Did you know that GitHub runs its own code on github.com? That means if the site goes down, engineers lose access to the very code they need to fix it. This circular dependency—deploying GitHub requires GitHub—is just the tip of the iceberg. When designing a new host-based deployment system, GitHub turned to eBPF (extended Berkeley Packet Filter) to selectively monitor and block dependency calls. Here are seven critical circular dependencies they identified and how eBPF helped neutralize them.
1. The Self-Hosting Catch-22
GitHub’s biggest circular dependency is obvious: to deploy changes to github.com, they need github.com to be operational. If the site crashes, no one can push fixes. GitHub mitigates this with a mirrored copy of source code and pre-built assets for rollbacks. But this is only a partial solution—deployment scripts themselves can introduce new dependencies. eBPF provides a way to enforce that deployment code never reaches out to services that could create a loop, such as GitHub’s own API or download endpoints.
2. Direct Dependencies: Obvious but Dangerous
Imagine a MySQL outage prevents GitHub from serving release data. Your fix involves a deploy script that pulls the latest open-source tool from GitHub. But because GitHub is down, the download fails, and the deployment stops. That’s a direct circular dependency. eBPF can block such outbound calls from deployment scripts before they even happen, ensuring scripts only use locally available resources.
3. Hidden Dependencies: Silent Threats
A tool already on the machine might check for updates every time it runs. If that check requires contacting GitHub and the service is down, the tool may hang or fail silently. This hidden dependency is hard to catch during code review. With eBPF, GitHub can monitor system calls made by deployment processes and intercept those that try to reach restricted domains, preventing timeouts and failures.
4. Transient Dependencies: Cascading Failures
Your deploy script calls an internal migrations service via API. That service, in turn, fetches a binary from GitHub. If GitHub is unavailable, the failure ripples back to your script. This transient dependency is easy to overlook. eBPF allows GitHub to trace these indirect calls and enforce a policy that deployment code must never rely on external services during an outage scenario.
5. Manual Mitigation: The Old Way
Before eBPF, each team owning stateful hosts had to manually review deployment scripts for circular dependencies. This was error-prone and time-consuming. Many dependencies, especially hidden and transient ones, slipped through. GitHub needed an automated, system-wide solution that didn’t require changing every script. eBPF offered a low-overhead way to enforce dependency rules at the kernel level.
6. How eBPF Monitors and Blocks Circular Calls
eBPF attaches to kernel hooks — like connect(), open(), and execve() — to observe and filter system calls made by deployment processes. GitHub wrote custom eBPF programs that intercept outbound network connections and file access attempts. If a deployment script tries to reach github.com or a restricted internal service, the eBPF program can either log the event, kill the process, or redirect the request. This ensures deployment safety without modifying application code.
7. Getting Started with eBPF for Deployment Safety
You can replicate GitHub’s approach using tools like BCC (BPF Compiler Collection) or libbpf. Start by identifying critical circular dependency patterns in your own environment. Write a simple eBPF program to monitor outgoing HTTP requests from your deployment pipeline. Use a map to define allowed targets and block everything else. Test in a staging environment first. GitHub’s experience shows that eBPF is a powerful, lightweight method to harden deployment processes against cascading failures.
eBPF doesn’t replace good architecture, but it adds a safety net for those unpredictable moments when dependencies loop back on themselves. By learning from GitHub’s journey, you can build more resilient deployment systems—and sleep better knowing your code won’t disappear just because your hosting platform hiccups.