CI/CD Pipeline Engineering

A bad pipeline is a tax on every change you ship. A 35-minute build means engineers context-switch, lose flow, and start avoiding small commits. Flaky tests teach people to retry instead of investigate. Both compound.

What I rebuild

Build pipeline — Caching strategy (layer / dep / test), parallel matrix where it pays, hermetic toolchain pinning, reproducible artifacts. Targets: <8 min PR build, <12 min mainline including deploy to staging.

Test layer — Selective test execution, flake detection and quarantine, parallelism matched to your test suite shape. Track and publish flake rate weekly — it tends to drop the moment people see the number.

Security & compliance — SAST, SCA, secret scanning, container scanning, SBOM generation, image signing. All in pipeline, all blocking, none that slow you down meaningfully.

Progressive delivery — Argo Rollouts or Flagger for canary / blue-green deploys. Automated rollback on SLO regression. Deploys at noon on Tuesday, not at 11pm on Friday.

Pipeline observability — Dashboards for build duration, queue time, flake rate, deploy frequency. The pipeline is a product; treat it like one.

Tooling honesty

I don't have a religion about CI tools. GitHub Actions is the right answer most of the time. Buildkite or self-hosted runners win when you're heavy on integration tests or need GPU/custom hardware. I pick what fits, not what I last used.