as I keep telling clients
Its fine to rely on external resources on GitHub or elsewhere so long as you mirror everything internally, this way your production build processes can continue even with a service provider outage.
Docker botherer Quay.io's webhook integration with Bitbucket is looking a bit green around the gills. Atlassian's source shack had noted some time ago that it would be changing its API in response to the EU's General Data Protection Regulation (GDPR), which came into force on 25 May 2018. It followed that up with a warning …
As a pure dev in early 2013, I realized that this was a vulnerability to operations--you MUST have everything needed to build & deploy within the same realm, or you have a needless mode of failure.
Of course, at the end of 2013, rubygems.org got hacked and was offline for a week.
The (perhaps) less-obvious advantage is that you have the ability to block/filter problematic versions of packages. Like that gem update that poisoned about 50% of Rails installations around May of 2014.
Some folks here like to dump on cloud computing as "somebody else's machine". In my book, having a build "solution" that spiders across the web is "somebody else's code on somebody else's machine".
Biting the hand that feeds IT © 1998–2019