CI/CD Pipelines

Define, automate, and scale your build, test, and deployment workflows with a declarative pipeline engine designed for modern development teams.

Declarative YAML Parallel Execution Smart Caching Matrix Builds

Pipeline Overview

.git Pipelines transform your repository commits into production-ready artifacts through a fully automated, reproducible workflow. Unlike traditional CI servers, our pipeline engine is cloud-native, schema-validated, and optimized for speed without sacrificing visibility.

Each pipeline run is immutable, fully auditable, and provides real-time streaming logs, artifact storage, and built-in rollback capabilities. Configure once in your repository, and .git handles the infrastructure, scaling, and orchestration automatically.

Configuration

Pipelines are defined using .git.yaml at the root of your repository. The schema supports environment variables, conditional stages, matrix configurations, and custom runner selection.

                                
                                
                                
                            

pipeline:
  name: "CI/CD Pipeline"
  triggers:
    - type: push
      branches: ["main", "develop"]
    - type: pull_request
      base: main

  stages:
    - name: build
      runs-on: ubuntu-22.04
      steps:
        - uses: actions/checkout@v4
        - run: npm ci --frozen-lockfile
        - run: npm run build
        - upload-artifact: dist/

    - name: test
      needs: build
      matrix:
        node-version: [18, 20, 22]
      steps:
        - uses: actions/download-artifact@v4
        - run: npm test -- --coverage

    - name: deploy
      needs: test
      if: "github.ref == 'refs/heads/main'"
      environment: production
      steps:
        - deploy: .git/production
        - verify: /health
                            

# .git.yaml
pipeline:
  env:
    NODE_ENV: production
    CI: "true"
    DOCKER_REGISTRY: "${{ secrets.REGISTRY_URL }}"

  stages:
    - name: build
      runs-on: self-hosted
      steps:
        - run: echo ${{ env.DOCKER_REGISTRY }}
                            

# .git.yaml
pipeline:
  concurrency:
    group: deploy-${{ github.ref }}
    cancel-in-progress: true

  cache:
    - key: npm-${{ hashFiles('package-lock.json') }}
      path: ~/.npm

  security:
    scanning: enabled
    fail-on: [critical, high]
                            

All configurations are validated against our OpenAPI schema before execution. Invalid YAML blocks the pipeline run and provides precise line-level error reporting.

Pipeline Workflow

Each pipeline follows a deterministic execution model. Stages run sequentially by default, but can be configured for parallel execution using dependency graphs.

📦

Checkout

→

🔨

Build

→

🧪

Test

→

🛡️

Scan

→

🚀

Deploy

Artifacts automatically persist between stages. Failed stages trigger immediate notification via configured channels (Slack, Discord, Email, Webhooks) and halt downstream execution unless explicitly overridden with continue-on-error.

Core Capabilities

Smart Layer Caching

Automatically caches dependencies, build outputs, and container layers across runs. Reduces build times by up to 70%.

Matrix & Parallel Builds

Test across multiple OS, language versions, or configurations simultaneously without manual orchestration.

Security Scanning

Integrated SAST, SCA, and container image scanning. Blocks deployments with critical vulnerabilities.

Custom Runners

Self-hosted or managed runners with GPU, high-memory, or air-gapped network support.

Preview Environments

Auto-provision ephemeral staging environments for every PR. Automatically destroyed on merge.

Rollback & Replay

One-click rollback to previous successful deployments. Replay any pipeline run with exact state reproduction.

Integrations

.git Pipelines connects seamlessly with your existing toolchain. We support native integration with:

Container Registries: Docker Hub, AWS ECR, GCP Artifact Registry, GitHub Container Registry
Cloud Providers: AWS, Azure, GCP, Kubernetes clusters, Serverless platforms
Monitoring & Observability: Datadog, New Relic, Sentry, Grafana
Communication: Slack, Microsoft Teams, Discord, Webhooks
Package Managers: npm, pip, Maven, Gradle, NuGet, Cargo

All integrations support OIDC authentication and secret masking. Secrets are encrypted at rest using AES-256 and never exposed in pipeline logs.

Frequently Asked Questions

How are pipeline minutes calculated?

Each minute of runner execution counts as one pipeline minute. Linux runners count as 1x, Windows as 2x, and macOS as 3x. Caching and artifact storage are billed separately.

Can I use self-hosted runners?

Yes. You can deploy .git runner agents to your own infrastructure, AWS, Azure, or GCP. Runners can be tagged and assigned to specific pipelines.

What happens if a deployment fails?

Pipelines support automatic rollback strategies. You can configure rollback_on_fail to revert to the last successful deployment automatically, or trigger manual approval workflows.

Is my source code exposed during builds?

No. All pipeline executions occur in isolated, ephemeral environments. Logs are scrubbed for secrets, and build artifacts are encrypted. We are SOC 2 Type II certified.

Ready to automate your workflow?

Configure your first pipeline in under 5 minutes. No credit card required.

Create Pipeline → Read Documentation