Deployment Pipelines
Simple Explanation
What it is
A deployment pipeline is an automated set of steps that tests, packages, and releases your code every time you make a change.
Why we need it
Manual deployments are slow and risky. Pipelines make releases predictable and repeatable so teams can ship frequently with confidence.
Benefits
- Fast feedback from automated tests.
- Consistent releases across environments.
- Clear audit trail of what changed and when.
- Safer rollbacks when something goes wrong.
Tradeoffs
- Setup time to build the pipeline.
- Discipline required around tests and environment parity.
- Credential management must be done securely.
Real-world examples (architecture only)
- Git push -> CI tests -> deploy to dev -> promote to prod.
- IaC change -> plan -> approval -> apply -> smoke tests.
What Is a Pipeline?
Automated workflow for testing and deploying code:
Developer pushes code -> GitHub
|
v
Tests run automatically
|
v
Deploy to dev
|
v
Deploy to staging
|
v
Approval -> Deploy to production
Core Stages
- Source: Code change triggers the workflow
- Test: Unit and integration tests
- Build: Package artifacts
- Deploy: Release to an environment
- Verify: Health checks and metrics
GitHub Actions Example (Python + AWS SAM)
name: Deploy Serverless App
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install dependencies
run: pip install -r requirements.txt
- name: Run tests
run: pytest
deploy:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::ACCOUNT_ID:role/GitHubActionsRole
aws-region: AWS_REGION
- name: Build
run: sam build
- name: Deploy
run: sam deploy --no-confirm-changeset --stack-name maarifa-dev
If you deploy to GCP instead, replace the deploy step with gcloud or your preferred tooling.
Multi-Stage Deployments
Promote the same artifact across environments (dev -> staging -> prod) with approvals before production.
Testing in the Pipeline
Unit test example (Python)
from handler import handler
def test_handler_ok():
result = handler({"name": "test"}, None)
assert result["statusCode"] == 200
Deployment Strategies
Blue/Green: Run two environments, switch traffic after validation.
Canary: Send a small percentage of traffic to the new version, then increase if healthy.
Monitoring and Rollback
- Add health checks and error rate alerts
- Roll back quickly to the previous version if errors spike
Best Practices
- Keep environments identical
- Use OIDC or short-lived credentials
- Automate rollbacks
- Monitor after every deploy
- Document changes
Project
Create a pipeline that:
- Runs Python unit tests
- Deploys to a dev environment
- Requires manual approval for production
- Documents the release steps
Email your work to [email protected].
References
- GitHub Actions: https://docs.github.com/actions
- AWS SAM pipelines: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-apps-ci-cd.html
- AWS OIDC for GitHub Actions: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
- Cloud Build: https://cloud.google.com/build/docs
- Cloud Deploy: https://cloud.google.com/deploy/docs