← Back to Paths
[PLACEHOLDER hero banner]
CI/CD Pipelines End to End
Design, build, and operate CI/CD pipelines that ship code safely from commit to production every day.
CREATED BY
S
Sahil J. [PLACEHOLDER] ★ 5.0
SDE II at TaskFlow | 6+ years of experience
About this Path
Designed for engineers who understand Git and have deployed manually but need to own the full delivery pipeline. You will instrument GitHub Actions and GitLab CI to run tests, build Docker images, push to a registry, and deploy to Kubernetes using Helm and ArgoCD. You will also wire secrets management, environment promotion gates, and DORA metrics dashboards.
Path Overview
Intermediate LevelCertificate of CompletionAbout 42 hours to completeEnglish language18+ curated videosLearn online at your own pace6 modules with resourcesGamified & interactive
Path Curriculum
DORA Metrics and What Fast Pipelines Actually Look Like
Benchmark deployment frequency, lead time, MTTR, and change failure rate.
Trunk-Based Development vs Feature Branches
Choose a branching strategy that keeps the main branch always releasable.
Stage Gates: what to enforce in CI vs what to defer
Decide where to place lint, unit tests, integration tests, and security scans.
Pipeline as Code: why YAML beats ClickOps
Version, review, and test your pipeline definitions like application code.
Workflow Syntax: triggers, jobs, steps, contexts
Master on:, needs:, if:, env:, and outputs to wire complex DAGs.
Composite Actions and Reusable Workflows
Extract shared steps into composite actions to eliminate copy-paste pipelines.
Matrix Builds for Multi-Version Testing
Run the same job across Node 18/20 or Go 1.21/1.22 in parallel.
OIDC Authentication to AWS and GCP without Long-Lived Keys
Replace static credentials with short-lived tokens via OIDC federation.
Docker Buildx and BuildKit Caching in GitHub Actions
Mount the GitHub Actions cache to avoid rebuilding unchanged layers.
Pushing to ECR, GCR, and GitHub Container Registry
Authenticate and push with correct tags using docker/metadata-action.
Trivy and Grype: blocking CVEs before merge
Fail the build on critical vulnerabilities and export SARIF to GitHub Security.
GitHub Actions Encrypted Secrets and Environments
Scope secrets to environments and require reviewers before production deploys.
HashiCorp Vault Dynamic Secrets in CI
Fetch short-lived database credentials from Vault inside a pipeline step.
Detecting Secret Leaks with Gitleaks and TruffleHog
Block commits and PRs that accidentally contain API keys or tokens.
Helm Chart Structure and values.yaml Promotion Pattern
Override image tags per environment using Helm values without duplicating templates.
ArgoCD App-of-Apps and Sync Waves
Bootstrap a cluster declaratively and control dependency ordering between apps.
Progressive Delivery: Canary and Blue-Green with Argo Rollouts
Shift traffic gradually and auto-rollback on error-rate threshold breach.
Rollback Strategies and Incident Recovery Runbooks
Execute fast rollbacks via ArgoCD history and keep a runbook checklist current.
Measuring Lead Time and Deployment Frequency with Grafana
Ingest CI webhook events into a time-series store and build a DORA dashboard.
Flaky Test Triage and Quarantine Strategy
Tag unreliable tests, route them to a separate job, and track flakiness rate.
Self-Hosted Runners: when and how to operate them safely
Isolate ephemeral runners per job to prevent cross-job secret contamination.
What you'll learn
- ✓Design a trunk-based delivery pipeline with clear stage gates from lint to production deployment.
- ✓Write reusable GitHub Actions workflows using composite actions, matrix builds, and OIDC-based AWS authentication.
- ✓Build and push Docker images inside CI with layer caching and vulnerability scanning baked in.
- ✓Deploy to Kubernetes via Helm and GitOps with ArgoCD, including rollback and sync-wave ordering.
- ✓Manage secrets in CI using GitHub Actions Secrets, HashiCorp Vault, or AWS Secrets Manager without plaintext leakage.
- ✓Measure pipeline health with DORA metrics and reduce mean lead time by identifying bottleneck stages.