the entire stack. And we've hardened our build process to be more resilient to edge cases.

Faster Feedback Loops

One of the biggest wins for developer experience is speed. When you push code, you want to know if it passes quality gates in seconds, not minutes.

Parallel CI/CD Jobs

We restructured our pull request quality checks to run in parallel instead of sequentially. What used to take 4+ minutes now completes in about 2 minutes for most changes.

How? By running linting, type checking, tests, and formatting checks concurrently rather than one after another. They don't depend on each other, so there's no reason to serialize them.

We also implemented smart caching of dependencies and build artifacts, so repeat checks skip expensive install and build steps when nothing has changed.

Change Detection

Not all changes require the same level of scrutiny. If a PR only modifies documentation or markdown files, we skip the full build step entirely. This saves time on documentation-only PRs without sacrificing quality on code changes.

Observable Systems

You can't manage what you can't measure. We've invested in structured logging across the entire application stack—from API routes to background workers to third-party integrations.

Structured Logging

Instead of freeform log messages, we now log events with consistent structure: context, severity levels, timestamps, and relevant metadata. This makes it possible to:

  • Search and filter logs efficiently in production
  • Correlate events across services
  • Build alerts on specific patterns
  • Debug issues faster with more context

Structured logging is invisible to end users, but it's the foundation for reliability. When something goes wrong at 3 AM, better logs mean faster resolution.

Production Observability

We've instrumented critical paths in the application to emit detailed events—from user actions to third-party API calls. This lets us:

  • Detect anomalies before users notice them
  • Understand where time is being spent in the system
  • Validate that background jobs are running as expected
  • Track data quality in real-time

Resilient Builds

Production systems need to handle edge cases gracefully. We've hardened our build and deployment processes to be more resilient.

Defensive Configuration

The build now handles missing configuration gracefully. If an environment variable isn't set, the build doesn't fail—it either uses a sensible default or continues with a warning. This prevents cascading failures where missing one config value brings down the entire pipeline.

Safer Dependency Management

We've added versioning constraints and fallback logic to ensure that third-party dependencies don't introduce breaking changes silently. Dependency updates are tested more thoroughly before they reach production.

Test Stability

We've fixed flaky tests and improved test infrastructure to reduce false negatives. When a test fails, it means something is actually broken—not that the test framework had a hiccup.

Security-First Infrastructure

DevOps isn't just about speed—it's about doing things securely at scale.

OWASP Compliance

We conducted a comprehensive security audit and addressed all OWASP Top 10 findings. This includes improvements to how we handle authentication, rate limiting, input validation, and more.

Secret Management

We've hardened how secrets (API keys, database credentials) are stored and accessed. Secrets are never logged, never stored in version control, and are rotated regularly.

Rate Limiting & DDoS Protection

We've implemented rate limiting at multiple layers to protect against abuse while ensuring legitimate traffic always gets through.

Looking Forward

These improvements compound over time. Faster CI means developers get feedback sooner and ship features quicker. Better observability means we catch issues before users do. Harder infrastructure means we can scale confidently.

The next phase of work focuses on deployment automation, canary releases, and more sophisticated monitoring. The goal is to make deploying code as boring and reliable as possible—just push to main, everything works, no drama.

Takeaways

  1. Speed matters: 50% faster PR checks keeps developers in flow and lets us iterate faster.
  2. You manage what you measure: Structured logging is a force multiplier for reliability.
  3. Resilience requires discipline: Defensive coding, solid testing, and gradual rollouts prevent most production issues.
  4. Security is a feature: Compliance and hardening aren't obstacles—they're table stakes for trustworthy systems.
  5. Infrastructure compounds: Each small improvement makes the next improvement easier to build.