CI/CD Overview
Pipeline stages, deployment strategies, rollback patterns.
Theory
CI/CD (Continuous Integration / Continuous Delivery) is the practice of automatically building, testing, and deploying code on every commit. CI catches integration bugs early by running tests on every push. CD automates the path from passing tests to production — either automatically (Continuous Deployment) or with a manual approval gate (Continuous Delivery).
A typical CI pipeline stages: (1) Lint and static analysis (fast, fails early on syntax/style), (2) Unit tests (isolated, no external dependencies), (3) Build artifact (Docker image, compiled binary, npm bundle), (4) Integration tests (test against real DB/queue in ephemeral environment), (5) Security scan (SAST, dependency vulnerability check), (6) Push artifact to registry.
CD deployment strategies differ in risk and rollback speed. Rolling deploy: replace instances one by one — zero downtime but mixed versions briefly live. Blue/green: maintain two identical environments, switch traffic — instant rollback by pointing LB back. Canary: route 5% of traffic to new version, monitor error rate, gradually shift or rollback. Feature flags: deploy code dark (off), enable per user segment without a new deploy.
Artifact management: build once, deploy many times. The Docker image or binary built in CI is the exact artifact deployed to staging and production. Never rebuild for each environment — rebuilding introduces variability. Tag images with the git commit SHA for traceability: docker build -t app:${GIT_SHA} .
Environment promotion gates: staging must pass smoke tests before promotion to production. Automated gates check error rate, p99 latency, and custom metrics after deploy. If any gate fails, the pipeline blocks promotion and alerts on-call. Manual approval gates require a human sign-off (e.g. for regulated industries or major releases).
Secrets in CI: never hardcode secrets in pipeline configuration or code. Inject via CI platform secret stores (GitHub Actions secrets, GitLab CI variables, Vault dynamic secrets). Rotate secrets at build time using OIDC federation (GitHub Actions → AWS AssumeRole without long-lived keys). Audit secret access logs.
Pipeline as code: define CI/CD pipelines in version-controlled files (.github/workflows/ci.yml, .gitlab-ci.yml, Jenkinsfile). Changes to the pipeline go through the same code review as application changes. Shared pipeline templates (GitHub Actions reusable workflows, GitLab includes) enforce standards across repos without copy-paste.
Architecture Diagram
Users / clients
|
CI/CD Overview
|
Core services
|
Data + observabilityExamples
# CI/CD Overview
# Pipeline stages, deployment strategies, rollback patterns.
# Validate in staging before production rollout.
Interview Questions
What problem does CI/CD Overview solve?
It addresses the core use case described in production architecture — map features to reliability, scale, or velocity outcomes.
Key components of CI/CD Overview?
Identify inputs, outputs, control plane, data plane, and failure domains — interviewers want structured decomposition.
Common production pitfalls?
Misconfiguration, missing observability, no rollback path, and scaling bottlenecks under peak load.
How do you test changes safely?
Staging parity, canary/gradual rollout, automated health checks, and documented rollback.
Metrics to prove success?
Error rate, latency percentiles, throughput, cost, and toil reduction — pick one primary SLO.
Beginner vs advanced concern?
Beginners focus on setup; advanced teams focus on blast radius, security boundaries, and operability at 10× scale.
Best Practices
- Treat CI/CD Overview config as code with review and CI validation.
- Define SLOs and dashboards before production cutover.
- Document rollback and ownership for on-call.
- Use least privilege for credentials.
Common Mistakes
- Adopting CI/CD Overview without measurable success criteria.
- No staging environment mirroring production constraints.
- Missing rollback path during incidents.
- Undocumented on-call expectations.
Cheat Sheet
Practical Exercises
Stand up CI/CD Overview locally or in free tier; document commands and failure recovery.
Introduce misconfiguration; practice detection and rollback under time limit.