Accelerating Delivery: Our CI/CD, Branch Automation & Artifact Management Revamp

Preface

Before cost‑reduction and efficiency‑boosting became popular, every R&D team was already passionate about improving productivity because repetitive tasks such as building, testing, deploying, and merging after each code commit caused significant friction, especially near release dates. Manual configuration management introduced human errors, and unfamiliar tools, cryptic error messages, and hard‑to‑find solutions consumed developers' time. Reducing wasted time and maximizing human efficiency are key concerns for any development team.

CI/CD

Improving the R&D efficiency toolchain starts with CI/CD.

CI (Continuous Integration) means frequently integrating code changes and automatically verifying them through builds, tests, and deployments. CD (Continuous Delivery) builds on CI to automate software release and deployment. An ideal CI/CD pipeline automates the entire path from code commit to production without manual intervention, though reality often requires some human steps.

CI/CD Process Optimization

Before 2018, we used Jenkins for CI/CD. Jenkins is an open‑source automation server that allows easy pipeline configuration, but as the business grew, its drawbacks emerged:

Most projects configured pipelines via the Jenkins UI, leading to duplicated configuration and higher maintenance overhead.

Pipeline scripts were not version‑controlled, preventing different branches from having distinct CI flows.

Jenkins required ongoing maintenance of keys, plugins, agents, and shared libraries.

In 2018 we migrated services from Docker to a Kubernetes (K8s) cluster, making the Docker‑based Jenkins pipelines obsolete. Because our code already lived in GitLab, we switched to GitLab CI, which offers several inherent advantages:

Native version control for CI configuration files.

Permission management tied to GitLab user rights.

Integrated job logs with clear branch and commit timestamps.

Easy triggering of builds across projects.

GitLab CI’s simple configuration, templating, and support for multiple executors (we use the K8s executor) further streamlined our workflow. The K8s executor provides:

One‑click Helm installation and automatic registration.

Isolated clean environments via a unified base image.

Automatic resource scheduling and elastic scaling, reducing costs.

Our GitLab CI implementation follows a component‑based configuration model, where each task type has its own template file stored in a central CI repository. Projects reference these templates, and the final pipeline is assembled from the merged templates.

Code Branch Automation

Beyond CI/CD, we extended automation to the code‑branch stage. Manual branch management often leads to chaotic naming, tag usage, and difficulty linking code to requirements. Using Jira’s workflow capabilities, we built an automated branch creation process:

A Jira epic can spawn multiple sub‑tasks, each linked to a specific GitLab project.

When a sub‑task enters development, the system automatically creates a release branch and a feature branch for the developer.

After code review, a Merge Request is generated automatically and merged into the release branch.

Testers work on the release branch; once tests pass, the code merges into the main branch and a tag is created automatically.

This model keeps branch naming consistent, aligns tasks with branches, and reduces unnecessary communication in multi‑person or cross‑team development.

Artifact Management Optimization

Artifacts (JARs, npm packages, Docker images, etc.) produced by CI/CD need centralized storage, versioning, and access control. Previously, artifacts were scattered across multiple repositories without permission checks, mixing development, pre‑release, and production artifacts.

We adopted JFrog as a unified artifact repository and designed a promotion workflow:

Separate dev and staging repositories to isolate unstable and stable artifacts.

Dedicated CI runners for dev and staging with distinct repository permissions.

Upload rules: dev‑stage CI can upload only to the dev repo; only pre‑release runners can upload to staging; production artifacts are never uploaded directly but promoted from staging.

Promotion logic ensures that the same Docker image is used from pre‑release validation to production, and that only vetted artifacts advance to the production repository.

SCA (Software Composition Analysis)

With a solid artifact management process, we added SCA to analyze open‑source and internal component dependencies for known vulnerabilities. Open‑source components increasingly introduce security risks, as highlighted by the Snyk Vulnerability DB.

We built an in‑house SCA solution that:

Uploads the dependency tree during CI builds to the Next platform, which cross‑references a vulnerability database and generates high‑risk component reports.

Integrates the analysis into the release pipeline, blocking deployment of images that depend on black‑listed components (both open‑source and internal).

To date, the system has scanned 469 applications, identified 206 distinct high‑risk components, and provided remediation guidance.

Next Platform

The various optimizations are unified under the internally developed Next platform, a one‑stop R&D workflow management system. Its core capabilities include:

Project management: tracking stages, progress, releases, and team members.

Application deployment: managing applications and deploying them to K8s clusters with multi‑lane support.

Artifact management: browsing artifacts, vulnerability data, and statistics.

Team reporting: time‑tracking, Gantt charts, bug statistics, etc.

Next orchestrates the handoff between development, testing, pre‑release, and production, using technical metrics as gate criteria to reduce manual approvals and increase automation.

Summary

By optimizing CI/CD, automating branch management, and redesigning artifact handling, we have increased hardware utilization, reduced peak‑to‑valley load, and cut costs through K8s‑driven elastic scaling. Our custom SCA solution provides enterprise‑grade security at a fraction of commercial costs. Future work will expand the Next platform with more plug‑in capabilities, richer metrics, and further standardization of the delivery pipeline.