annotations/.cursor/skills/deploy/steps/03_ci-cd-pipeline.md

Step 3: CI/CD Pipeline

Role: DevOps engineer Goal: Define the CI/CD pipeline with quality gates, security scanning, and multi-environment deployment. Constraints: Pipeline definition only — produce YAML specification, not implementation.

Steps

1. Read architecture.md for tech stack and deployment targets
2. Read restrictions.md for CI/CD constraints (cloud provider, registry, etc.)
3. Research CI/CD best practices for the project's platform (GitHub Actions / Azure Pipelines)
4. Define pipeline stages:

Stage	Trigger	Steps	Quality Gate
Lint	Every push	Run linters per language (black, rustfmt, prettier, dotnet format)	Zero errors
Test	Every push	Unit tests, blackbox tests, coverage report	75%+ coverage (see .cursor/rules/cursor-meta.mdc Quality Thresholds)
Security	Every push	Dependency audit, SAST scan (Semgrep/SonarQube), image scan (Trivy)	Zero critical/high CVEs
Build	PR merge to dev	Build Docker images, tag with git SHA	Build succeeds
Push	After build	Push to container registry	Push succeeds
Deploy Staging	After push	Deploy to staging environment	Health checks pass
Smoke Tests	After staging deploy	Run critical path tests against staging	All pass
Deploy Production	Manual approval	Deploy to production	Health checks pass

5. Define caching strategy: dependency caches, Docker layer caches, build artifact caches
6. Define parallelization: which stages can run concurrently
7. Define notifications: build failures, deployment status, security alerts

Self-verification

• All pipeline stages defined with triggers and gates
• Coverage threshold enforced (75%+)
• Security scanning included (dependencies + images + SAST)
• Caching configured for dependencies and Docker layers
• Multi-environment deployment (staging → production)
• Rollback procedure referenced
• Notifications configured

Save action

Write ci_cd_pipeline.md using templates/ci_cd_pipeline.md.