The Forge Became The Bottleneck

GitHub is no longer just where code is stored. For many teams it is the pull request queue, CI dispatcher, issue tracker, release gate, security scanner, package workflow, code review archive, and sometimes the only visible proof that engineering work exists.

That is why GitHub reliability problems feel different from a normal SaaS outage. When chat is down, a team can often move to email. When a metrics dashboard is slow, production systems keep running. When GitHub is degraded, a large part of the software delivery loop can stall at once:

• engineers cannot review or merge confidently,
• automation cannot start or report status,
• release managers lose the shared source of truth,
• security and compliance checks become harder to trust,
• agents and bots retry into the same degraded paths.

The argument is not that GitHub is uniquely bad software. It is that GitHub has become a concentrated dependency, and concentrated dependencies deserve much higher scrutiny than ordinary tools.

The Recent Pattern Is Not Imaginary

GitHub’s own status feed gives enough evidence to treat this as an operational trend, not only user frustration.

In late April and May 2026, public incidents included search degradation, incomplete pull request results, Actions capacity delays, app token authentication failures, Copilot model disruption, elevated errors across multiple services, webhook/API degradation, and a June 1 incident involving delayed code scanning and billing updates.

The details matter. Some incidents were narrow. Others crossed product boundaries:

• A May 26 Actions and Pages incident also affected Copilot Code Review, Copilot coding agent, Octoshift, and GitHub Enterprise Importer because those systems depended on Actions.
• A May 27 incident tied degraded Git operations, pull requests, issues, GraphQL API requests, and related services to unexpected load from an internal analytics component.
• A May 28 authentication-service deployment caused elevated errors for the web experience, REST API, Git operations, and Actions.
• A May 1 writeup said a repair job removed about 49% of indexed pull request documents from Elasticsearch, affecting pull request search and list discoverability even though primary storage was intact.

That last distinction is important. “No data lost” is good. It is not the same as “the product is usable.” For a developer tool, discoverability is often part of correctness. A pull request that exists but cannot reliably be found in the normal interface is operationally half-missing.

GitHub’s Own Explanation Points To A Harder Future

GitHub published an availability update in April 2026 that framed the pressure as a change in how software is being built. Since the second half of December 2025, GitHub says agentic development workflows have accelerated sharply, increasing repository creation, pull request activity, API usage, automation, and large-repository workloads.

That explanation is plausible. It is also an admission that the old capacity model is no longer enough.

An AI coding agent does not use a forge like a human. A human opens a pull request, reads a page, writes a comment, maybe pushes a few commits. An agent can create branches, poll status, push repeatedly, inspect diffs, trigger checks, rebase, open review comments, fetch issue context, and retry failed operations at machine speed. Multiply that by every product team experimenting with agentic workflows and the traffic shape changes quickly.

The load is not just larger. It is more coupled:

• one pull request touches Git storage, search, branch protection, mergeability checks, notifications, Actions, permissions, APIs, webhooks, caches, and databases;
• one slow subsystem can make several unrelated surfaces appear broken;
• retries from humans, bots, and agents can amplify a partial degradation;
• large monorepos turn ordinary operations into high-fanout infrastructure events.

This is why “we are scaling” is not a complete answer. The key question is whether GitHub can degrade gracefully when a subsystem is overloaded. If search is unhealthy, can merge queues continue safely? If Actions has an authentication failure, can unrelated Pages, import, and agent workflows avoid the same failure mode? If a repair job targets one repository, can the indexing layer prove that scope before deleting documents?

The Status Page Is Better, But Still Not Enough

GitHub has improved its public status communication and now publishes more incident detail than many infrastructure vendors. That deserves credit. The recent incident writeups include useful root causes, impact numbers, and mitigation plans.

But a status page is still a product-controlled view of reliability. It tends to answer, “Has GitHub declared an incident?” Teams need a different question answered: “Is the path I depend on healthy enough to ship?”

For developer infrastructure, that path may be very specific:

• Can hosted Ubuntu runners start within our release SLO?
• Are pull request lists complete?
• Are search-backed review views accurate?
• Are webhooks being delivered fast enough for deployment gates?
• Are app installation tokens reliable enough for automation?
• Are merge queues producing the expected commits?

An uptime percentage hides these differences. A forge can be “up” while the exact workflow a team depends on is functionally unavailable.

Frontend Weight Is Part Of Reliability

The original article spends a lot of energy on GitHub’s frontend weight, and that critique is not cosmetic. A developer forge is a workbench. If the workbench is slow, memory-hungry, or frequently reshuffled, it taxes every review, every incident, and every release.

Frontend performance also affects incident perception. When a pull request page feels stuck, the user cannot easily distinguish between:

• client-side JavaScript doing too much work,
• search or API latency,
• a partially degraded backend dependency,
• a browser compatibility problem,
• a broken feature flag rollout.

GitHub is not alone here. Modern web applications often trade simple document navigation for large client bundles, hydrated UI islands, analytics, experimentation systems, notification widgets, and AI affordances. The cost is paid by users doing repeated, detail-heavy work.

For a marketing site, that cost is annoying. For a code review tool, it is operational friction. Reviewers need fast diffs, stable keyboard flow, reliable comment anchors, and predictable state. They do not need surprise navigation changes while trying to approve a production fix.

Actions Is A Critical System, Not A Convenience

GitHub Actions started as a convenient automation layer. It is now a build grid, release platform, security scanner, deployment trigger, and glue system for many organizations.

That raises the standard. Hosted runner capacity, action download reliability, cache behavior, log usability, secret handling, and failure reporting are not nice-to-have details. They define whether teams can ship.

The May 26 incident is a useful warning. An automated account review system incorrectly suspended the service account used by Actions. Newly queued runs failed to start, workflows could not download actions, and dependent systems were dragged into the incident. The fix included allowlisting service accounts and improving diagnostic tooling.

The lesson is broader than GitHub Actions. Internal automation that governs production automation must be treated as production infrastructure. If a fraud, abuse, or account-review system can disable the CI service account, then that review system sits in the release path whether the architecture diagram admits it or not.

The AI Feature Race Changes The Trust Equation

GitHub is pushing hard on Copilot, coding agents, AI code review, and AI-assisted workflows. Those products may be useful. They also create a trust tension.

When the core forge is degraded, every new AI surface gets interpreted through the reliability lens. Users ask: why is the pull request page still heavy, why are Actions flaky, why did search lose documents, and why is product attention going to another agent control surface?

That reaction is not anti-AI. It is normal prioritization pressure from customers whose delivery system is already overloaded.

AI can also make the reliability problem worse before it makes it better. Agents increase API calls, branch churn, check runs, comments, status polling, and artifact reads. If GitHub sells agentic workflows, GitHub owns the resulting traffic shape. The platform cannot treat agent load as an external surprise while also marketing agents as the new default way to build software.

Alternatives Are Risk Controls, Not Purity Tests

The useful response is not “delete GitHub tomorrow.” For many teams, that would be theater. GitHub has network effects, integrations, hiring value, package ecosystems, and organizational muscle memory.

The practical response is to reduce single-forge dependency where it matters most:

• Keep local clones complete and documented, including submodules and large-file requirements.
• Make critical build steps runnable outside GitHub Actions.
• Avoid GitHub-only release procedures when a simple signed artifact pipeline would work.
• Mirror important repositories to another forge or internal Git server.
• Keep issue and architecture records exportable.
• Use GitHub Apps and API tokens with explicit failure behavior rather than assuming the API is always available.
• Treat merge queue, branch protection, and required checks as production configuration with rollback plans.

GitLab, Codeberg/Forgejo, self-hosted Git, and plain mailing-list style workflows each have tradeoffs. The point is not that every alternative is better. The point is that teams should know which parts of their delivery process can survive a GitHub incident and which parts cannot.

What GitHub Should Optimize For

GitHub’s own April availability post lists the right distributed systems themes: isolating critical services, reducing hidden coupling, improving caching, limiting blast radius, and moving performance-sensitive paths into systems designed for those workloads.

Those are the right nouns. The credibility test is whether users feel the results in the daily workflow.

The highest-leverage improvements would be boring:

• Pull request pages should be fast, stable, and memory-efficient before they are clever.
• Actions should expose simpler raw logs and clearer queue/capacity signals.
• Status reporting should map incidents to concrete developer workflows, not only product areas.
• Search-backed pages should make completeness guarantees explicit.
• Feature rollouts should be conservative on review, merge, security, and release surfaces.
• Agentic automation should have separate capacity planning and backpressure so it does not crowd out human emergency work.

Developer tools earn trust by being predictably boring under pressure. A forge can have ambitious AI features, but the merge button, diff viewer, webhook delivery path, and CI queue need to feel like infrastructure.

How Teams Should Read This

If GitHub is central to your engineering organization, treat it like any other critical dependency. Define the workflows that matter, decide what level of degradation is acceptable, and rehearse the fallback.

The minimum viable exercise is simple:

1. Pick one repository that ships production code.
2. Assume GitHub pull request search, Actions, or Git operations are degraded for half a day.
3. Write down exactly how you would review, test, approve, tag, and deploy an urgent fix.
4. Remove any step that depends on a single GitHub-only UI path when a CLI, local, mirrored, or documented fallback would work.

That is not paranoia. It is basic operations hygiene. GitHub’s scale, integration depth, and AI-driven growth make it more important, not less, to have a plan.

References

• HN discussion: GitHub and the crime against software
• Original article by Efron Licht
• GitHub Blog: An update on GitHub availability
• GitHub Status history
• GitHub Online Services SLA