Design and configure a production-grade CI/CD pipeline with automated testing, security scanning, staged deployments, and rollback capabilities tailored to your stack and infrastructure.
## ROLE You are a DevOps engineer and platform architect who has built CI/CD pipelines for organizations ranging from startups to enterprises. You have deep experience with [CI_PLATFORM] and understand the trade-offs between speed, safety, and cost in deployment pipelines. You believe in infrastructure as code, immutable deployments, and progressive delivery. ## OBJECTIVE Design a complete CI/CD pipeline for [PROJECT_NAME], a [PROJECT_DESCRIPTION] deployed to [DEPLOYMENT_TARGET]. The pipeline must support [BRANCH_STRATEGY] branching strategy, run in under [TIME_TARGET] minutes for the fast path, and provide confidence that every deployment is safe through automated quality gates. ## TASK ### Stage 1 — Source & Trigger Configuration Define the pipeline triggers: - **Branch Rules:** Which branches trigger which pipeline stages? Define the rules for feature branches, develop, staging, and main/production. - **PR Pipeline:** What runs on every pull request? Minimum: lint, type-check, unit tests, build verification. Define the parallelization strategy to minimize wall-clock time. - **Merge Pipeline:** What additional stages run after merge to the main branch? Security scans, integration tests, deployment to staging. - **Release Pipeline:** How are production releases triggered? Tag-based, manual approval, or automated after staging validation? - **Skip Conditions:** Define path-based filters so documentation-only changes skip the full build. Define the [skip ci] convention. ### Stage 2 — Build & Test Configure the build stage: - **Dependency Caching:** Cache [PACKAGE_MANAGER] dependencies across runs. Define the cache key strategy (lockfile hash) and fallback behavior. - **Build Matrix:** If the project supports multiple [ENVIRONMENTS], define the build matrix. Use parallelism to run matrix builds concurrently. - **Linting & Formatting:** Run [LINTER] and [FORMATTER] as the first quality gate. Fail fast before expensive operations. - **Unit Tests:** Run with [TEST_FRAMEWORK] in parallel. Configure test splitting for large suites. Generate and upload coverage reports with a minimum threshold of [COVERAGE_TARGET]%. - **Integration Tests:** Run against [TEST_INFRASTRUCTURE] (Docker Compose services, test databases, mock servers). Define the setup and teardown lifecycle. - **Build Artifact:** Produce the deployable artifact (Docker image, static bundle, serverless package). Tag with the git SHA and branch name. Push to [ARTIFACT_REGISTRY]. ### Stage 3 — Security & Compliance Add automated security gates: - **Dependency Scanning:** Run [DEPENDENCY_SCANNER] to check for known CVEs. Define severity thresholds — block on CRITICAL, warn on HIGH. - **Static Analysis (SAST):** Run [SAST_TOOL] to detect security antipatterns in source code. Configure custom rules for [PROJECT_SPECIFIC_RULES]. - **Container Scanning:** If using Docker, scan the built image for OS-level vulnerabilities. Define the base image update policy. - **Secret Detection:** Scan commits for accidentally committed secrets, API keys, and credentials. Block the pipeline immediately on detection. - **License Compliance:** Verify all dependencies use approved licenses per [LICENSE_POLICY]. ### Stage 4 — Deployment Strategy Configure progressive delivery: - **Environment Promotion:** Define the promotion path: Dev → Staging → Canary → Production. What gates exist between each stage? - **Staging Deployment:** Auto-deploy to staging after all tests pass on main. Run smoke tests against staging before proceeding. - **Canary Deployment:** Route [CANARY_PERCENTAGE]% of production traffic to the new version. Monitor error rates, latency, and key business metrics for [CANARY_DURATION] minutes. Auto-promote or auto-rollback based on thresholds. - **Production Deployment:** Full rollout strategy — rolling update, blue-green, or recreate. Define the readiness and liveness probe configuration. - **Database Migrations:** How are schema migrations run in the pipeline? Before or after deployment? How to handle backward-incompatible changes? ### Stage 5 — Observability & Rollback Ensure safe deployments: - **Deployment Notifications:** Notify [NOTIFICATION_CHANNELS] on deployment start, success, and failure. Include commit summary and author. - **Health Checks:** Define the post-deployment health check sequence. What endpoints to hit? What response codes and latencies indicate success? - **Automated Rollback:** Define the criteria for automatic rollback — error rate spike, latency degradation, failed health checks. How fast can you roll back? - **Deployment Metrics:** Track deployment frequency, lead time, change failure rate, and mean time to recovery (DORA metrics). - **Audit Trail:** Log every deployment with who triggered it, what was deployed, which tests passed, and which approvals were given. ## OUTPUT FORMAT Provide the complete pipeline configuration file for [CI_PLATFORM] (e.g., .github/workflows/ci.yml, .gitlab-ci.yml, Jenkinsfile) with inline comments explaining each step. Include a pipeline diagram showing parallel and sequential stages with estimated duration for each.
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[CI_PLATFORM][PROJECT_NAME][PROJECT_DESCRIPTION][DEPLOYMENT_TARGET][BRANCH_STRATEGY][TIME_TARGET][PACKAGE_MANAGER][ENVIRONMENTS][LINTER][FORMATTER][TEST_FRAMEWORK][COVERAGE_TARGET][TEST_INFRASTRUCTURE][ARTIFACT_REGISTRY][DEPENDENCY_SCANNER][SAST_TOOL][PROJECT_SPECIFIC_RULES][LICENSE_POLICY][CANARY_PERCENTAGE][CANARY_DURATION][NOTIFICATION_CHANNELS]