Continuous Integration and Continuous Delivery/Deployment — practices that automate code integration, testing, and delivery to production. Foundation of modern software engineering.
CI/CD are two complementary practices that automate the path from code commit to production. Together they eliminate "integration hell" and enable frequent releases with confidence.
Integrate code frequently (at least daily) to a shared branch, with automatic verification.
commit → build → lint → unit tests → integration tests → artifact
# GitHub Actions example
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- run: pnpm install --frozen-lockfile
- run: pnpm lint
- run: pnpm test
- run: pnpm buildTwo distinct concepts often confused:
Code can go to production at any time — deploy is manual but the process is automated.
CI → auto staging → manual approval → production
Code goes to production automatically if it passes all checks — no human intervention.
CI → auto staging → auto production
| Aspect | Delivery | Deployment |
|---|---|---|
| Deploy to production | Manual (button) | Automatic |
| Typical frequency | Daily/weekly | Multiple times per day |
| Requires | Reliable tests | Tests + feature flags + monitoring |
| Risk | Lower | Requires maturity |
┌─────────────────────────────────────────────────────────────────┐
│ CI/CD Pipeline │
├─────────┬─────────┬─────────┬─────────┬─────────┬──────────────┤
│ Build │ Test │ Scan │ Package │ Deploy │ Monitor │
├─────────┼─────────┼─────────┼─────────┼─────────┼──────────────┤
│ compile │ unit │ SAST │ docker │ staging │ logs │
│ lint │ integ │ DAST │ helm │ canary │ metrics │
│ deps │ e2e │ secrets │ artifact│ prod │ alerts │
└─────────┴─────────┴─────────┴─────────┴─────────┴──────────────┘
Two identical environments. Switch traffic instantly.
┌─────────┐
Users ───┤ Router ├──► Blue (v1) ← active
└────┬────┘
└──────► Green (v2) ← standby/new
Rollback: switch router back to Blue.
Send small percentage of traffic to new version.
Users ──┬── 95% ──► v1 (stable)
└── 5% ──► v2 (canary)
Gradually increase if metrics are good.
Update instances one by one.
[v1] [v1] [v1] [v1] → [v2] [v1] [v1] [v1] → [v2] [v2] [v2] [v2]
The four DevOps Research and Assessment metrics:
| Metric | Elite | High | Medium | Low |
|---|---|---|---|---|
| Deployment frequency | On-demand (multiple/day) | Daily-weekly | Weekly-monthly | Monthly+ |
| Lead time for changes | < 1 hour | 1 day - 1 week | 1 week - 1 month | 1 month+ |
| Change failure rate | 0-15% | 16-30% | 31-45% | 46%+ |
| Time to restore | < 1 hour | < 1 day | < 1 week | 1 week+ |
| Category | Tools |
|---|---|
| CI/CD Platforms | GitHub Actions, GitLab CI, Jenkins, CircleCI, Travis CI |
| Artifact Registry | Docker Hub, GitHub Packages, AWS ECR, Google Artifact Registry |
| Infrastructure | Terraform, Pulumi, AWS CDK, CloudFormation |
| Kubernetes | ArgoCD, Flux, Helm, Kustomize |
| Testing | Jest, Playwright, Cypress, k6 |
| Security | Snyk, Trivy, SonarQube, OWASP ZAP |
| Monitoring | Datadog, Grafana, Prometheus, New Relic |
CI/CD is the most important velocity multiplier in software engineering. Without CI, bugs accumulate and merges are painful. Without CD, approved code waits days or weeks to reach production. DORA metrics consistently demonstrate that teams with mature CI/CD deliver faster and with greater stability.
Collaborative development platform built on Git. More than repository hosting — it's the central hub for code review, CI/CD, project management, and open source collaboration.
Minimalist branching model designed for continuous deployment. Only two elements — main and feature branches — with PRs as the integration point and immediate deploy after merge.
Culture and set of practices that unify development (Dev) and operations (Ops) to deliver software with greater speed, quality, and reliability. It's not a role — it's a way of working.
Development approach leveraging cloud advantages: containers, microservices, immutable infrastructure, and declarative automation for scalable and resilient systems.
Practices, tools, and metrics for maintaining readable, maintainable, testable, and defect-free code over time.
Repositories for storing, versioning, and distributing container images, from public registries like Docker Hub to private registries like ECR.
Serverless GitHub App that auto-approves pull requests after CI passes, with optional AI code review via Amazon Bedrock. Five repositories: TypeScript/Probot app, AWS Terraform module (Lambda + API Gateway + Secrets Manager + SQS DLQ), GitHub Terraform module (webhooks), deployment infra, and test repo.
Three-agent system that automates the bilingual MDX content lifecycle: deterministic QA auditing, surgical fixes, and full upgrades — all orchestrated with Strands Agents, Claude Sonnet 4 on Amazon Bedrock, and GitHub Actions with a diamond workflow pattern.
Automated process of identifying known vulnerabilities in code, dependencies, containers, and infrastructure before they reach production.
Approaches and testing levels for validating software works correctly, from unit tests to end-to-end tests and testing in production.
HashiCorp's Infrastructure as Code tool that enables defining, provisioning, and managing multi-cloud infrastructure through declarative HCL files.
Automated tools that verify style, detect potential errors, and format code consistently, eliminating style debates and improving quality.
Practice of defining and managing infrastructure through versioned configuration files instead of manual processes. Foundation of modern operations automation.
Recommended, pre-configured paths for common development tasks incorporating best practices, reducing cognitive load for teams.
Operational practice using Git as single source of truth for infrastructure and configuration, with automatic reconciliation between desired and actual state.
GitHub's native CI/CD platform. Declarative YAML workflows that automate build, test, deploy, and any development lifecycle task — directly from the repository.
Technique enabling activation or deactivation of features in production without deploying new code, enabling progressive releases and experimentation.
Integration of security practices throughout the software development lifecycle, automating security controls in the CI/CD pipeline.
Set of technical and cultural practices that implement DevOps principles — from Infrastructure as Code to blameless post-mortems. The "how" behind the philosophy.
Discipline focused on optimizing developer productivity, satisfaction, and effectiveness through well-designed tools, processes, and environments.
Specification for defining reproducible development environments in containers, eliminating 'works on my machine' problems and accelerating onboarding.
AWS open-source framework for building serverless applications with simplified CloudFormation syntax, CLI for local development, and integrated deployment.
Practice of designing and developing digital products usable by all people, including those with visual, auditory, motor, or cognitive disabilities.