Quality Assurance Best Practices | Test Pyramid & CI/CD Gates
Build quality into development with test pyramid strategy, CI/CD quality gates, and shift-left testing. Automate regression, explore manually with GitScrum.
7 min read
Quality isn't a phaseβit's a practice woven throughout development. The best teams don't test quality in at the end; they build it in from the start. This guide covers practical approaches to quality assurance that scale with your team.
Testing Pyramid
| Level | Speed | Scope | Quantity |
|---|---|---|---|
| Unit | Fast | Small | Many |
| Integration | Medium | Medium | Some |
| E2E | Slow | Full | Few |
| Manual | Slowest | Variable | Targeted |
Shift Left
Quality From the Start
SHIFT LEFT APPROACH
βββββββββββββββββββ
TRADITIONAL (SHIFT RIGHT):
βββββββββββββββββββββββββββββββββββββ
Requirements β Dev β Dev β Dev β QA β QA β Deploy
QA at the end:
βββ Bugs found late
βββ Expensive to fix
βββ Pressure to ship anyway
βββ Quality afterthought
βββ Firefighting mode
SHIFT LEFT:
βββββββββββββββββββββββββββββββββββββ
[QA] Requirements β [QA] Dev β [QA] Review β Deploy
QA throughout:
βββ QA in planning
βββ QA reviews requirements
βββ Tests written early
βββ Testing during dev
βββ Bugs caught early
βββ Quality built in
PRACTICES:
βββββββββββββββββββββββββββββββββββββ
Planning:
βββ QA reviews acceptance criteria
βββ Identifies test scenarios
βββ Flags complexity
βββ Estimates testing effort
βββ Part of the team
Development:
βββ Developers write unit tests
βββ TDD for critical paths
βββ Pair with QA on scenarios
βββ Test as you code
βββ No "throw over wall"
Review:
βββ Tests required in PR
βββ Coverage thresholds
βββ Automated checks pass
βββ QA reviews functionality
βββ Gate before merge
Automation Strategy
What to Automate
AUTOMATION DECISIONS
ββββββββββββββββββββ
AUTOMATE:
βββββββββββββββββββββββββββββββββββββ
Unit tests (high value, fast):
βββ Business logic
βββ Calculations
βββ Data transformations
βββ Edge cases
βββ Run on every commit
Integration tests (medium value):
βββ API endpoints
βββ Database operations
βββ Service interactions
βββ Key flows
βββ Run on every PR
E2E tests (selective):
βββ Critical user journeys
βββ Smoke tests
βββ Happy paths
βββ Revenue-impacting flows
βββ Run on deploy
Regression suite:
βββ Previously found bugs
βββ Fixed issues stay fixed
βββ High-risk areas
βββ Run regularly
DON'T AUTOMATE:
βββββββββββββββββββββββββββββββββββββ
βββ Exploratory testing
βββ Usability evaluation
βββ One-time checks
βββ Rapidly changing UI
βββ Edge cases still being discovered
βββ Manual is more effective
AUTOMATION PRIORITY:
βββββββββββββββββββββββββββββββββββββ
ROI = (manual time Γ frequency) / automation cost
Automate first:
βββ Run many times
βββ Time-consuming manually
βββ Critical paths
βββ Stable functionality
βββ High payoff
Test Pyramid
TESTING PYRAMID
βββββββββββββββ
β±β²
β± β²
β± E2Eβ² Few
β± testsβ² (10%)
β±βββββββββ²
β±Integrationβ² Some
β± tests β² (20%)
β±ββββββββββββββββ²
β± Unit tests β² Many
β± β²(70%)
β±ββββββββββββββββββββββββ²
UNIT TESTS (Base):
βββββββββββββββββββββββββββββββββββββ
βββ Fast (milliseconds)
βββ Many (hundreds/thousands)
βββ Test one thing each
βββ No external dependencies
βββ Run constantly
βββ Developer-written
INTEGRATION TESTS (Middle):
βββββββββββββββββββββββββββββββββββββ
βββ Medium speed (seconds)
βββ Moderate count (dozens/hundreds)
βββ Test component interactions
βββ May use test databases
βββ Run on PR and deploy
βββ Developer or QA
E2E TESTS (Top):
βββββββββββββββββββββββββββββββββββββ
βββ Slow (minutes)
βββ Few (dozens max)
βββ Full user journeys
βββ Real browser/app
βββ Run before production
βββ Often QA-owned
ANTI-PATTERN: ICE CREAM CONE
βββββββββββββββββββββββββββββββββββββ
Many E2E, few unit tests:
βββ Slow feedback
βββ Flaky tests
βββ Hard to maintain
βββ Not pinpointing failures
βββ Invert the pyramid!
Quality Gates
CI/CD Quality
QUALITY GATES IN CI/CD
ββββββββββββββββββββββ
ON COMMIT:
βββββββββββββββββββββββββββββββββββββ
βββ Linting passes
βββ Unit tests pass
βββ Build succeeds
βββ Fast feedback (<5 min)
βββ Fail fast
ON PR:
βββββββββββββββββββββββββββββββββββββ
βββ All unit tests pass
βββ Integration tests pass
βββ Coverage threshold met
βββ Static analysis clean
βββ Security scan clean
βββ Code review approved
βββ Gate before merge
ON MERGE TO MAIN:
βββββββββββββββββββββββββββββββββββββ
βββ Full test suite
βββ E2E tests
βββ Performance benchmarks
βββ Deploy to staging
βββ Smoke tests
βββ Ready for production
ON PRODUCTION DEPLOY:
βββββββββββββββββββββββββββββββββββββ
βββ Smoke tests
βββ Health checks
βββ Monitoring active
βββ Rollback ready
βββ Feature flags for gradual rollout
βββ Observe and confirm
EXAMPLE PIPELINE:
βββββββββββββββββββββββββββββββββββββ
[Commit] β Lint β Unit Tests β Build
β
[PR] β Integration β Coverage β Security
β
[Merge] β E2E β Staging β Smoke
β
[Deploy] β Production β Monitor β Alerts
Exploratory Testing
Manual Testing Value
EXPLORATORY TESTING
βββββββββββββββββββ
WHAT IT IS:
βββββββββββββββββββββββββββββββββββββ
Simultaneous:
βββ Learning about the system
βββ Designing tests
βββ Executing tests
βββ Analyzing results
βββ Human creativity and intuition
WHEN TO DO:
βββββββββββββββββββββββββββββββββββββ
βββ New features
βββ Complex flows
βββ Risk assessment
βββ Edge case discovery
βββ Usability evaluation
βββ Automation can't replace
SESSION-BASED APPROACH:
βββββββββββββββββββββββββββββββββββββ
Session: 45-90 min focused exploration
Charter example:
"Explore the checkout flow
with various payment methods
to find edge cases and usability issues"
Document:
βββ Time spent
βββ Scenarios explored
βββ Issues found
βββ Questions raised
βββ Areas for automation
βββ Brief report
COMPLEMENT AUTOMATION:
βββββββββββββββββββββββββββββββββββββ
Automation: Known scenarios
Exploration: Unknown scenarios
Together:
βββ Automation for regression
βββ Exploration for discovery
βββ Both valuable
βββ Different purposes
Bug Management
Tracking and Learning
BUG LIFECYCLE
βββββββββββββ
DISCOVERY:
βββββββββββββββββββββββββββββββββββββ
Bug found by:
βββ Automated test
βββ Manual testing
βββ Production monitoring
βββ User report
βββ Record source for analysis
DOCUMENTATION:
βββββββββββββββββββββββββββββββββββββ
Good bug report:
βββ Clear title
βββ Steps to reproduce
βββ Expected behavior
βββ Actual behavior
βββ Environment details
βββ Screenshots/logs
βββ Enough to fix without questions
TRIAGE:
βββββββββββββββββββββββββββββββββββββ
Severity:
βββ Critical: Production down
βββ High: Major feature broken
βββ Medium: Feature degraded
βββ Low: Minor issue
βββ Prioritize accordingly
FIX + TEST:
βββββββββββββββββββββββββββββββββββββ
βββ Fix the bug
βββ Add test that catches it
βββ Verify test fails before fix
βββ Verify test passes after fix
βββ Bug β Permanent test
βββ Never regress
POST-MORTEM (for significant bugs):
βββββββββββββββββββββββββββββββββββββ
"How did this happen?"
βββ Root cause
βββ Why tests didn't catch
βββ What would prevent next time
βββ Action items
βββ Blameless learning
βββ Systemic improvement
GitScrum QA Integration
Quality Tracking
GITSCRUM QA FEATURES
ββββββββββββββββββββ
BUG TRACKING:
βββββββββββββββββββββββββββββββββββββ
Task type: Bug
βββ Severity field
βββ Steps to reproduce
βββ Environment
βββ Linked to feature
βββ QA workflow
βββ Track to resolution
QA WORKFLOW:
βββββββββββββββββββββββββββββββββββββ
Custom workflow for QA:
βββ New
βββ Investigating
βββ Cannot Reproduce
βββ Fixing
βββ Ready for Retest
βββ Verified
βββ Closed
βββ Clear status
TEST STATUS:
βββββββββββββββββββββββββββββββββββββ
Story task checklist:
β Unit tests written
β Integration tests written
β Manual testing done
β Acceptance criteria verified
β Code review passed
βββ Definition of Done
QUALITY DASHBOARD:
βββββββββββββββββββββββββββββββββββββ
βββ Bugs by severity
βββ Bug trend (up/down)
βββ Mean time to fix
βββ Test coverage
βββ Escaped defects
βββ Quality visibility
Best Practices
For Quality Assurance
Anti-Patterns
QA MISTAKES:
β Testing only at end
β Manual regression testing
β No automated tests
β E2E-heavy pyramid
β QA as gatekeeper (not partner)
β Ignoring failed tests
β No post-mortems
β Quality is "QA's job"