5 min read • Guide 425 of 877
CI/CD Pipeline Best Practices
CI/CD pipelines automate the path from code to production. Good pipelines are fast, reliable, and catch issues early. Bad pipelines are slow, flaky, and create deployment fear. This guide covers building effective pipelines.
Pipeline Stages
| Stage | Purpose | Speed |
|---|---|---|
| Build | Compile code | < 2 min |
| Test | Verify correctness | < 5 min |
| Security | Find vulnerabilities | < 3 min |
| Deploy | Ship to environment | < 5 min |
Pipeline Design
Essential Stages
CI/CD PIPELINE DESIGN
═════════════════════
BASIC PIPELINE:
─────────────────────────────────────
build → test → deploy
Simple start
COMPREHENSIVE PIPELINE:
─────────────────────────────────────
┌─────────────────────────────────────┐
│ CI │
├─────────────────────────────────────┤
│ checkout → build → lint → test │
│ │ │ │
│ └── security scan ───┘ │
└─────────────┬───────────────────────┘
│
▼ artifact
┌─────────────────────────────────────┐
│ CD │
├─────────────────────────────────────┤
│ deploy staging → smoke → approve │
│ │ │ │
│ ▼ ▼ │
│ integration tests deploy prod │
│ │ │
│ smoke tests │
└─────────────────────────────────────┘
STAGE DETAILS:
─────────────────────────────────────
Build:
├── Compile/transpile code
├── Install dependencies
├── Create build artifact
└── Fast, parallelizable
Lint:
├── Code style checks
├── Static analysis
├── Format verification
└── Catch issues early
Test:
├── Unit tests
├── Integration tests
├── E2E tests (if fast)
└── Confidence in correctness
Security:
├── Dependency scan
├── SAST (static analysis)
├── Secret detection
└── Security gates
Pipeline Optimization
Making It Fast
PIPELINE OPTIMIZATION
═════════════════════
PARALLELIZATION:
─────────────────────────────────────
Run independent jobs in parallel:
┌── lint
build ──┼── unit tests ──► deploy
└── security scan
Instead of:
build → lint → tests → security → deploy
CACHING:
─────────────────────────────────────
Cache:
├── Dependencies (node_modules, etc.)
├── Build artifacts
├── Docker layers
├── Test fixtures
├── Huge time savings
└── Cache aggressively
FAST FEEDBACK:
─────────────────────────────────────
Order by speed and importance:
├── Lint first (fast, catches common issues)
├── Unit tests next (fast, high value)
├── Integration tests (slower)
├── E2E tests (slowest)
├── Fail fast
└── Quick feedback loop
SPLIT PIPELINES:
─────────────────────────────────────
PR pipeline (fast):
├── Build
├── Lint
├── Unit tests
├── Security basics
└── Quick feedback
Main branch (comprehensive):
├── Full test suite
├── Complete security
├── Deploy to staging
├── Integration tests
└── Thorough verification
Reliability
Stable Pipelines
PIPELINE RELIABILITY
════════════════════
FLAKY TESTS:
─────────────────────────────────────
Problem:
├── Tests pass sometimes, fail others
├── Erodes trust in pipeline
├── People ignore failures
├── Pipeline becomes useless
└── Serious issue
Fix:
├── Treat as high-priority bug
├── Quarantine while fixing
├── Don't just retry
├── Track flaky rate
├── Root cause analysis
└── Zero tolerance
ENVIRONMENT CONSISTENCY:
─────────────────────────────────────
├── Docker for consistent builds
├── Pinned dependency versions
├── Reproducible environments
├── Same tooling everywhere
└── No "works on my machine"
FAILURE HANDLING:
─────────────────────────────────────
├── Clear error messages
├── Artifacts on failure
├── Easy to reproduce locally
├── Rollback capability
├── Graceful degradation
└── Debuggable failures
MONITORING:
─────────────────────────────────────
Track:
├── Pipeline duration trend
├── Success rate
├── Flaky test rate
├── Stage bottlenecks
├── Data-driven improvement
└── Pipeline metrics
Deployment Strategies
Safe Deployments
DEPLOYMENT STRATEGIES
═════════════════════
BLUE-GREEN:
─────────────────────────────────────
├── Two identical environments
├── Deploy to inactive (green)
├── Switch traffic
├── Old (blue) is rollback
├── Fast rollback
└── Zero downtime
CANARY:
─────────────────────────────────────
├── Deploy to small % of traffic
├── Monitor for issues
├── Gradually increase %
├── Roll back if problems
├── Progressive rollout
└── Controlled risk
ROLLING:
─────────────────────────────────────
├── Update instances one by one
├── Always some healthy
├── Gradual transition
├── Natural for k8s/containers
└── Incremental update
FEATURE FLAGS:
─────────────────────────────────────
├── Deploy code disabled
├── Enable via flag
├── Separate deploy from release
├── Instant rollback
└── Decoupled deployment
GitScrum Integration
Tracking Pipeline
GITSCRUM FOR CI/CD
══════════════════
DEPLOYMENT TASKS:
─────────────────────────────────────
├── Track deployment-related work
├── Label: infrastructure
├── Pipeline improvements
├── Visible in sprint
└── First-class work
RELEASE TRACKING:
─────────────────────────────────────
├── Link commits to tasks
├── What shipped when
├── Release notes
├── Traceability
└── Connected
INCIDENT RESPONSE:
─────────────────────────────────────
├── Pipeline failures as tasks
├── Track resolution time
├── Post-mortem documentation
├── Improvement actions
└── Continuous improvement
Best Practices
For CI/CD Pipelines
- Fast feedback — Under 10 min CI
- Reliable — Fix flaky tests
- Parallelized — Run jobs concurrently
- Cached — Reuse work
- Progressive deployment — Canary/blue-green
Anti-Patterns
PIPELINE MISTAKES:
✗ Slow pipelines (> 30 min)
✗ Ignoring flaky tests
✗ No caching
✗ Sequential when parallel possible
✗ Manual deployment steps
✗ No rollback plan
✗ Deploy straight to prod
✗ No monitoring