cicd
SKILL.md
CI/CD Pipeline Patterns and Deployment Strategies
Continuous Integration, Continuous Delivery, and Continuous Deployment form a spectrum of automation practices. Each builds on the previous one, progressively reducing manual intervention between a code change and its availability to users.
CI vs CD vs CD
| Practice | What It Automates | Gate to Next Stage |
|---|---|---|
| Continuous Integration | Merging, building, and testing code on every commit | Automated tests must pass before merge |
| Continuous Delivery | Packaging and promoting artifacts through environments | Manual approval before production deployment |
| Continuous Deployment | Full path from commit to production without manual steps | Automated quality gates replace human approval |
Continuous Integration is the foundation. Without reliable, fast integration, neither delivery nor deployment is sustainable. Start here and expand outward.
Pipeline Design Principles
A well-designed pipeline gives developers fast, trustworthy feedback while preventing broken code from reaching users.
| Principle | Meaning |
|---|---|
| Fast feedback | Run the cheapest, fastest checks first -- lint and unit tests before integration tests and builds |
| Fail early | Stop the pipeline at the first failure -- do not waste time on downstream stages when upstream checks fail |
| Reproducibility | Every pipeline run with the same inputs must produce the same outputs -- pin dependencies, use immutable base images |
| Idempotency | Re-running a pipeline stage should be safe and produce the same result |
| Isolation | Each pipeline run operates in a clean environment -- no shared state between runs |
| Security by default | Secrets are injected at runtime, never stored in source -- scan for vulnerabilities early |
Deployment Strategies Overview
| Strategy | Downtime | Rollback Speed | Infrastructure Cost | Complexity | Best For |
|---|---|---|---|---|---|
| Blue-Green | Zero | Instant (traffic switch) | 2x production | Low | Major releases, risk-averse teams |
| Canary | Zero | Fast (route traffic back) | 1x + small canary slice | Medium | Data-driven teams, high-traffic services |
| Rolling | Zero (if surge configured) | Slow (reverse rollout) | 1x (reuses existing) | Low | Stateless services, frequent small changes |
| Recreate | Yes (brief) | Slow (full redeploy) | 1x | Minimal | Dev/staging environments, stateful apps that cannot run two versions |
| Feature Flags | Zero | Instant (toggle off) | 1x | Medium | Progressive rollout, A/B testing, trunk-based development |
No single strategy fits every situation. Many teams combine approaches -- for example, canary releases with feature flags for granular control over who sees new functionality.
Environment Management Overview
A typical promotion path moves artifacts through increasingly production-like environments:
dev -> staging -> production
Key principles:
- Artifact immutability -- Build once, deploy the same artifact everywhere. Never rebuild for each environment.
- Configuration separation -- Environment-specific values (database URLs, API keys, feature toggles) live outside the artifact.
- Parity -- Staging should mirror production as closely as possible in infrastructure, data shape, and scale.
- Ephemeral environments -- Spin up isolated environments per pull request for testing and review, then tear them down automatically.
Quick Reference: Pipeline Anti-Patterns
| Anti-Pattern | Problem | Fix |
|---|---|---|
| Rebuilding artifacts per environment | Different binary in staging vs production | Build once, promote the same artifact |
| Long-running monolithic pipeline | Slow feedback, developers context-switch | Parallelize stages, split into focused pipelines |
| Secrets in source control | Credential leaks, compliance violations | Use a secrets manager, inject at runtime |
| Manual environment setup | Configuration drift, "works on my machine" | Infrastructure as code, containerized builds |
| No rollback plan | Extended outages when deployments fail | Automate rollback, test it regularly |
| Skipping staging | Production-only bugs discovered too late | Always promote through at least one pre-production environment |
Reference Files
| Reference | Contents |
|---|---|
| Pipeline Design | Pipeline stages, parallelization, caching, monorepo patterns, secrets management with multi-format examples |
| Deployment Strategies | Blue-green, canary, rolling deployments, feature flags, zero-downtime migrations, rollback strategies |
| Environment Management | Environment promotion, infrastructure as code, ephemeral environments, artifact versioning, health checks |
Integration with Other Skills
| Situation | Recommended Skill |
|---|---|
| Monitoring and observability for deployments | Install knowledge-virtuoso from krzysztofsurdy/code-virtuoso for microservices patterns (circuit breakers, health checks) |
| Security scanning in pipelines | Install knowledge-virtuoso from krzysztofsurdy/code-virtuoso for security practices (OWASP, secure coding) |
| Testing strategy for CI pipelines | Install knowledge-virtuoso from krzysztofsurdy/code-virtuoso for testing pyramid and test design |
| API versioning during deployments | Install knowledge-virtuoso from krzysztofsurdy/code-virtuoso for API design and evolution strategies |
Weekly Installs
10
Repository
krzysztofsurdy/…virtuosoGitHub Stars
13
First Seen
9 days ago
Security Audits
Installed on
opencode10
gemini-cli10
github-copilot10
codex10
kimi-cli10
cursor10