What Is CI/CD?

CI/CD stands for Continuous Integration and Continuous Delivery (or Continuous Deployment). It is a set of practices and tools that automate how software is built, tested, and released. For QA engineers, understanding CI/CD is no longer optional — it is a core competency that separates modern testers from those stuck in manual processes.

In a traditional workflow, developers write code for weeks, then hand it off to QA for testing. Bugs found weeks after coding are expensive to fix. CI/CD eliminates this delay by automating the build-test-deploy cycle so that every code change is validated within minutes.

Continuous Integration (CI)

Continuous Integration is the practice of merging all developer working copies into a shared mainline several times a day. Each merge triggers an automated process:

  1. Code is pulled from the repository
  2. Dependencies are installed and the application is compiled
  3. Automated tests run — unit tests, linting, static analysis
  4. Results are reported back to the team

The key principle: if a test fails, the build is “broken” and fixing it becomes the team’s top priority. Nobody commits new code on top of a broken build.

Why CI Matters for QA

  • Early bug detection: Bugs are caught within minutes of being introduced, not weeks later
  • Reduced integration risk: Small, frequent merges cause fewer conflicts than large, infrequent ones
  • Automated regression: Every commit is verified against existing tests automatically
  • Shared responsibility: Developers cannot ignore failing tests because the pipeline blocks their work

Continuous Delivery (CD)

Continuous Delivery extends CI by ensuring the software is always in a deployable state. After passing all automated tests, the code can be released to production at any time — but a human must press the button.

The deployment process is automated and repeatable. The same pipeline that deploys to staging can deploy to production with a single approval step.

The Deployment Pipeline

A typical CD pipeline consists of stages that progressively increase confidence:

Code Commit → Build → Unit Tests → Integration Tests → Deploy to Staging → E2E Tests → Performance Tests → Security Scan → [Manual Approval] → Deploy to Production

Each stage acts as a quality gate. If any stage fails, the pipeline stops and the team is notified. Code that passes all gates is considered production-ready.

Continuous Deployment

Continuous Deployment takes CD one step further: every change that passes the automated pipeline is deployed to production automatically. No manual approval is needed.

This sounds risky, but it works when:

  • The test suite is comprehensive and trustworthy
  • Monitoring and alerting catch production issues instantly
  • Rollback mechanisms are fast and reliable
  • Feature flags control the exposure of new functionality

Companies like Netflix, Amazon, and Google deploy thousands of times per day using continuous deployment.

Pipeline Stages and QA’s Role

Stage 1: Build and Static Analysis

The CI server compiles the code and runs static analysis tools (linters, type checkers, code style enforcers).

QA involvement: Ensure static analysis rules include quality-related checks. Review which rules are enabled and whether they catch common bugs in your codebase.

Time budget: 1-5 minutes.

Stage 2: Unit Tests

Fast, isolated tests verify individual functions and classes.

QA involvement: Review unit test coverage reports. Identify untested code paths and coordinate with developers to fill gaps.

Time budget: 2-10 minutes.

Stage 3: Integration Tests

Tests verify that components work together — API contracts, database operations, service communication.

QA involvement: Write and maintain integration tests, especially API-level tests. Define which integrations are critical to test.

Time budget: 5-15 minutes.

Stage 4: Deployment to Staging

The application is deployed to a pre-production environment that mirrors production as closely as possible.

QA involvement: Verify deployment health. Check that configurations, migrations, and environment variables are correct.

Time budget: 2-5 minutes.

Stage 5: End-to-End Tests

Automated tests simulate real user workflows through the complete application stack.

QA involvement: Own the E2E test suite. Decide which critical user journeys must pass before any release.

Time budget: 10-30 minutes.

Stage 6: Performance and Security

Load tests, stress tests, and security scans ensure the application meets non-functional requirements.

QA involvement: Define performance baselines and security scan rules. Analyze results and decide whether issues are blockers.

Time budget: 10-20 minutes.

Common CI/CD Tools

ToolTypeBest For
JenkinsSelf-hosted CI/CDMaximum flexibility and plugin ecosystem
GitHub ActionsCloud CI/CDProjects hosted on GitHub
GitLab CICloud/self-hosted CI/CDProjects hosted on GitLab
CircleCICloud CI/CDFast build times, Docker-first workflows
Azure DevOpsCloud CI/CDMicrosoft ecosystem integration
TeamCitySelf-hosted CI/CDJetBrains ecosystem, .NET projects

Each tool has its strengths. In the next three lessons, we will deep-dive into Jenkins, GitHub Actions, and GitLab CI — the three most widely used CI/CD platforms.

CI/CD Anti-Patterns

The “It Works on My Machine” Pipeline

When the CI environment differs from development and production environments, tests pass locally but fail in CI (or vice versa). Solution: use containers (Docker) to ensure identical environments everywhere.

The Slow Pipeline

A pipeline that takes over an hour gives feedback too late. Developers context-switch to other tasks and lose focus. Solution: parallelize test stages, use caching, and keep each stage under its time budget.

The Ignored Pipeline

When the team habitually ignores test failures or retries until things pass, the pipeline becomes decorative rather than protective. Solution: treat broken builds as the highest priority issue. Never merge code with failing tests.

The Manual Gate Bottleneck

If a single QA engineer must manually approve every deployment, they become a bottleneck that slows the entire team. Solution: automate quality gates with clear pass/fail criteria. Reserve manual testing for exploratory sessions, not gate approvals.

Exercise: Map Your Current Process to CI/CD

Think about a project you work on (or a hypothetical one if you are just starting). Answer these questions:

  1. How often does your team integrate code? (Once a day? Once a sprint? At the end of a feature?)
  2. What happens when tests fail? (Is the build blocked? Can developers merge anyway?)
  3. How long does it take from code commit to production deployment?
  4. What percentage of your testing is automated vs. manual?

Now map your current process to CI/CD maturity levels:

LevelPracticeYour Team?
0 - No CIManual builds, no automated tests
1 - Basic CIAutomated builds on commit, some unit tests
2 - Full CIComprehensive automated tests, builds always pass
3 - CD (Delivery)Automated deployment to staging, manual approval for production
4 - CD (Deployment)Fully automated pipeline to production
Assessment Guide

Level 0-1: Focus on establishing automated builds and writing unit tests first. This is the foundation.

Level 2: Your CI is solid. Next step: automate deployment to a staging environment and add integration/E2E tests.

Level 3: You are doing Continuous Delivery. To reach Level 4, you need: comprehensive test coverage, monitoring, feature flags, and fast rollback capability.

Level 4: You are at the highest level. Focus on optimizing: reduce pipeline time, improve test reliability, and add chaos engineering practices.

Pipeline Configuration Fundamentals

Every CI/CD tool uses a configuration file that defines the pipeline. While syntax varies, the core concepts are universal:

Triggers

When should the pipeline run?

# Example: Run on every push to main and on pull requests
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

Stages (or Jobs)

What sequential steps should execute?

stages:
  - build
  - test
  - deploy

Steps

What commands run within each stage?

steps:
  - name: Install dependencies
    run: npm ci
  - name: Run unit tests
    run: npm test
  - name: Run E2E tests
    run: npx playwright test

Artifacts

What files should be saved between stages?

Test reports, screenshots from failed E2E tests, coverage reports, and build outputs are common artifacts. They help debug failures after the pipeline completes.

Environment Variables and Secrets

Configuration values and credentials that the pipeline needs:

env:
  NODE_ENV: test
  DATABASE_URL: ${{ secrets.TEST_DB_URL }}

Never hardcode secrets in pipeline configuration files. Use your CI/CD tool’s secret management feature.

QA Checklist for CI/CD Readiness

Use this checklist to evaluate whether your team’s CI/CD pipeline is QA-ready:

  • Every commit triggers an automated build
  • Unit tests run on every build with at least 80% code coverage
  • Integration tests verify critical API contracts
  • E2E tests cover the top 5-10 user journeys
  • Test results are visible in pull/merge requests
  • Failed tests block the merge
  • Pipeline runs in under 30 minutes (fast path) or 1 hour (full path)
  • Test environments are provisioned automatically
  • Rollback process is documented and tested
  • Monitoring alerts fire when production issues occur post-deployment

Key Takeaways

  1. CI/CD is not just a DevOps concern — QA engineers must understand and influence every pipeline stage
  2. Automation is the foundation — manual processes do not scale in CI/CD environments
  3. Speed matters — fast feedback loops let developers fix issues while context is fresh
  4. Quality gates must be automated — the pipeline should be the gatekeeper, not a person manually approving every change
  5. Start where you are — even basic CI (automated builds + unit tests) is a massive improvement over manual processes