Night Mode LabsBlue Book
Delivery

CI Pipeline Standards

Continuous integration should make every change traceable, testable, and safe to promote. Keep pipelines consistent enough that teams can move between services without relearning delivery from scratch.

Pipeline stages

Required checks

Every production service should define checks for:

  • Formatting, linting, and static analysis.
  • Type checking or compilation where applicable.
  • Unit and integration tests.
  • Dependency and vulnerability scans.
  • Secret scanning.
  • Infrastructure plan validation when infrastructure changes.
  • Artifact build, SBOM generation, and provenance where required.

Artifact rules

  • Build artifacts once and promote them across environments.
  • Publish artifacts to approved registries.
  • Record source commit, build ID, and artifact digest.
  • Scan artifacts before deployment.
  • Sign or attest artifacts for regulated or high-risk systems.

Pipeline design

Good pipelines are:

  • Fast for common changes.
  • Deterministic and reproducible.
  • Clear about what failed and who owns it.
  • Parameterized through code, not manual UI configuration.
  • Reusable without hiding important service-specific behavior.

Watchouts

  • Slow pipelines teach teams to avoid them.
  • Flaky checks destroy trust in gates.
  • Manual reruns can hide nondeterminism.
  • Shared credentials in CI create broad blast radius.

Handoff and Adoption

Previous Page

Release Management

Next Page

On this page

Pipeline stagesRequired checksArtifact rulesPipeline designWatchouts