alt Hacker NewsWell, this all makes sense for application code, but not necessarily for infrastructure changes. Imagine a failed Terraform merge that deletes the production database but opens the inbound at 0.0.0.0/0, and you can't undo it for 10 minutes. In my opinion, you need to pay attention to the narrow scope specific to a given project.
Try to imagine a deployment/CI system where that isn't possible. That's what the post is asking.
* Maybe you don't have privileges to delete the database
* Maybe your CI environments are actually high fidelity, and will fail when there is no DB
* Maybe destructive actions require further review
* Maybe your service isn't exposed to the public internet, and exposing to 0.0.0.0/0 isn't a problem.
* Maybe we engineer our systems to have trivial instant undo, and deleting a DB triggers an undo
Our tooling is kind of crappy. There's a lot we can do.