CI/CD: The what, why, and how
Building automated workflows for faster releases
Automation is a core principle for achieving DevOps success and CI/CD is a critical component. CI/CD comprises of continuous integration and continuous delivery or continuous deployment. Put together, they form a “CI/CD pipeline”—a series of automated workflows that help DevOps teams cut down on manual tasks:
Continuous integration (CI)
automatically builds, tests, and integrates code changes within a shared repository; then
Continuous delivery (CD)
automatically delivers code changes to production-ready environments for approval; or
Continuous deployment (CD)
automatically deploys code changes to customers directly.
A CI/CD pipeline
Continuous delivery vs. continuous deployment
When someone says CI/CD, the “CD” they’re referring to is usually continuous delivery, not continuous deployment. What’s the difference? In a CI/CD pipeline that uses continuous delivery, automation pauses when developers push to production. A human—your operations, security, or compliance team—still needs to manually sign off before final release, adding more delays. On the other hand, continuous deployment automates the entire release process. Code changes are deployed to customers as soon as they pass all the required tests.
Continuous deployment is the ultimate example of DevOps automation. That doesn’t mean it’s the only way to do CI/CD, or the “right” way. Since continuous deployment relies on rigorous testing tools and a mature testing culture, most software teams start with continuous delivery and integrate more automated testing over time.
Ongoing feedback allows developers to commit smaller changes more often, versus waiting for one release.
Stability and reliability
Automated, continuous testing ensures that codebases remain stable and release-ready at any time.
Freed up from manual tasks, organizations can focus resources on innovation, customer satisfaction, and paying down technical debt.
CI begins in shared repositories, where teams collaborate on code using version control systems (VCS) like Git. A VCS tracks code changes, simplifies reversions, and supports config as code for managing testing and infrastructure.
CI build tools automatically package up files and components into release artifacts and run tests for quality, performance, and other requirements. After clearing required checks, CD tools send builds off to the operations team for further testing and staging.
Treating code review as a best practice improves code quality, encourages collaboration, and helps even the most experienced developers make better commits. In a CI/CD workflow, teams review and approve code or leverage integrated development environments for pair programming.
CI/CD tests and deploys code in environments, from where developers build code to where operations teams make applications publicly available. Environments often have their own specific variables and protection rules to meet security and compliance requirements.
Developers open pull requests to trigger initial builds and unit tests
Approved commits are deployed to a preview environment
Custom-built GitHub Actions install the mabl CLI and run headless tests
GitHub Apps provide live check results within pull requests
Approved commits are merged to the main branch for additional tests or deployed to production
CI/CD can be done manually—but that’s not the goal. A good CI/CD workflow automates builds, testing, and deployment so you have more time for code, not more tasks to do.
If a build fails, developers need to be able to quickly assess what went wrong and why. Logs, visual workflow builders, and deeply integrated tooling make it easier for developers to troubleshoot, understand complex workflows, and share their status with the larger team.
CI/CD contributes to your overall DevOps performance, particularly speed. DevOps experts gauge speed using two DORA metrics: Lead time for changes (how quickly commits are made to code in production) and deployment frequency (how often you commit code).
When used with other approaches like test coverage, observability tooling, and feature flags, CI/CD makes software more resistant to errors. DORA measures this stability by tracking mean time to resolution (how quickly incidents are resolved) and change failure rate (the number of software rollbacks).
Automation includes security. With DevSecOps gaining traction, a future-proof CI/CD pipeline has checks in place for code and permissions, and provides a virtual paper trail for auditing failures, security breaches, non-compliance events.
CI/CD isn't just about automation; it's also about ensuring scalability. A robust CI/CD setup should effortlessly expand with your growing development team and project complexity. This means it can efficiently handle increased workloads as your software development efforts grow, maintaining productivity and efficiency.
Explore best practices
See how world-class CI/CD, automation, and security can support your workflow.
Build a custom strategy for your business goals in a 1:1 session with GitHub product leaders.
See how GitHub compares to other DevOps tools and platforms.