Lesson 11
Automate your path from commit to production with confidence
Continuous Integration is the practice where every commit triggers an automated build and test cycle. Developers integrate their work frequently โ at least once a day โ and each integration is verified by an automated pipeline.
If it hurts, do it more often. Integrating code daily (or more) catches conflicts and bugs when they are small and cheap to fix, not after weeks of divergent development.
CD extends CI by automating the release process. There are two flavors:
Every change that passes all pipeline stages can be deployed to production at any time. A human makes the final decision to release.
This is the safer, more common approach. It means your main branch is always in a releasable state.
Every change that passes all pipeline stages is automatically deployed to production with no human intervention.
This requires extremely mature testing and monitoring. Companies like Netflix and Amazon deploy thousands of times per day using this approach.
A well-designed CI/CD pipeline flows through these stages in order. If any stage fails, the pipeline stops and notifies the team.
| Stage | What Happens | Failure Means |
|---|---|---|
| Build | Compile code, install dependencies, create artifact | Syntax errors, missing dependencies |
| Test | Run unit, integration, and E2E tests | Broken functionality, regressions |
| Analyze | Lint, code coverage, code complexity metrics | Quality standards not met |
| Security | SAST, dependency scanning, secret detection | Vulnerabilities found |
| Deploy | Push to staging or production environment | Infrastructure or config issues |
Quality gates are automated checkpoints that must pass before code can progress. They prevent bad code from ever reaching production.
Teams that allow "just this once" bypasses erode trust in the pipeline. If a gate blocks you, fix the issue โ don't remove the gate.
Code travels through multiple environments before reaching users. Each environment serves a different purpose.
| Environment | Purpose | Who Uses It |
|---|---|---|
| Local | Developer's machine. Fast iteration, debugging | Individual developer |
| CI | Automated build & test. Clean-room verification | Pipeline (automated) |
| Staging | Production mirror. Smoke tests, QA, demos | QA team, Product Owner |
| Production | Live environment serving real users | End users |
Your CI/CD configuration should live in your repository, version-controlled alongside your code. This is called "Pipeline as Code."
# .github/workflows/ci.yml
name: CI Pipeline
on: [push, pull_request]
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm ci
- run: npm run lint
- run: npm test -- --coverage
- run: npm run build
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm audit --audit-level=high
- uses: github/codeql-action/analyze@v3When deploying to production, users should never experience an outage. Here are three common strategies:
Run two identical production environments. Deploy to the idle one, then switch traffic.
| Phase | Traffic | Blue | Green |
|---|---|---|---|
| Before | All to Blue | v1.0 โ | Idle |
| Deploy | All to Blue | v1.0 | v2.0 (deploying) |
| Switch | All to Green | v1.0 (rollback ready) | v2.0 โ |
Pros: Instant rollback, zero downtime. Cons: Requires double infrastructure.
Gradually replace instances one at a time. Old and new versions run simultaneously during the rollout.
| Step | Instance 1 | Instance 2 | Instance 3 | Instance 4 | Progress |
|---|---|---|---|---|---|
| Step 1 | v1 | v1 | v1 | v1 | All old |
| Step 2 | v2 | v1 | v1 | v1 | 25% new |
| Step 3 | v2 | v2 | v1 | v1 | 50% new |
| Step 4 | v2 | v2 | v2 | v2 | All new |
Pros: No extra infrastructure needed. Cons: Rollback is slower, version mixing can cause issues.
Route a small percentage of traffic to the new version. Monitor, then increase gradually.
| Phase | Traffic to v2 | Traffic to v1 | Status |
|---|---|---|---|
| Phase 1 | 5% | 95% | Monitor... |
| Phase 2 | 25% | 75% | Looking good... |
| Phase 3 | 50% | 50% | Stable... |
| Phase 4 | 100% | 0% | Complete! |
Pros: Catches issues early with minimal user impact. Cons: Requires traffic routing infrastructure.
Every deployment must be reversible. If something goes wrong in production, you need to be able to return to the last known good state in minutes, not hours.
The agile workflow provides dedicated commands for shipping: /agile-ship-deploy for deployments, /agile-ship-rollback for reversing a bad deploy, /agile-ship-release for cutting releases, and /agile-ship-changelog for generating changelogs from your sprint work.
A CI/CD pipeline is your safety net. It catches errors automatically, enforces standards consistently, and gives the team confidence that what reaches production has been verified at every step.
What must be true before a PR can be merged?