Skip to main content
Back to Tags

CI/CD

110 items tagged with "ci-cd"

Filter by type:

Best Practices14

Best Practice

Trunk-Based Development Guidelines

Branching strategy promoting short-lived branches, frequent commits to trunk, and feature flags.

Best Practice

SAFe Continuous Delivery Pipeline

Scaled Agile Framework’s model for continuous exploration, integration, deployment, and release on demand.

Best Practice

Continuous Integration Best Practices

A development practice where engineers merge code into a shared mainline many times a day, each merge verified by an automated build and test suite.

Best Practice

Continuous Delivery

A discipline where software is built so it can be released to production safely at any time, with every change proven release-ready by an automated pipeline.

Best Practice

Deployment Pipeline Pattern

An automated, staged path that takes every code change from commit through build, tests, and successive environments, providing a single auditable route to production.

Best Practice

Pipeline as Code

Defining CI/CD pipelines in version-controlled configuration files stored alongside the application, so the delivery process is reviewable, reproducible, and auditable.

Best Practice

Artifact Repository Management

The practice of storing, versioning, and governing build artifacts and dependencies in a dedicated repository so the same trusted binary is promoted from build to production.

Best Practice

Reproducible Builds

A set of practices ensuring a given source plus build environment always produces bit-for-bit identical binaries, so anyone can independently verify what shipped.

Best Practice

MLOps Principles

The discipline of applying DevOps and engineering rigor to machine learning so models are built, deployed, monitored, and retrained reliably and reproducibly.

Best Practice

Performance Budgets

A performance budget sets quantitative limits on metrics like page weight, request count, and load timings, enforced in development and CI to stop regressions.

Best Practice

Flaky Test Management

A disciplined approach to detecting, quarantining, and fixing nondeterministic tests so CI signal stays trustworthy and developers keep merging.

Best Practice

Code Coverage Best Practices

Guidance on using code coverage as a signal of untested code rather than a target, including diff coverage and avoiding coverage gaming.

Best Practice

Static Application Security Testing in CI

Integrating SAST tools into the CI pipeline to scan source code for security vulnerabilities automatically on every change.

Best Practice

Documentation as Code

Documentation as Code treats docs like software: stored in version control, written in plain text, reviewed in pull requests, and published automatically through continuous integration.

Anti-Patterns11

Anti-Pattern

Manual Deployment

Releasing software through hand-run steps and checklists instead of automation, producing slow, error-prone, irreproducible deploys that depend on individuals.

Anti-Pattern

Works on My Machine

Code that runs only in a developer's local setup because of undeclared dependencies and environment assumptions, then fails everywhere else.

Anti-Pattern

Monolithic Pipeline

A single, all-or-nothing CI/CD pipeline that builds, tests, and deploys everything together, making it slow, fragile, and hard to change safely.

Anti-Pattern

Flaky Pipeline

A CI/CD pipeline that fails intermittently for reasons unrelated to the code change, eroding trust and training teams to ignore red builds.

Anti-Pattern

No Rollback Plan

Deploying with no tested, fast way to revert, so a bad release means scrambling under pressure while the outage drags on.

Anti-Pattern

Deploy and Pray

Pushing releases to production with no automated verification, monitoring, or rollback, then hoping nothing breaks instead of knowing it works.

Anti-Pattern

Latest Tag in Production

Deploying container images by the mutable :latest tag, so production runs an unknown, changing version that cannot be reliably reproduced or rolled back.

Anti-Pattern

Ice-Cream Cone (Inverted Test Pyramid)

A test suite dominated by slow manual and end-to-end tests with few unit tests, making feedback slow, brittle, and expensive to maintain.

Anti-Pattern

Flaky Tests

Tests that pass and fail non-deterministically without code changes, eroding trust in the suite and masking real regressions.

Anti-Pattern

Slow Test Suite

A test suite so slow that developers stop running it locally and feedback arrives too late, encouraging skipped tests and large risky batches.

Anti-Pattern

Coverage-Driven Testing (Coverage as a Target)

Chasing a code-coverage percentage as the goal, producing tests that execute code without meaningfully asserting behavior — high numbers, low confidence.

Tutorials22

Tutorial

CI/CD Pipeline with GitHub Actions

Set up a complete CI/CD pipeline using GitHub Actions

Tutorial

How to scan container images for vulnerabilities with Trivy

Find OS and dependency CVEs in container images locally and in CI, and fail builds above a severity threshold.

Tutorial

How to do blue-green deployments on AWS with CodeDeploy

Run zero-downtime blue-green deployments for containers on Amazon ECS using AWS CodeDeploy and a load balancer.

Tutorial

How to build a GitHub Actions pipeline for a web app

Create a complete GitHub Actions workflow that lints, tests, and builds an application on every push and pull request.

Tutorial

How to set up a GitLab CI/CD pipeline

Configure a .gitlab-ci.yml pipeline with stages for testing, building, and deploying using GitLab runners.

Tutorial

How to create a reusable GitHub Actions workflow

Build a callable workflow with inputs and secrets so multiple repositories share one tested CI definition.

Tutorial

How to run matrix builds in CI

Use a build matrix to test your code across multiple language versions and operating systems in parallel.

Tutorial

How to speed up CI builds with caching

Cache dependencies and build outputs in CI to cut pipeline time, with correct cache keys and invalidation.

Tutorial

How to publish a Docker image to a registry from CI

Build a Docker image in CI and push it to a container registry with proper tags and authentication.

Tutorial

How to automate versioning and releases with semantic-release

Use semantic-release and Conventional Commits to automatically determine versions, tag releases, and publish from CI.

Tutorial

How to adopt a trunk-based development workflow

Move to short-lived branches and continuous integration into a single trunk, using feature flags to ship safely.

Tutorial

How to build an environment promotion pipeline

Promote a single build artifact through dev, staging, and production with gated approvals instead of rebuilding per stage.

Tutorial

How to manage secrets securely in CI pipelines

Store, inject, and mask secrets in CI without leaking them, using scoped credentials and short-lived tokens.

Tutorial

How to generate an SBOM in your CI pipeline

Produce a software bill of materials for every build in CI and attach it as an artifact for compliance and security.

Tutorial

How to set up self-hosted CI runners

Register and harden self-hosted runners to run CI jobs on your own hardware for performance and network access.

Tutorial

How to deploy Helm charts to Kubernetes from CI

Package an application as a Helm chart and deploy it to Kubernetes from a CI pipeline with per-environment values.

Tutorial

How to scan infrastructure-as-code for misconfigurations in CI

Add automated IaC security scanning to CI to catch insecure Terraform and Kubernetes configuration before it ships.

Tutorial

How to automate dependency updates in CI

Configure automated dependency update pull requests with grouping, scheduling, and auto-merge for safe updates.

Tutorial

How to set up a CircleCI pipeline with workflows

Configure a CircleCI pipeline using jobs, workflows, and orbs to test and deploy an application.

Tutorial

How to Add SAST Scanning to a CI Pipeline

Run static application security testing on every pull request, fail the build on high-severity findings, and report results as SARIF.

Tutorial

How to Scan Dependencies for Vulnerabilities in CI

Generate an SBOM, scan dependencies against vulnerability databases, gate merges on severity, and automate upgrade pull requests.

Tutorial

How to Scan a Repository for Leaked Secrets

Detect committed secrets, scan git history, add a pre-commit hook, and gate CI so credentials never reach the remote.