ποΈ Pipeline Architecture¶
π― Por QuΓ© CI/CD¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Sin CI/CD β Con CI/CD β β βββββββββββββββββββββββββββββββͺβββββββββββββββββββββββββββββββββββββββββββββ£ β Manual builds β Automated builds β β "Works on my machine" β Reproducible everywhere β β Slow feedback (hours/days) β Instant feedback (minutes) β β High error rate β Catch bugs early β β Deployment fear β Deploy with confidence β β Inconsistent environments β Standardized build environments β β Hard to reproduce bugs β Every commit tested identically β β Manual testing burden β Automated test suites β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Beneficios EspecΓficos para Audio Development¶
- Multi-Platform Testing AutomΓ‘tico
- Build en Windows, macOS, Linux simultΓ‘neamente
-
Valida cada commit en todos los DAWs soportados
-
Artifact Management
- Cada build genera instaladores listos
- HistΓ³rico de versiones automΓ‘tico
-
Rollback fΓ‘cil a versiones anteriores
-
Quality Assurance
- Tests de audio reproducibles
- ValidaciΓ³n de latencia/performance
-
DetecciΓ³n de audio glitches
-
Code Signing Automatizado
- Windows: Authenticode
- macOS: Notarization
- No mΓ‘s "unsigned developer" warnings
π§ Tool Selection¶
GitHub Actions (Primary - Recommended)¶
β Pros: - Integrated with GitHub (no setup overhead) - Free for public repos (2000 minutes/month private) - Large marketplace (1000+ actions) - Good Windows support (native runners) - Matrix builds (test multiple configs) - Self-hosted runners option
β Cons: - Limited macOS minutes (costly) - Runner customization limited (hosted) - Vendor lock-in (GitHub-specific syntax)
Ideal para: - Open source projects - Small/medium teams - Repos already on GitHub
GitLab CI (Alternative)¶
β Pros: - Self-hosted option (free unlimited) - Better Docker integration - More flexible (DAG pipelines) - Kubernetes native - Artifact management built-in
β Cons: - More complex setup - Smaller ecosystem - Windows support weaker
Ideal para: - Self-hosted infrastructure - Enterprise with strict control - Docker-heavy workflows
Jenkins (Legacy/Enterprise)¶
β Pros: - Maximum customization - Self-hosted control - Extensive plugin ecosystem (1800+) - Works with any VCS
β Cons: - More maintenance burden - Security updates required - Complex UI/UX - Groovy DSL learning curve
Ideal para: - Legacy infrastructure - Complex enterprise builds - On-premise requirements - Multi-VCS support needed
π Flow Conceptual¶
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DESARROLLO β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Developer writes code
β
[Local Testing] (Optional but recommended)
β
git commit -m "Add feature X"
git push origin feature-branch
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TRIGGER β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Git Hook triggers webhook
β
CI Server receives event
β
Pipeline config loaded (.github/workflows/*.yml)
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BUILD STAGE β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Checkout Code]
β
[Setup Environment]
- Install dependencies
- Configure toolchains
- Setup audio drivers (if needed)
β
[Configure Build]
- CMake configure
- Set build type (Release/Debug)
β
[Compile]
- CMake build
- Multi-core compilation
β
[Code Sign] (if applicable)
- Windows: SignTool
- macOS: codesign + notarize
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TEST STAGE β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Unit Tests]
- CTest execution
- Fast feedback (< 5 min)
β
[Integration Tests]
- Plugin validation
- DAW compatibility checks
β
[Performance Tests]
- Latency benchmarks
- CPU usage validation
β
[Audio Tests]
- Audio output validation
- FFT analysis
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PACKAGE STAGE β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Create Installers]
- Windows: NSIS/WiX MSI
- macOS: PKG
- Linux: DEB/RPM
β
[Upload Artifacts]
- Store in CI system
- Upload to S3/CDN (if production)
β
[Generate Release Notes]
- Changelog extraction
- Version tagging
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DEPLOY STAGE (Optional - Manual Gate) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Deploy to Staging]
β
[Manual Approval] (if production)
β
[Deploy to Production]
- Update download links
- Notify users
- Update documentation
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β NOTIFICATION β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Success]
- GitHub PR comment: β
"Build passed"
- Slack notification
- Email (optional)
[Failure]
- GitHub PR comment: β "Build failed at [stage]"
- Slack alert
- Email to developer
π― Responsabilidades¶
INFRA (Este MΓ³dulo) - Infrastructure as Code¶
QUΓ contiene: - β Pipeline templates (YAML/Groovy) - β Runner setup scripts - β Hook configuration templates - β Documentation
QUΓ NO contiene: - β Implementaciones especΓficas de build - β Test execution logic - β Deployment scripts (esos van en mΓ³dulos)
AnalogΓa:
MΓ³dulos EspecΓficos - Implementations¶
QUΓ contiene: - β Workflow files customizados (.github/workflows/build.yml) - β Build scripts (build.sh, build.ps1) - β Test execution (run_tests.sh) - β Deployment logic (deploy.sh) - β Module-specific configs
Ejemplo estructura:
audio-lab/
βββ 2 - FOUNDATION/
β βββ 03_INFRA/
β βββ 03_06_ci_cd_automation/ β Templates y setup
β βββ 03_05_00_pipeline_templates/
β βββ 03_05_01_runner_configuration/
β βββ 03_05_03_documentation/
β
βββ 3 - MODULES/
βββ audio-processing/
βββ .github/
β βββ workflows/
β βββ build.yml β Copied from template, customized
βββ scripts/
β βββ build.sh
β βββ run_tests.sh
βββ CMakeLists.txt
π Pipeline Variants¶
1. Feature Branch Pipeline¶
Trigger: Push to feature branch, PR opened
on:
push:
branches-ignore: [main, develop]
pull_request:
jobs:
- quick_build: # Fast feedback
- Compile Debug build
- Run unit tests only
- Static analysis
Goal: Fast feedback (< 10 min)
2. Main Branch Pipeline¶
Trigger: Merge to main/develop
on:
push:
branches: [main, develop]
jobs:
- full_build:
- Multi-platform builds (Win, Mac, Linux)
- All tests (unit + integration)
- Performance benchmarks
- Package installers
- Upload artifacts
Goal: Comprehensive validation (< 30 min)
3. Release Pipeline¶
Trigger: Tag push (v*..)
on:
push:
tags:
- 'v*.*.*'
jobs:
- release_build:
- Production builds (all platforms)
- Code signing + notarization
- Full test suite
- Create installers
- Deploy to CDN
- Create GitHub Release
- Send notifications
Goal: Production-ready artifacts
4. Nightly Pipeline¶
Trigger: Scheduled (cron)
on:
schedule:
- cron: '0 2 * * *' # 2 AM daily
jobs:
- nightly_tests:
- Extended tests (long-running)
- Memory leak detection
- Performance regression
- Compatibility matrix
- Dependency updates check
Goal: Deep validation
ποΈ Architecture Decisions¶
Decision 1: Monorepo vs Multi-Repo¶
AudioLab: Monorepo
Rationale: - Shared dependencies (core, testing framework) - Atomic commits across modules - Easier refactoring - Single CI config
Trade-off: - Longer CI times (mitigated with path filters)
Decision 2: Self-Hosted vs Cloud Runners¶
AudioLab: Hybrid
Cloud Runners (GitHub-hosted): - Linux builds (fast, cheap) - Windows builds (basic)
Self-Hosted: - macOS builds (expensive in cloud) - Audio hardware testing (requires real devices) - GPU-accelerated tests
Decision 3: Artifact Storage¶
AudioLab: GitHub Releases + S3
GitHub Releases: - Official releases - Public download links - Changelog integration
S3: - Nightly builds - Internal testing - CDN distribution
Decision 4: Test Strategy¶
AudioLab: Pyramid
/\
/ \ E2E Tests (slow, few)
/ββββ\
/ \ Integration Tests (medium)
/ββββββββ\
/ \ Unit Tests (fast, many)
/ββββββββββββ\
CI Distribution: - PR builds: Unit tests only - Main builds: Unit + Integration - Release builds: All tests
π Metrics & Monitoring¶
Key Metrics¶
| Metric | Target | Measured How |
|---|---|---|
| Build Time | < 15 min (PR), < 30 min (main) | CI duration |
| Test Pass Rate | > 95% | Test results |
| Mean Time to Feedback | < 10 min | Push β notification |
| Pipeline Success Rate | > 90% | Successful / Total |
| Deployment Frequency | Weekly (main), On-demand (hotfix) | Release cadence |
Monitoring Dashboard¶
Track in CI/CD analytics: - Build duration trends - Flaky test detection - Resource usage (CPU, RAM) - Artifact sizes - Deployment success rates
π Security Considerations¶
1. Secrets Management¶
β NEVER in code:
β Use secrets:
2. PR Security¶
Untrusted PRs:
on:
pull_request_target: # Runs with repo secrets
types: [labeled]
jobs:
build:
if: contains(github.event.pull_request.labels.*.name, 'safe-to-test')
Rationale: Prevent secrets leak via malicious PRs
3. Artifact Signing¶
All artifacts must be signed: - Windows: Authenticode - macOS: codesign + notarization - Linux: GPG signatures
4. Dependency Scanning¶
π Related Documents¶
- ../03_05_00_pipeline_templates/TEMPLATE_PHILOSOPHY.md - Template design
- ../03_05_01_runner_configuration/RUNNER_SETUP.md - Runner configuration
- ../03_05_02_hooks_integration/HOOKS_ARCHITECTURE.md - Git hooks
- SETUP_GUIDE.md - Step-by-step setup
- ../../03_07_security_infrastructure/03_07_01_secrets_management/ - Secrets management