A CI/CD pipeline that only runs builds and deploys is a delivery pipeline, not a quality pipeline. The distinction matters. A quality-first pipeline treats every stage as a gate — a point where code must prove itself before moving forward.
The Pipeline Stages
Stage 1: Static Analysis (< 2 min)
Lint, type checks, and security scans. Fast, cheap, no infrastructure needed.
- name: Lint & Type Check
run: |
npm run lint
npx tsc --noEmit
Fail fast here. Don't let badly-formatted or type-unsafe code waste later stages.
Stage 2: Unit Tests (< 5 min)
Pure logic tests with no external dependencies. Coverage threshold enforced.
- name: Unit Tests
run: npm run test:unit -- --coverage
env:
COVERAGE_THRESHOLD: 80
Stage 3: Integration Tests (< 15 min)
Service-level tests against real databases and APIs in a containerised environment.
Stage 4: E2E Tests (< 20 min)
Playwright tests running against a staging environment that mirrors production.
Stage 5: Performance Budget
Lighthouse CI or k6 load tests. Block if key metrics regress beyond threshold.
Quality Gates vs. Advisory Checks
Not every check needs to block deployment. Be intentional:
| Check | Block deploy? |
|---|---|
| Lint errors | Yes |
| Unit test failures | Yes |
| Coverage drop > 5% | Yes |
| E2E failures | Yes |
| Performance regression | Warn only (initially) |
| Visual diffs | Warn only |
The Shift: From "Does It Build?" to "Does It Work?"
The cultural shift that matters most is changing the definition of a passing pipeline. A green build that skips tests is worse than a red build — it creates false confidence.
Every team member should understand what each gate tests and why it's there.
Conclusion
A quality-first pipeline is the most reliable QA engineer you'll ever hire. It works every commit, never gets tired, and never ships something it hasn't verified. Build it once, maintain it always.