detections-semantic/_docs/02_plans/deployment/ci_cd_pipeline.md

CI/CD Pipeline

Pipeline Overview

Stage	Trigger	Runner	Duration	Gate
Lint + Unit Tests	PR to dev	x86 cloud	~4 min	Block merge
Build + E2E Tests	PR to dev, nightly	x86 cloud	~15 min	Block merge
Build (Jetson)	Merge to dev	Jetson self-hosted OR cross-compile	~15 min	Block deploy
Package	Manual trigger	x86 cloud	~5 min	Block deploy

Stage Details

1. Lint + Unit Tests

• Python: ruff check + ruff format --check
• Cython: cython-lint on .pyx files
• pytest on Python modules (path tracing, freshness heuristic, config parsing, POI queue, detection logger)
• No GPU required (mocked inference)
• Coverage threshold: 70%

2. Build + E2E Tests

• docker build for semantic-detection (x86 target)
• docker compose -f docker-compose.test.yaml up --abort-on-container-exit
• Runs all FT-P-, FT-N-, non-HIL NFT tests
• JUnit XML report artifact
• Timeout: 10 minutes

3. Build (Jetson)

• Cross-compile for aarch64 OR build on self-hosted Jetson runner
• TRT engine export not part of CI (engines pre-built, stored as artifacts)
• Docker image tagged with git SHA

4. Package

• Build final Docker images for Jetson (aarch64)
• Export as tar archive for USB-based field deployment
• Include: Docker images, TRT engines, config files, update script
• Output: semantic-detection-{version}-jetson.tar.gz

HIL Testing (not a CI stage)

Hardware-in-the-loop tests run manually on physical Jetson Orin Nano Super:

• Latency benchmarks (NFT-PERF-01)
• Memory/thermal endurance (NFT-RES-LIM-01, NFT-RES-LIM-02)
• Cold start (NFT-RES-LIM-04)
• Results documented but do not gate deployment

Caching

Cache	Key	Contents
pip	requirements.txt hash	Python dependencies
Docker layers	Dockerfile hash	Base image + system deps

Artifacts

Artifact	Stage	Retention
JUnit XML test report	Build + E2E	30 days
Docker images (Jetson)	Build (Jetson)	90 days
Deployment package (.tar.gz)	Package	Permanent

Secrets

None needed — air-gapped system. Docker registry is internal (Azure DevOps Artifacts or local).