Hire me
Pooyan Razian

CI/CD pipeline Best practices 💡

CI/CD pipeline Best practices 💡
ci/cddevopsautomation
Published: May 27, 2024

CI/CD Pipeline Best Practices

Image source

CI/CD best practices

✅ Keep the pipeline fast

✅ Fail fast

For example, if "integration tests" fail more often than "unit tests", run them first.

✅ Do not run everything every time

Do you need to run the linter in PR? Yes

Do you need to run the linter after the merge? Probably not

✅ Avoid "God" pipelines!

Split the workflow when it makes sense.

✅ Do not use long-lasting credentials/tokens.

If possible, use OpenID Connect (OIDC) instead.

Example?

OIDC with GitHub Actions

✅ Avoid magic!

Be descriptive

Write the logic in scripts, makefiles, etc. that you can test locally.

✅ Build once, share the artifacts with the rest of the workflow

✅ Cache large build artifacts & Docker images

✅ Monitor & measure your pipeline

✅ Do not spam everyone for everything

✅ Run in parallel when possible

✅ Ensure Environment Parity

Consistent environments: dev, staging, production, etc.

✅ Automate Database Migrations

✅ Implement Security Scanning & Static Code Analysis

Snyk, Dependabot, SonarQube, etc. (app, IaC)

If you liked the article, feel free to share it with your friends, family, or colleagues. You can also follow me on Medium or LinkedIn.

Copyright & Disclaimer

  • All content provided on this article is for informational and educational purposes only. The author makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.
  • All the content is copyrighted, except the assets and content I have referenced to other people's work, and may not be reproduced on other websites, blogs, or social media. You are not allowed to reproduce, summarize to create derivative work, or use any content from this website under your name. This includes creating a similar article or summary based on AI/GenAI. For educational purposes, you may refer to parts of the content, and only refer, but you must provide a link back to the original article on this website. This is allowed only if your content is less than 10% similar to the original article.
  • While every care has been taken to ensure the accuracy of the content of this website, I make no representation as to the accuracy, correctness, or fitness for any purpose of the site content, nor do I accept any liability for loss or damage (including consequential loss or damage), however, caused, which may be incurred by any person or organization from reliance on or use of information on this site.
  • The contents of this article should not be construed as legal advice.
  • Opinions are my own and not the views of my employer.
  • English is not my mother-tongue language, so even though I try my best to express myself correctly, there might be a chance of miscommunication.
  • Links or references to other websites, including the use of information from 3rd-parties, are provided for the benefit of people who use this website. I am not responsible for the accuracy of the content on the websites that I have put a link to and I do not endorse any of those organizations or their contents.
  • If you have any queries or if you believe any information on this article is inaccurate, or if you think any of the assets used in this article are in violation of copyright, please contact me and let me know.

CI/CD pipeline Best practices 💡

CI/CD pipeline Best practices 💡
ci/cddevopsautomation
Published: May 27, 2024

CI/CD Pipeline Best Practices

Image source

CI/CD best practices

✅ Keep the pipeline fast

✅ Fail fast

For example, if "integration tests" fail more often than "unit tests", run them first.

✅ Do not run everything every time

Do you need to run the linter in PR? Yes

Do you need to run the linter after the merge? Probably not

✅ Avoid "God" pipelines!

Split the workflow when it makes sense.

✅ Do not use long-lasting credentials/tokens.

If possible, use OpenID Connect (OIDC) instead.

Example?

OIDC with GitHub Actions

✅ Avoid magic!

Be descriptive

Write the logic in scripts, makefiles, etc. that you can test locally.

✅ Build once, share the artifacts with the rest of the workflow

✅ Cache large build artifacts & Docker images

✅ Monitor & measure your pipeline

✅ Do not spam everyone for everything

✅ Run in parallel when possible

✅ Ensure Environment Parity

Consistent environments: dev, staging, production, etc.

✅ Automate Database Migrations

✅ Implement Security Scanning & Static Code Analysis

Snyk, Dependabot, SonarQube, etc. (app, IaC)

If you liked the article, feel free to share it with your friends, family, or colleagues. You can also follow me on Medium or LinkedIn.

Copyright & Disclaimer

  • All content provided on this article is for informational and educational purposes only. The author makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site.
  • All the content is copyrighted, except the assets and content I have referenced to other people's work, and may not be reproduced on other websites, blogs, or social media. You are not allowed to reproduce, summarize to create derivative work, or use any content from this website under your name. This includes creating a similar article or summary based on AI/GenAI. For educational purposes, you may refer to parts of the content, and only refer, but you must provide a link back to the original article on this website. This is allowed only if your content is less than 10% similar to the original article.
  • While every care has been taken to ensure the accuracy of the content of this website, I make no representation as to the accuracy, correctness, or fitness for any purpose of the site content, nor do I accept any liability for loss or damage (including consequential loss or damage), however, caused, which may be incurred by any person or organization from reliance on or use of information on this site.
  • The contents of this article should not be construed as legal advice.
  • Opinions are my own and not the views of my employer.
  • English is not my mother-tongue language, so even though I try my best to express myself correctly, there might be a chance of miscommunication.
  • Links or references to other websites, including the use of information from 3rd-parties, are provided for the benefit of people who use this website. I am not responsible for the accuracy of the content on the websites that I have put a link to and I do not endorse any of those organizations or their contents.
  • If you have any queries or if you believe any information on this article is inaccurate, or if you think any of the assets used in this article are in violation of copyright, please contact me and let me know.
Copyright © 2025 - pooyan.info
[x]
Using cookies and analyzing IP addresses allow us to deliver and improve our web content and to provide you with a better experience. That means this website uses cookies and collects IP address for the purposes mentioned in the cookie policy.

By accepting this, I agree that this website may use cookies and my IP address to collect individual statistics and to provide me with personalized content, offers, and ads subject to the privacy policies and the terms of service. This website may also use third-party services for this purpose. I am aware that I can revoke my consent at any time by either opening this modal again or visiting the opt-out page.
Yes, I agree.
No, thanks!