Complete CI/CD Practice: GitHub Actions, GitLab CI, and Modern DevOps Pipeline Design
CI’s core practice: every code commit automatically triggers builds and tests, quickly surfacing integration errors. CD further auto-deploys code that passes tests to production. Together they transform “deployment” from a high-risk large manual operation to a low-risk frequent automated one — one of the core characteristics of high-performing engineering teams identified in DORA research.
GitHub Actions Core Concepts
GitHub Actions is GitHub’s built-in CI/CD platform, using YAML files (stored in `.github/workflows/`) to define workflows. Core concepts: Workflow (automation triggered by events); Job (work unit running in parallel or serial on an isolated Runner); Step (concrete action in a Job — shell command or Action); Action (reusable step component, available from GitHub Marketplace).
A typical Node.js CI workflow:
“`yaml
name: CI
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
– uses: actions/checkout@v4
– uses: actions/setup-node@v4
with:
node-version: ’20’
cache: ‘npm’
– run: npm ci
– run: npm test
– run: npm run build
“`
High-Quality Pipeline Design Principles
Fast feedback: tests should complete within 5–10 minutes; pipelines exceeding 15 minutes significantly impede iteration speed. Strategies: parallelize tests, use caching (`actions/cache` for npm/pip/maven dependencies), move slow tests to non-blocking scheduled jobs.
Secure secrets management: API keys and database passwords in GitHub Secrets or GitLab CI/CD Variables, injected via environment variables — never hardcoded in workflow YAML or code.
Environment tiering: dev (auto-deploy on every push) → staging (auto-deploy on merge to main) → production (manual approval required). GitHub Environments provides Protection Rules supporting this pattern.




