CI/CD is not only automation. It is a release contract between engineering, operations and the business. Every run should answer what changed, whether it is safe and how to roll back.
Useful pipeline stages
- Install dependencies from locked versions.
- Run linting, type checks and automated tests.
- Build immutable artifacts.
- Deploy to staging before production.
- Run smoke checks and record release notes.
name: release
on:
push:
branches: [main]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm run lint
- run: npm run buildReliable releases are designed before automation
CI/CD is not only a pipeline file. It is a release policy expressed in checks, environments, rollback paths and visibility. The workflow should make a small change easy and a risky change obvious.
| Stage | Question | Example check |
|---|---|---|
| Commit | Is the code safe to review? | Lint, type checks and unit tests |
| Build | Can the app be packaged repeatably? | Lockfile, environment and artifact verification |
| Deploy | Can the change reach the right environment? | Preview deploy, migration check and smoke test |
| Operate | Can the team see failures quickly? | Logs, alerts, health checks and rollback notes |