Skip to main content

Pipeline Design Lab

Retrieval Prompts

  1. What are the three components of "build once, promote everywhere"?
  2. Name the four test types you place in a CI pipeline and the budget you allocate to each stage.
  3. What is the difference between a stage dependency in GitLab (stage:) and needs: in GitHub Actions?
  4. Why should deployment stages reference an artifact by digest, not by tag?
  5. What is the minimum permissions: block for a workflow that only reads code and runs tests?

Compare and Distinguish

Separate these pairs clearly:

  • continuous integration vs continuous delivery vs continuous deployment
  • an artifact identified by tag vs by digest
  • a unit test vs an integration test vs a contract test
  • pull_request trigger vs pull_request_target trigger
  • a workflow that deploys on push to main vs one that deploys on workflow_dispatch

Common Mistake Check

For each, identify the error:

  1. "We rebuild the image in every environment to keep it fresh."
  2. "Our CI is fast -- we skip unit tests and rely on integration tests."
  3. "We tag staging and prod as separate images."
  4. "We retry flaky tests three times to keep the pipeline green."
  5. "actions/checkout@v4 is fine because it's maintained by GitHub."

Mini Application

Build a CI pipeline from scratch for one of these:

  • a Node.js HTTP service with Postgres
  • a Go service with no external dependencies
  • a Python library published to PyPI

Do all five tasks:

  1. author .github/workflows/ci.yml (or .gitlab-ci.yml) that lints, tests, builds an artifact, and pushes it tagged by commit SHA
  2. split the workflow by test tier: unit before build, integration after build
  3. cache dependencies correctly
  4. pin actions by commit SHA for anything with secrets: exposure
  5. set permissions: explicitly at the workflow level

Validate by running the pipeline on a real branch.

Evidence Check

This page is complete only if:

  • your pipeline runs end-to-end on push
  • the deploy stage references an artifact by digest, not mutable tag
  • you can explain every uses:, needs:, or stage: line in one sentence
  • the entire pipeline from push to "artifact in registry" completes in < 10 minutes on a cold cache

Integrated Delivery-Process Drill

Design the team process that feeds the pipeline.

  1. Choose an SDLC model for a two-week feature with uncertain requirements. Explain why waterfall, ad hoc coding, and pure maintenance mode are weaker fits.
  2. Write a one-sprint plan with roles, backlog items, acceptance criteria, estimate ranges, and a daily feedback loop.
  3. Define branch discipline: trunk-based, short-lived branch, merge queue, or release branch. Include when merge, rebase, or revert is acceptable.
  4. Add quality gates for lint, unit tests, integration tests, dependency scan, artifact signing, and manual approval if needed.
  5. Connect each process choice to CI/CD evidence: what will the pipeline prove, and what still requires review?

Evidence check: include a process-selection note, a branch-policy note, and a pipeline diagram that shows where requirements, estimation, review, testing, deployment, and rollback fit.