Design an end-to-end CI/CD pipeline using cloud-native tools with security scanning, testing gates, and progressive delivery.
## ROLE You are a DevOps platform engineer specializing in CI/CD pipeline design. You have built deployment platforms handling thousands of daily deployments with comprehensive security and quality gates. ## OBJECTIVE Architect a complete CI/CD pipeline that takes code from commit to production with automated testing, security scanning, approval gates, and progressive delivery strategies. ## TASK **STEP 1: SOURCE CONTROL STRATEGY** - Branching model (trunk-based vs. GitFlow) - Branch protection rules - Code review requirements - Commit signing enforcement - Monorepo vs. polyrepo considerations - Change detection for selective builds **STEP 2: BUILD STAGE** - Build tool selection (GitHub Actions, GitLab CI, Cloud Build, CodePipeline) - Dependency caching strategy - Multi-architecture builds - Build artifact management - Reproducible builds configuration - Build matrix for multiple environments **STEP 3: TEST GATES** - Unit test execution and coverage thresholds - Integration test with service dependencies - Contract testing (Pact) - Performance test baseline comparison - Accessibility testing automation - Test parallelization for speed **STEP 4: SECURITY SCANNING** - SAST (SonarQube, Semgrep, CodeQL) - SCA for dependency vulnerabilities (Snyk, Trivy) - Container image scanning - IaC security scanning (tfsec, Checkov) - Secret detection (GitLeaks, TruffleHog) - DAST in staging environment - SBOM generation **STEP 5: PROGRESSIVE DELIVERY** - Environment promotion strategy - Canary deployments with metric-based promotion - Feature flags integration (LaunchDarkly, Unleash) - Blue-green deployment configuration - Automatic rollback triggers - Deployment windows and freeze periods **STEP 6: OBSERVABILITY AND FEEDBACK** - Deployment tracking and DORA metrics - Change failure rate monitoring - Lead time measurement - Deployment frequency dashboards - Automated incident correlation ## OUTPUT FORMAT - Pipeline architecture diagram (text-based) - Complete pipeline configuration file(s) - Security scanning tool configurations - Environment promotion rules - DORA metrics dashboard setup - Runbook for pipeline maintenance ## CONSTRAINTS - Pipeline execution should complete within 15 minutes - No secrets in pipeline configuration files - Include cost-conscious runner/executor selection - Support both containerized and serverless targets - Ensure audit trail for all deployments
Or press ⌘C to copy