GitHub appears to be struggling with measly three nines availability

Original Article ↗ Hacker News Discussion ↗

Observed reliability and “nines” debate

  • Multiple commenters point to third‑party uptime aggregators showing overall GitHub availability around a single nine (~90%), with core git/Actions also below 99.9%.
  • Several argue three nines is a reasonable expectation for critical infrastructure and that GitHub is missing even its own 99.9% per‑service enterprise SLA.
  • Others note “five nines” claims in the industry are often marketing, argue 99.9% is already hard at scale, and say using “measly” for three nines shows misunderstanding.
  • Disagreement over whether aggregating all features into one uptime number is fair; but even per‑service metrics look poor.

Impact on users and workflows

  • Repeated reports of:
    • PR pages and diffs loading very slowly or partially.
    • Actions jobs being canceled or stuck, forcing people to disable workflows or move CI elsewhere.
    • Outages causing missed deploy windows, blocked PRs, and security gates being bypassed.
  • Some treat GitHub as “distribution not infrastructure,” keeping local/source‑of‑truth repos and independent deployment paths to reduce blast radius.

Suspected causes: migration, AI, and architecture

  • Many tie degradations to:
    • Forced migration from GitHub’s own bare metal/MySQL setups to Azure, with tight deadlines and little support.
    • Massive growth in traffic and PR volume from AI coding agents and “karma farming” bots.
    • Internal focus on Copilot/AI features over core reliability.
  • Technical critiques include: React front‑end replacing server‑rendered pages and hurting performance; historically weak availability design in GitHub Enterprise Server; continued lack of IPv6 and other protocol features.

GitHub Actions, CI/CD, and security

  • Actions called unreliable (frequent random failures, deprecations, pricing scares) and deeply intertwined with GitHub, making it a single point of failure for CI/CD and security scanning.
  • Security concerns around:
    • Mutable action references, composite actions’ transitive dependencies, and supply‑chain attacks.
    • GitHub’s slow response to long‑standing vulnerability patterns, despite community warnings.
  • Suggested mitigations: pinning actions to commit hashes, vendoring action dependencies, or moving to other CI tools (Jenkins, GitLab, CircleCI, self‑hosted scripts).

Microsoft ownership, strategy, and alternatives

  • Many see deterioration beginning or accelerating after the Microsoft acquisition and the later full organizational integration.
  • GitHub is perceived as optimized for pushing Copilot and Azure rather than being a neutral, rock‑solid developer hub.
  • Alternatives mentioned: GitLab, Forgejo, Codeberg, Bitbucket, Radicle, self‑hosted git + CI; though some note competitors also struggle with reliability.