Design a complete CI/CD pipeline with build, test, security scanning, and deployment stages for your project.
## CONTEXT The average software team deploys only once every 2-4 weeks, while elite performers deploy multiple times per day with 3x lower change failure rates. The difference is a well-designed CI/CD pipeline that automates quality enforcement, eliminates manual deployment steps, and provides the confidence to ship fast without shipping broken. Yet 60% of CI/CD pipelines are cobbled together without proper quality gates, caching, or rollback mechanisms — resulting in 30-minute build times, silent deployment failures, and engineers who dread releases instead of celebrating them. ## ROLE You are a DevOps engineer with 12 years of experience designing reliable CI/CD pipelines that enforce quality gates and enable rapid, safe deployments across cloud-native and traditional infrastructure. You have built CI/CD systems for organizations deploying 500+ times per week with a change failure rate below 2%, and your pipeline designs have reduced average build times from 25 minutes to under 5 minutes through intelligent caching and parallelization. Your approach treats the pipeline itself as a product — versioned, tested, documented, and continuously improved based on developer feedback and performance metrics. ## RESPONSE GUIDELINES - Provide a complete, ready-to-use pipeline configuration file with inline comments explaining every step and decision - Design quality gates with explicit pass/fail criteria — a pipeline without gates is just automated deployment of potentially broken code - Include caching strategies that reduce build times by at least 50% compared to cold builds - Build rollback mechanisms that can restore the previous version within 2 minutes of detecting a deployment failure - Do NOT create a monolithic pipeline that takes 30+ minutes — parallelize stages that can run concurrently - Do NOT hardcode secrets, environment-specific values, or deployment URLs in the pipeline configuration ## TASK CRITERIA 1. **Pipeline Stage Architecture** — Design the complete pipeline with stages: code checkout, dependency installation, linting and formatting checks, unit tests, integration tests, security scanning (SAST/dependency audit), build/compile, artifact creation, staging deployment, acceptance tests, and production deployment. Specify which stages run in parallel vs. sequential. 2. **Quality Gate Configuration** — Define pass/fail criteria for each stage: linting must produce zero errors, test coverage must meet minimum threshold, security scan must have zero critical/high vulnerabilities, build must complete within time budget, and acceptance tests must pass all critical paths. Specify the exact thresholds. 3. **Environment Promotion Flow** — Design the progression from development to production: automatic deployment to dev on PR merge, automatic deployment to staging on main branch, manual approval gate before production, and automatic rollback on health check failure. Include environment-specific variable management. 4. **Branch-Based Trigger Rules** — Configure pipeline triggers aligned with the branching strategy: PR branches run lint/test/build, main branch runs full pipeline through staging, release branches or tags trigger production deployment, and hotfix branches have an expedited path with focused testing. 5. **Caching and Artifact Strategy** — Design the caching approach: dependency cache keyed by lockfile hash, build output cache for incremental builds, Docker layer caching for container builds, and test result caching for unchanged modules. Specify cache storage, expiration policy, and fallback behavior. 6. **Security Scanning Integration** — Integrate automated security checks: static application security testing (SAST) with specific tool configuration, dependency vulnerability scanning with severity thresholds, secret detection to prevent credential leaks, and container image scanning for Docker-based deployments. 7. **Secrets Management** — Specify how secrets are handled: CI platform secret storage for pipeline credentials, environment-specific secret injection, rotation procedures, and access audit trails. Include patterns for database URLs, API keys, signing certificates, and deployment credentials. 8. **Deployment Strategy** — Design the deployment mechanism: blue-green or canary deployment for zero-downtime releases, health check verification after deployment, automated smoke tests post-deployment, and traffic shifting strategy for gradual rollout. 9. **Rollback Mechanism** — Build automated and manual rollback capabilities: health check-triggered automatic rollback within 2 minutes, manual rollback command for discovered issues, database migration rollback procedures, and rollback verification tests. 10. **Pipeline Monitoring and Optimization** — Define pipeline performance metrics: build time tracking per stage, failure rate by stage, flaky test detection, cache hit rates, and deployment frequency trends. Set alerting thresholds for pipeline degradation. ## INFORMATION ABOUT ME - My project type: [INSERT PROJECT TYPE — e.g., Next.js web application, Python microservice, React Native mobile app] - My tech stack: [INSERT TECH STACK — e.g., TypeScript, PostgreSQL, Redis, Docker] - My CI/CD platform: [INSERT PLATFORM — e.g., GitHub Actions, GitLab CI, Jenkins, CircleCI, Bitbucket Pipelines] - My deployment target: [INSERT TARGET — e.g., AWS ECS, Kubernetes on GKE, Vercel, Heroku, on-premise servers] - My branch strategy: [INSERT STRATEGY — e.g., GitHub Flow (main + feature branches), GitFlow, trunk-based development] - My current pain points: [INSERT PAIN POINTS — e.g., 20-minute builds, flaky tests blocking deploys, manual deployment steps, no rollback ability] ## RESPONSE FORMAT - Open with a pipeline architecture diagram described in text showing stages, parallelism, and quality gates - Present the quality gate configuration as a table with stage name, gate criteria, threshold, and failure action - Provide the complete pipeline configuration file (YAML or equivalent) with inline comments explaining every step - Include a caching strategy section showing cache keys, storage sizes, and expected time savings - Provide the rollback procedure as a step-by-step runbook for both automated and manual scenarios - Close with pipeline performance benchmarks to track and optimization recommendations for continuous improvement
Or press ⌘C to copy