CI/CD
110 items tagged with "ci-cd"
Best Practices14
Trunk-Based Development Guidelines
Branching strategy promoting short-lived branches, frequent commits to trunk, and feature flags.
SAFe Continuous Delivery Pipeline
Scaled Agile Framework’s model for continuous exploration, integration, deployment, and release on demand.
Continuous Integration Best Practices
A development practice where engineers merge code into a shared mainline many times a day, each merge verified by an automated build and test suite.
Continuous Delivery
A discipline where software is built so it can be released to production safely at any time, with every change proven release-ready by an automated pipeline.
Deployment Pipeline Pattern
An automated, staged path that takes every code change from commit through build, tests, and successive environments, providing a single auditable route to production.
Pipeline as Code
Defining CI/CD pipelines in version-controlled configuration files stored alongside the application, so the delivery process is reviewable, reproducible, and auditable.
Artifact Repository Management
The practice of storing, versioning, and governing build artifacts and dependencies in a dedicated repository so the same trusted binary is promoted from build to production.
Reproducible Builds
A set of practices ensuring a given source plus build environment always produces bit-for-bit identical binaries, so anyone can independently verify what shipped.
MLOps Principles
The discipline of applying DevOps and engineering rigor to machine learning so models are built, deployed, monitored, and retrained reliably and reproducibly.
Performance Budgets
A performance budget sets quantitative limits on metrics like page weight, request count, and load timings, enforced in development and CI to stop regressions.
Flaky Test Management
A disciplined approach to detecting, quarantining, and fixing nondeterministic tests so CI signal stays trustworthy and developers keep merging.
Code Coverage Best Practices
Guidance on using code coverage as a signal of untested code rather than a target, including diff coverage and avoiding coverage gaming.
Static Application Security Testing in CI
Integrating SAST tools into the CI pipeline to scan source code for security vulnerabilities automatically on every change.
Documentation as Code
Documentation as Code treats docs like software: stored in version control, written in plain text, reviewed in pull requests, and published automatically through continuous integration.
Models6
Claude Fable 5
Claude Fable 5 is a newly listed Anthropic model on OpenRouter with a 1,000,000-token context window. The discovery data verifies it as a new Anthropic model added during the target date range.
Qwen3.7 Plus
A Qwen-family large language model added on OpenRouter with a 1,000,000-token context window for long-context general-purpose AI workloads.
Gemini Omni
Gemini Omni is a Google Gemini-family model announced at Google I/O 2026 and showcased in Google demos alongside Gemini 3.5. The discovery data verifies the announcement but does not provide context length, output limit, or pricing details.
Claude Opus 4.8
Anthropic's Claude Opus 4.8 is a proprietary frontier model listed on OpenRouter and announced as available on AWS. The provided data highlights its use for agentic systems and production inference workloads, with a 1,000,000-token context window.
Claude Opus 4.8 Fast
Claude Opus 4.8 Fast is an Anthropic model variant added to OpenRouter with a 1,000,000-token context window. It is positioned as the fast variant of Claude Opus 4.8 for lower-latency agentic and production workloads.
Claude Opus 4.7 Fast
A latency-optimised variant of Claude Opus 4.7 with a one-million-token context window, designed for real-time agentic workflows, dependency auditing, and large codebase analysis where Opus-class reasoning is required at lower response times.
Anti-Patterns11
Manual Deployment
Releasing software through hand-run steps and checklists instead of automation, producing slow, error-prone, irreproducible deploys that depend on individuals.
Works on My Machine
Code that runs only in a developer's local setup because of undeclared dependencies and environment assumptions, then fails everywhere else.
Monolithic Pipeline
A single, all-or-nothing CI/CD pipeline that builds, tests, and deploys everything together, making it slow, fragile, and hard to change safely.
Flaky Pipeline
A CI/CD pipeline that fails intermittently for reasons unrelated to the code change, eroding trust and training teams to ignore red builds.
No Rollback Plan
Deploying with no tested, fast way to revert, so a bad release means scrambling under pressure while the outage drags on.
Deploy and Pray
Pushing releases to production with no automated verification, monitoring, or rollback, then hoping nothing breaks instead of knowing it works.
Latest Tag in Production
Deploying container images by the mutable :latest tag, so production runs an unknown, changing version that cannot be reliably reproduced or rolled back.
Ice-Cream Cone (Inverted Test Pyramid)
A test suite dominated by slow manual and end-to-end tests with few unit tests, making feedback slow, brittle, and expensive to maintain.
Flaky Tests
Tests that pass and fail non-deterministically without code changes, eroding trust in the suite and masking real regressions.
Slow Test Suite
A test suite so slow that developers stop running it locally and feedback arrives too late, encouraging skipped tests and large risky batches.
Coverage-Driven Testing (Coverage as a Target)
Chasing a code-coverage percentage as the goal, producing tests that execute code without meaningfully asserting behavior — high numbers, low confidence.
Tutorials22
CI/CD Pipeline with GitHub Actions
Set up a complete CI/CD pipeline using GitHub Actions
How to scan container images for vulnerabilities with Trivy
Find OS and dependency CVEs in container images locally and in CI, and fail builds above a severity threshold.
How to do blue-green deployments on AWS with CodeDeploy
Run zero-downtime blue-green deployments for containers on Amazon ECS using AWS CodeDeploy and a load balancer.
How to build a GitHub Actions pipeline for a web app
Create a complete GitHub Actions workflow that lints, tests, and builds an application on every push and pull request.
How to set up a GitLab CI/CD pipeline
Configure a .gitlab-ci.yml pipeline with stages for testing, building, and deploying using GitLab runners.
How to create a reusable GitHub Actions workflow
Build a callable workflow with inputs and secrets so multiple repositories share one tested CI definition.
How to run matrix builds in CI
Use a build matrix to test your code across multiple language versions and operating systems in parallel.
How to speed up CI builds with caching
Cache dependencies and build outputs in CI to cut pipeline time, with correct cache keys and invalidation.
How to publish a Docker image to a registry from CI
Build a Docker image in CI and push it to a container registry with proper tags and authentication.
How to automate versioning and releases with semantic-release
Use semantic-release and Conventional Commits to automatically determine versions, tag releases, and publish from CI.
How to adopt a trunk-based development workflow
Move to short-lived branches and continuous integration into a single trunk, using feature flags to ship safely.
How to build an environment promotion pipeline
Promote a single build artifact through dev, staging, and production with gated approvals instead of rebuilding per stage.
How to manage secrets securely in CI pipelines
Store, inject, and mask secrets in CI without leaking them, using scoped credentials and short-lived tokens.
How to generate an SBOM in your CI pipeline
Produce a software bill of materials for every build in CI and attach it as an artifact for compliance and security.
How to set up self-hosted CI runners
Register and harden self-hosted runners to run CI jobs on your own hardware for performance and network access.
How to deploy Helm charts to Kubernetes from CI
Package an application as a Helm chart and deploy it to Kubernetes from a CI pipeline with per-environment values.
How to scan infrastructure-as-code for misconfigurations in CI
Add automated IaC security scanning to CI to catch insecure Terraform and Kubernetes configuration before it ships.
How to automate dependency updates in CI
Configure automated dependency update pull requests with grouping, scheduling, and auto-merge for safe updates.
How to set up a CircleCI pipeline with workflows
Configure a CircleCI pipeline using jobs, workflows, and orbs to test and deploy an application.
How to Add SAST Scanning to a CI Pipeline
Run static application security testing on every pull request, fail the build on high-severity findings, and report results as SARIF.
How to Scan Dependencies for Vulnerabilities in CI
Generate an SBOM, scan dependencies against vulnerability databases, gate merges on severity, and automate upgrade pull requests.
How to Scan a Repository for Leaked Secrets
Detect committed secrets, scan git history, add a pre-commit hook, and gate CI so credentials never reach the remote.
Blueprints8
Jenkins to GitHub Actions Blueprint
CI/CD migration from Jenkins to GitHub Actions
Monolithic VM Application to Containers Blueprint
Containerize a large monolithic application running on virtual machines, externalizing state and config to run reliably on a container platform.
CloudFormation to Terraform Blueprint
Migrate AWS infrastructure as code from CloudFormation to Terraform, importing existing resources without destroying or recreating live infrastructure.
ETL to ELT with dbt Blueprint
Move from transform-before-load ETL tools to in-warehouse ELT using dbt for version-controlled, testable transformations.
Jenkins to GitLab CI/CD Blueprint
Migrate Jenkins freestyle and pipeline jobs to GitLab CI/CD with pipeline-as-code, runners, and merge request pipelines.
CircleCI to GitHub Actions Blueprint
Migrate CircleCI pipelines to GitHub Actions with reusable workflows, matrix builds, OIDC cloud auth, and self-hosted runners.
Manual Vulnerability Scanning to DevSecOps Pipeline Blueprint
Shift security left by embedding SAST, dependency, secret, and container scanning into automated CI/CD with policy gates.
Notebooks to MLOps Pipeline Blueprint
Productionize ad-hoc data science notebooks into reproducible, versioned MLOps pipelines with CI/CD, tracking, and automated retraining.
Migrations4
Ad-hoc SQL to Flyway Migration
Adopt Flyway for repeatable database schema migrations and environment parity
CircleCI to GitHub Actions Migration
Migrate CircleCI configs to GitHub Actions workflows with caching and secrets mapping
GitLab CI to GitHub Actions Migration
Migrate `.gitlab-ci.yml` pipelines to GitHub Actions workflows with runner and secret strategy
Jenkins to GitHub Actions Migration
Migrate CI/CD pipelines from Jenkins to GitHub Actions workflows with secrets and runner strategy
Products6
Argo CD
Declarative GitOps continuous delivery for Kubernetes
Flux CD
GitOps toolkit for Kubernetes
Jenkins
Open source automation server for CI/CD
GitHub Actions
CI/CD platform integrated with GitHub
GitLab CI/CD
Built-in CI/CD for GitLab
CircleCI
Cloud-based CI/CD platform
Reference Architectures1
Playbooks6
Container Platform Migration Playbook
A phased program to migrate workloads from VMs and Docker Compose onto a managed container platform with standardized build and deploy.
Framework Upgrade Program Playbook
A repeatable program for keeping backend frameworks current through routine, low-risk major-version upgrades across a portfolio.
dbt and ELT Adoption Program Playbook
Adopt dbt-style ELT to modernize transformation logic with version control, testing, documentation, and a medallion architecture.
CI/CD Modernization Playbook
A phased program to move from manual or brittle pipelines to fast, secure, pipeline-as-code delivery with automated gates.
DevSecOps Program Playbook
A program to embed security into the software lifecycle with shift-left scanning, secure pipelines, and shared ownership between dev, sec, and ops.
Software Supply Chain Security Program Playbook
A program to secure the build-to-deploy pipeline with SBOMs, artifact signing, provenance attestation, and SLSA-aligned controls.
Checklists8
GitOps Adoption Readiness Checklist
Verify the prerequisites for declarative, Git-driven Kubernetes delivery are in place before adopting GitOps.
Schema Change Safety Checklist
Safety checks for applying database schema changes to production without locking tables or breaking running applications.
CI/CD Pipeline Review Checklist
A structured review of a continuous integration and delivery pipeline for correctness, speed, security, and reproducibility.
On-Call Handover Checklist
Ensure a clean transfer of on-call responsibility with full context on ongoing issues, risks, and operational state.
SBOM & Supply-Chain Security Review Checklist
Verify software supply-chain integrity through SBOM generation, dependency provenance, build integrity, and artifact signing.
MLOps Pipeline Review Checklist
Audit items for assessing the maturity, reproducibility, and automation of an end-to-end machine learning operations pipeline.
LLM Evaluation Readiness Checklist
Verification items for building a trustworthy evaluation harness before releasing changes to an LLM-powered feature.
Microservices API Contract Testing Checklist
Verification items for establishing consumer-driven contract testing across microservices to prevent integration breakage.
Stacks3
Spinnaker Continuous Delivery
An open-source, multi-cloud continuous delivery platform for managing complex deployment pipelines with advanced strategies like canary, blue-green, and rollback.
Jenkins + Nexus
A self-hosted CI and artifact-management stack pairing Jenkins automation pipelines with Sonatype Nexus as a binary repository for builds and dependencies.
Tekton + Argo CD
A Kubernetes-native CI/CD stack pairing Tekton pipelines for in-cluster continuous integration with Argo CD for GitOps-based continuous delivery.
Comparisons4
Monorepo vs Polyrepo
A monorepo stores many projects in one repository; a polyrepo splits them across many. The choice shapes code sharing, tooling, and team autonomy.
GitHub Actions vs GitLab CI/CD
Both run pipelines defined in YAML next to your code. GitHub Actions centers on a marketplace of reusable actions; GitLab CI/CD ships an integrated DevOps platform.
GitHub Actions vs Jenkins
GitHub Actions is a managed, YAML-driven CI/CD service tied to GitHub; Jenkins is a self-hosted, plugin-rich automation server with maximum flexibility.
CircleCI vs GitHub Actions
CircleCI is a dedicated cloud CI/CD platform known for speed and orbs; GitHub Actions is GitHub's native automation with a huge action marketplace.
Benchmarks7
k6 Load Testing
Developer-centric, scriptable load-testing tool using JavaScript scenarios to measure API and web performance with rich thresholds and metrics.
Build-Time Benchmark
Measures how long it takes to compile and package software, a key developer-productivity and CI-cost metric across clean, incremental, and cached builds.
DORA Metrics Benchmark
Measures software delivery and operational performance via four key metrics: deployment frequency, lead time, change failure rate, and time to restore.
Code Coverage Benchmark
Measures the proportion of code exercised by automated tests, across line, branch, statement, and function coverage, as a test-completeness indicator.
Flaky Test Rate Benchmark
Measures the prevalence and impact of nondeterministic tests that pass and fail without code changes, eroding trust in the test suite.
CI Build Time (p95) Benchmark
Measures continuous-integration pipeline duration, focusing on the p95 build time and its phases, to quantify developer feedback latency.
CI/CD Pipeline Reliability Benchmark
Measures how dependably a delivery pipeline succeeds, reporting pass rate, infrastructure-failure share, and mean time to recover a broken pipeline.
FAQs3
What is a container registry?
A container registry is a storage and distribution system for container images, allowing them to be pushed after a build and pulled at deployment time...
What is software supply-chain security?
Software supply-chain security protects the integrity of everything that goes into building and delivering software: source code, third-party dependen...
What is CI/CD?
CI/CD stands for Continuous Integration and Continuous Delivery (or Deployment). Continuous Integration means developers merge code into a shared bran...
Glossaries7
CI/CD
Continuous Integration and Continuous Deployment - practices for automating code integration and delivery
Container Image
A container image is an immutable, read-only template containing an application and its dependencies, packaged as ordered filesystem layers from which running containers are created.
Helm Chart
A Helm chart is a packaged, templated, and versioned collection of Kubernetes manifests that Helm uses to install, upgrade, and manage an application as a single releasable unit.
Software Supply Chain Security
Software supply chain security is the practice of protecting every stage of building and delivering software, from dependencies and build systems to distribution, against tampering and compromise.
Continuous Integration (CI)
A practice where developers merge code changes into a shared repository frequently, with each merge automatically built and tested to catch integration problems early.
Continuous Delivery (CD)
A practice where software is kept in a releasable state at all times, with every change automatically built, tested, and prepared for deployment, leaving the final release as a manual decision.
Continuous Deployment
A practice where every change that passes the automated pipeline is released to production automatically, with no manual approval step.