--- id: wiki-20260508-ci-cd-pipeline-redir title: CI/CD Pipeline category: 10_Wiki/Topics status: verified canonical_id: self aliases: [CI/CD, CI CD Pipeline, 파이프라인, Continuous Delivery] duplicate_of: none source_trust_level: A confidence_score: 0.92 verification_status: applied tags: [cicd, devops, automation, deployment] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: yaml framework: GitHub Actions, GitLab CI, ArgoCD --- # CI/CD Pipeline ## 매 한 줄 > **"매 commit 의 production 의 automated path"**. 매 Continuous Integration (build+test on every push) + Continuous Delivery/Deployment (artifact → staging → prod 의 자동) 의 결합 — 매 2026 의 GitHub Actions 의 dominant 의 + GitLab CI / Jenkins / CircleCI / ArgoCD (GitOps) 의 ecosystem. 매 trunk-based dev + feature flag 의 pair. ## 매 핵심 ### 매 Stages 1. **Source**: trigger (push, PR, schedule, manual). 2. **Build**: compile, package (Docker image, JAR, npm). 3. **Test**: unit → integration → e2e → security scan. 4. **Artifact**: registry push (ECR, GHCR, Artifactory). 5. **Deploy**: staging → smoke test → prod (canary / blue-green / rolling). 6. **Observe**: metrics, alerts, rollback trigger. ### 매 CI vs CD - **CI**: 매 main branch 의 always-green — fast feedback (<10 min). - **CD (delivery)**: 매 always-deployable artifact — manual prod gate. - **CD (deployment)**: 매 fully automated — canary + auto-rollback. ### 매 응용 1. SaaS web app: GitHub Actions → Docker → ECS/K8s. 2. Mobile: Fastlane + TestFlight/Play Console. 3. Library: tag → npm/PyPI/Maven publish. 4. Infrastructure: Terraform plan/apply via CI. ## 💻 패턴 ### GitHub Actions (Node + Docker) ```yaml name: ci on: { push: { branches: [main] }, pull_request: {} } jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: { node-version: 20, cache: pnpm } - run: pnpm install --frozen-lockfile - run: pnpm lint && pnpm test --coverage - uses: codecov/codecov-action@v4 build-deploy: needs: test if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest permissions: { id-token: write, contents: read } steps: - uses: actions/checkout@v4 - uses: aws-actions/configure-aws-credentials@v4 with: { role-to-assume: arn:aws:iam::123:role/ci, aws-region: us-east-1 } - run: docker build -t $ECR/app:${{ github.sha }} . && docker push $ECR/app:${{ github.sha }} - run: aws ecs update-service --cluster prod --service app --force-new-deployment ``` ### GitLab CI (matrix + cache) ```yaml stages: [test, build, deploy] test: stage: test image: node:20 cache: { paths: [node_modules/] } script: [npm ci, npm test] parallel: matrix: [{ NODE_VERSION: ["18", "20", "22"] }] ``` ### ArgoCD (GitOps) ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: { name: app, namespace: argocd } spec: source: { repoURL: https://git.../infra, path: k8s/prod, targetRevision: HEAD } destination: { server: https://kubernetes.default.svc, namespace: prod } syncPolicy: { automated: { prune: true, selfHeal: true } } ``` ### Canary deploy (Argo Rollouts) ```yaml strategy: canary: steps: [{ setWeight: 10 }, { pause: { duration: 10m } }, { setWeight: 50 }, { pause: {} }] analysis: { templates: [{ templateName: success-rate }] } ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | GitHub-hosted repo | GitHub Actions | | Self-hosted, full DevOps suite | GitLab CI | | Java-heavy enterprise | Jenkins | | K8s native, declarative | ArgoCD / Flux | | Mobile | Fastlane + Bitrise | | Monorepo | Nx Cloud / Turborepo Remote Cache | **기본값**: GitHub Actions + Docker + ArgoCD (cloud-native) or ECS/Cloud Run (PaaS). ## 🔗 Graph - 부모: [[DevOps]] · [[Software Delivery]] - 변형: [[Continuous Integration (CI)]] · [[Continuous Delivery]] · [[GitOps]] - 응용: [[Blue-Green Deployment]] · [[Canary Deployment]] · [[Feature Flag]] - Adjacent: [[Docker]] · [[Kubernetes]] · [[Terraform]] · [[TeamCity]] ## 🤖 LLM 활용 **언제**: 매 workflow YAML 의 generation, matrix 의 expansion, action 의 lookup. **언제 X**: 매 production 의 deploy script — 매 review + canary + rollback 의 always. ## ❌ 안티패턴 - **No rollback path**: 매 deploy 의 forward-only — 매 disaster. - **Secrets in YAML**: 매 GitHub Secrets / OIDC 의 사용. - **Slow CI** (>15 min): 매 dev 의 PR 의 stack — 매 cache + parallelize. - **Deploy on every push**: 매 manual gate or canary 의 사용 — 매 prod 의 break. - **No artifact pinning** (`:latest`): 매 reproducibility 의 lose. ## 🧪 검증 / 중복 - Verified (GitHub Actions docs, GitLab CI docs, ArgoCD docs). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — full CI/CD treatment with Actions/ArgoCD examples |