CI/CD Overview
CI/CD (Continuous Integration / Continuous Delivery) is the practice of automating the build, test, and deployment of software so that every code change is validated quickly and shipped reliably.
CI vs CD vs CD
Section titled “CI vs CD vs CD”The three terms are often grouped together but mean different things:
| Term | What It Does | When It Runs |
|---|---|---|
| Continuous Integration (CI) | Merge code frequently; build and test every change automatically | Every push / PR |
| Continuous Delivery (CD) | Keep the application in a deployable state; deploy to staging automatically, production on approval | After CI passes |
| Continuous Deployment (CD) | Deploy every passing change to production automatically — no manual gate | After CI passes |
Continuous Integration Continuous Delivery Continuous Deployment───────────────────── ───────────────────── ───────────────────── push ──► build ──► test ──► deploy staging ──► deploy staging ──► manual approval ──► deploy production ──► deploy production (fully automatic)Most teams practice Continuous Integration + Continuous Delivery — automated builds and tests with a manual approval gate before production. Fully automated Continuous Deployment requires high confidence in tests and monitoring.
Why CI/CD Matters
Section titled “Why CI/CD Matters”| Without CI/CD | With CI/CD |
|---|---|
| ”It works on my machine” | Every change builds in a clean environment |
| Bugs found days or weeks later | Bugs caught in minutes |
| Manual, error-prone deployments | One-click or automatic deployments |
| Infrequent, risky releases | Small, frequent, low-risk releases |
| No one knows if the build is broken | Build status is always visible |
DevOps culture and agile delivery
Section titled “DevOps culture and agile delivery”CI/CD is a technical practice; DevOps is a cultural one: break down walls between development and operations through shared goals, fast feedback, and psychological safety. Agile methods (short iterations, backlog, reviews) pair well with small, frequent releases—but only if pipelines are trustworthy and production is observable. This library’s CI/CD best practices and observability sections support that loop; your org adds ceremonies and roles.
Anatomy of a Pipeline
Section titled “Anatomy of a Pipeline”A CI/CD pipeline is a series of automated steps that run every time code changes:
Trigger Build Test Security Deploy──────── ───── ──── ──────── ──────push to main ──► compile ──► unit tests ──► SAST/lint ──► stagingpull request install deps integration dependency ──► approvalschedule build image e2e scan ──► productionmanual SBOM| Stage | Purpose | Examples |
|---|---|---|
| Trigger | What starts the pipeline | Push, PR, tag, schedule, manual, API call |
| Build | Compile code, install dependencies, create artifacts | npm install && npm run build, docker build |
| Test | Validate correctness | Unit tests, integration tests, end-to-end tests |
| Security | Catch vulnerabilities early | SAST, dependency scanning, container scanning |
| Deploy | Ship to an environment | Deploy to staging, wait for approval, deploy to prod |
CI/CD Tools Landscape
Section titled “CI/CD Tools Landscape”| Tool | Vendor | Config Format | Hosted Runners | Self-Hosted | Strengths |
|---|---|---|---|---|---|
| GitHub Actions | GitHub | YAML (.github/workflows/) | Yes | Yes | Marketplace, tight GitHub integration, OIDC |
| GitLab CI/CD | GitLab | YAML (.gitlab-ci.yml) | Yes (shared) | Yes | All-in-one platform, review apps, Auto DevOps |
| Jenkins | Open source | Groovy (Jenkinsfile) | No | Yes | Extremely flexible, huge plugin ecosystem |
| CircleCI | CircleCI | YAML (.circleci/config.yml) | Yes | Yes | Fast builds, Docker-native, orbs |
| Azure Pipelines | Microsoft | YAML (azure-pipelines.yml) | Yes | Yes | Azure integration, multi-stage, templates |
| AWS CodePipeline | AWS | JSON/Console | Yes (CodeBuild) | No | Native AWS integration, CodeBuild/CodeDeploy |
| ArgoCD | CNCF | Declarative (K8s manifests) | No | Yes (K8s) | GitOps, Kubernetes-native continuous delivery |
| Tekton | CNCF | YAML (K8s CRDs) | No | Yes (K8s) | Kubernetes-native CI/CD, cloud-agnostic |
Choosing a Tool
Section titled “Choosing a Tool”| Scenario | Good Fit |
|---|---|
| Code lives on GitHub | GitHub Actions |
| Code lives on GitLab | GitLab CI/CD |
| Need maximum flexibility / legacy pipelines | Jenkins |
| AWS-native infrastructure | AWS CodePipeline + CodeBuild |
| Azure-native infrastructure | Azure Pipelines |
| Kubernetes deployments (GitOps) | ArgoCD or Flux |
| Multi-cloud / vendor-neutral | GitHub Actions, GitLab CI, or Tekton |
Topics in This Section
Section titled “Topics in This Section”Start with Pipeline Fundamentals for platform-agnostic concepts, then dive into the specific CI/CD platforms (GitHub Actions, GitLab CI), followed by deployment strategies, GitOps, and best practices.
- Git Essentials — Clone, branch, PR workflow, revert, and tags for infra repos.
- Pipeline Fundamentals — Stages, jobs, triggers, artifacts, caching, secrets, environments, and runners.
- GitHub Actions — Workflows, triggers, marketplace, reusable workflows, matrix builds, OIDC, and self-hosted runners.
- GitLab CI/CD —
.gitlab-ci.yml, runners, DAG pipelines, includes, environments, review apps, and Auto DevOps. - Deployment Strategies — Rolling, blue/green, canary, feature flags, and rollback patterns.
- GitOps — Git as the source of truth for deployments with ArgoCD and Flux.
- Best Practices — Pipeline design, security, testing strategy, branch strategies, and DORA metrics.
- Security Scanning (DevSecOps) — SAST, SCA, container scanning, IaC scanning, secret detection, DAST, and SBOM.
- Release Management — Semantic versioning, changelog automation, semantic-release, release-please, and package publishing.
- Jenkins — Jenkinsfile pipelines, agents, plugins, shared libraries, and migration guidance.
- Artifact Management — Container registries, image tagging, lifecycle policies, promotion, and vulnerability scanning.
- Go for Ops — Tiny CLI with Go: modules, build, cross-compile, and when to use Go vs Bash or Python.
- Compliance and Audit — Audit trails, separation of duties, signed commits, change management, and SOC 2/PCI/HIPAA mapping.
Cloud-Specific CI/CD
Section titled “Cloud-Specific CI/CD”For CI/CD services tied to a specific cloud provider, see:
- CI/CD on AWS — CodeBuild, CodeDeploy, CodePipeline, and GitHub Actions with AWS.
- DevOps on Azure — Azure Pipelines, Azure Repos, and GitHub Actions with Azure.
Key Takeaways
Section titled “Key Takeaways”- CI catches bugs early by building and testing every change automatically.
- CD (Delivery) keeps the app deployable; CD (Deployment) ships every passing change to production.
- A typical pipeline: trigger -> build -> test -> security scan -> deploy staging -> approval -> deploy production.
- GitHub Actions and GitLab CI are the two most popular Git-platform CI/CD systems — both covered in this section.
- Cloud-specific CI/CD (AWS CodePipeline, Azure Pipelines) is covered in their respective topic sections.