CI/CD Pipeline Design
Pipeline Stages
1. Build Stage
- Code Checkout
- Dependencies installieren
- Compilation
- Artifact erstellen
2. Test Stage
- Unit Tests
- Integration Tests
- Code Coverage
- Linting
3. Security Stage
- SAST (Static Analysis)
- Dependency Scan
- Secret Detection
- Container Scan
4. Deploy Stage
- Environment Provisioning
- Artifact Deployment
- Smoke Tests
- Health Checks
GitHub Actions Beispiel
name: CI/CD
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v4
with:
name: build
path: dist/
test:
needs: build
runs-on: ubuntu-latest
steps:
- run: npm test
- run: npm run lint
deploy:
needs: test
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- run: ./deploy.sh
Parallele Ausführung
- Unabhängige Jobs parallel
- Matrix Builds
- Test Sharding
- Zeit-Optimierung
Caching
Dependency Cache
- node_modules
- pip cache
- Maven/Gradle cache
Build Cache
- Docker Layer Cache
- Incremental Builds
Artifacts
- Build Outputs
- Test Reports
- Coverage Reports
- Logs
Quality Gates
- Minimum Code Coverage
- No Critical Vulnerabilities
- All Tests Passed
- Linting Passed
Secrets Management
- Environment Variables
- Secret Storage (Vault)
- Rotation
- Least Privilege
Environment Promotion
Development → Staging → Production
↓ ↓ ↓
Auto-deploy Auto-deploy Manual/Auto
Deployment Strategien
| Strategie | Risiko | Rollback |
|---|---|---|
| Rolling | Niedrig | Möglich |
| Blue/Green | Niedrig | Instant |
| Canary | Sehr niedrig | Instant |
| Recreate | Höher | Langsam |
Best Practices
- Fail Fast (schnelle Tests zuerst)
- Idempotente Pipelines
- Immutable Artifacts
- Infrastructure as Code
- Automatische Rollbacks
CFTools Software designt und implementiert CI/CD-Pipelines.