CI/CD Pipeline Templates
Battle-tested GitHub Actions and GitLab CI pipeline configurations for Next.js apps, Docker builds, Terraform deployments, and more.
Pipeline Templates
Next.js Deploy
Lint, type-check, test, build, and deploy to Vercel. Includes preview deployments for PRs and production deploys on merge.
Docker Build & Push
Multi-stage Docker build with layer caching. Push to ECR/GCR with tag based on git SHA and branch.
Terraform Plan/Apply
Plan on PR (with comment), apply on merge to main. State locking and approval gates for production changes.
Python Package
Lint (ruff), type-check (mypy), test (pytest), build wheel, and publish to PyPI or private registry.
Database Migration
Run migration scripts in a safe order. Include rollback step on failure and Slack notification on completion.
Security Scan
SAST with Semgrep, dependency scanning with Trivy, and secret detection with GitLeaks on every PR.
Pipeline Principles
Target under 5 minutes for PR checks. Use caching (node_modules, Docker layers, Terraform plugins) aggressively.
No flaky tests in CI. Quarantine flaky tests immediately. Use retries only for infrastructure issues, not test failures.
Never store secrets in code. Use OIDC for cloud provider auth. Scan for vulnerabilities on every build.
Post build status to Slack. Track build times and failure rates over time. Alert on sustained failures.
Branch Strategy
- main branch is always deployable. Protected with required reviews and status checks.
- Feature branches are short-lived (1-3 days max). Squash merge into main.
- Preview deployments are created automatically for every PR.
- Release tags trigger production deployments with manual approval gates.
- Hotfix branches are created from the latest release tag, cherry-picked back to main.
Need help setting up CI/CD for your project? Get in touch and we will build the right pipeline for your workflow.