07CI/CD Pipelines

CI/CD Pipelines

Transformation from manual deployment to continuous automated value delivery. Catch bugs early, deploy fast.

Continuous Integration (CI)

Automatic verification of every commit. We Install, Lint, and Test to ensure the "Continuous" flow doesn't break.

Continuous Deployment (CD)

The automatic release of validated code to production. We Build containers and Deploy to staging and production environments.

Pipeline Visualization

Sequential stage execution with dependencies

Install & Test

Build Package

Deploy Staging

Deploy Production

Commit-Driven

Push to main triggers build

Sequential

Wait for Stage 1 to pass

Gatekeepers

Manual approval for Production

Stage-by-Stage Deep Dive

How to structure your workflow for maximum reliability.

.github/workflows/cicd.yml

# CI/CD Pipeline
name: CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  workflow_dispatch:

env:
  NODE_VERSION: "20"

jobs:
  test:
    name: "Stage 1 — Install & Test"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
      - run: npm install
      - run: npm test

  build:
    name: "Stage 2 — Build & Push"
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          tags: ghcr.io/${{ github.repository }}:latest

  deploy-staging:
    name: "Stage 3 — Deploy Staging"
    needs: build
    runs-on: ubuntu-latest
    environment:
      name: staging
      url: https://staging.myapp.com
    steps:
      - run: echo "Deploying to Staging..."

  deploy-production:
    name: "Stage 4 — Deploy Production"
    needs: deploy-staging
    runs-on: ubuntu-latest
    environment:
      name: production
    steps:
      - run: echo "Deploying to Production..."

The Guardian (Test Stage)

Gatekeeper Stage

This job checks the integrity of your code. If one test fails, the entire pipeline stops here. This prevents broken code from ever being packaged.

uses: actions/checkoutnpm installnpm testnpm run lint

The Factory (Build Stage)

needs & if guards

Only runs if tests pass. It packages your app into a Docker Image and pushes it to GHCR. We use 'needs: test' to ensure correct sequence.

needs: testif: github.ref == 'main'docker/build-push-action

The Sandbox (Staging)

Environment Variables

Auto-deploy to a test environment. This is where PMs and QA engineers verify the application before it goes live.

environment: stagingurl: staging.myapp.comsecrets.STAGING_SERVER

The Real World (Production)

Locked Environments

The most critical stage. It uses a Production environment with 'Required Reviewers' enabled on GitHub.

environment: productionManual Approval GuardDeployment Summary

The "Production" Guard

By using environment: production, you can enable Required Reviewers in GitHub Settings. The pipeline will physically PAUSE until you click "Approve".

Human in the Loop

Self Hosted Runner Docker

Automate Readme Creation