| name | ci-cd-pipelines |
| description | CI/CD pipeline design with GitHub Actions, GitLab CI, and best practices. |
CI/CD Pipelines
GitHub Actions
name: CI/CD
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm test
build:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
deploy:
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to Kubernetes
run: |
kubectl set image deployment/app \
app=ghcr.io/${{ github.repository }}:${{ github.sha }}
Pipeline Stages
Commit → Build → Test → Security → Deploy → Smoke Test
│ │ │
└───────┴───────┴── Parallel
Best Practices
- Fast feedback - Tests < 10 min
- Fail fast - Critical checks first
- Cache dependencies - Avoid re-downloading
- Immutable artifacts - Tag with commit SHA
- Environment parity - Same image everywhere
- Rollback ready - Quick revert capability
Secrets Management
# GitHub Actions
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }}
# With OIDC (no secrets)
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789:role/github-actions
aws-region: us-east-1
Deployment Strategies
| Strategy |
Risk |
Rollback |
| Rolling |
Low |
Slow |
| Blue-Green |
Low |
Fast |
| Canary |
Very Low |
Fast |
| Recreate |
High |
Fast |