How Baidu’s Tekes Actions Turns Pipelines into Code for Scalable CI/CD

Overview

Baidu App has built a mature DevOps workflow that covers planning, development, testing, integration, and delivery. Continuous Integration (CI) is a core part of this workflow, and the internal platform Tekes supports CI for over 50 releases and 400,000+ components. Different product lines require customized CI pipelines, which makes a single static pipeline template insufficient.

Pipeline as Code (PaC)

PaC treats pipelines as code, allowing product lines to describe required features in a structured language and automatically generate the corresponding pipeline. This idea aligns with the broader "as code" movement, similar to Infrastructure as Code (IaC).

Pipeline as code is a practice of defining deployment pipelines through source code, such as Git. It is part of a larger “as code” movement that includes infrastructure as code. Teams can configure builds, tests, and deployment in code that is trackable and stored in a centralized source repository.

Representative DSLs

Two widely used DSLs are Jenkins Pipeline (Groovy DSL) and GitHub Actions (YAML DSL). Both express checkout, build, and custom steps clearly, and the choice depends on the CI system used.

Jenkins Pipeline example

// Jenkinsfile (Declarative Pipeline)
@Library('my-library') _
pipeline {
  agent { node { label 'MACOS' } }
  stages {
    stage('Checkout') {
      steps { checkout scm }
    }
    stage('Build') {
      steps { sh 'xcodebuild -workspace projectname.xcworkspace -scheme schemename -destination generic/platform=iOS' }
    }
    stage('UseMyLibrary') {
      steps { myCustomFunc 'Hello world' }
    }
  }
}

GitHub Actions example

name: iOS workflow
on: [push]
jobs:
  build:
    runs-on: macos-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Build
        run: xcodebuild -workspace projectname.xcworkspace -scheme schemename -destination generic/platform=iOS
      - name: UseMyLibrary
        uses: my-library/my-custom-action@master
        with:
          args: Hello world

Tekes Actions

Tekes Actions adopts the GitHub Actions DSL to define Baidu App’s component publishing workflow. It provides a set of reusable Actions that can be plugged into product‑line pipelines, and a public Action marketplace for quality, performance, and security checks.

# baiduapp/ios/publish.yml
name: 'iOS Module Publish Workflow'
author: 'zhuyusong'
description: 'iOS 组件发布流程'
on:
  events:
    topic_merge:
      branches: ['master', 'release/**']
      repositories: ['baidu/baidu-app/*', 'baidu/third-party/*']
jobs:
  publish:
    name: 'publish modules using Easybox'
    runs-on: macos-latest
    steps:
      - name: 'Checkout'
        uses: actions/checkout@v2
      - name: 'Setup Easybox'
        uses: actions/setup-easybox@v2
        with:
          is_public_storage: true
      - name: 'Build Task use Easybox'
        uses: actions/easybox-ios-build@v1
        with:
          component_check: true
          quality_check: true
      - name: 'Publish Task use Easybox'
        uses: actions/easybox-ios-publish@v1
      - name: 'Access Task use Easybox'
        uses: actions/easybox-ios-access@v1

The DSL itself is not the decisive factor; the choice of CI system drives the DSL selection.

Tekes Runner

Tekes Runner executes Tekes Actions workflows. Its architecture includes Template, Worker, and optional WebAPI modules. The runner provides four CLI commands: Run, Pause, Unpause, and Kill, managing the lifecycle of a workflow.

When Run is invoked, the runner initializes the workflow (reads YML, downloads Actions, creates a workspace) and enters the initialized state. It then creates a finite‑state machine for each job, transitions them to running , and finally to stopped when all jobs finish or a timeout/kill occurs.

Action‑Runner Interaction

Environment variables: the runner writes inputs and context into environment variables for the Action.

Workspace files: the runner places intermediate artifacts in a designated workspace directory.

Action prints: the runner monitors specially formatted log lines to set outputs, upload artifacts, or log messages.

Pause/Unpause

Long‑running manual approvals or code reviews can block a workflow. Pause persists the current context and terminates the process, freeing resources. Unpause restores the context and resumes execution.

WebAPI

Since most runners run on remote VMs managed by iPipe Agent, the WebAPI service persists logs and workflow context to a central service, enabling later queries and downstream integrations.

Conclusion

Pipeline as Code provides a flexible way to manage CI/CD pipelines, turning them into version‑controlled artifacts. Baidu’s Tekes Actions demonstrates how a large organization can build a custom PaC solution on top of existing CI systems, leveraging reusable Actions, a dedicated runner, and cloud‑native serverless components to achieve scalable, maintainable DevOps workflows.