CI/CD reference pipeline
Purpose: A defensible pipeline for AEM: stages, quality gates, and deployment mechanics per tier.
Who this page is for
| Audience | Why it matters to you |
|---|
| All engineers | You live in this pipeline |
| Platform engineers | Builders of it |
The pipeline
PR ──▶ build & unit tests ──▶ static analysis ──▶ merge
│
release branch/tag ──▶ versioned artefact (all package) ──▶ artefact repo
│
deploy dev ──▶ smoke ──▶ deploy stage ──▶ integration+UAT+perf gates ──▶ approval ──▶ deploy prod
| Gate | Contents |
|---|
| Build | mvn verify: compile, unit tests (models/services), frontend build+lint+tests |
| Static analysis | Java (SpotBugs/PMD or Sonar), dependency CVE scan, HTL lint, dispatcher config validator |
| Post-deploy smoke (every env) | Bundles all Active, /system/health green, key pages render (author+publish), replication test |
| Stage gates | it.tests HTTP suite, a11y/Lighthouse scan, perf sanity, security spot checks |
| Prod deploy | Rolling across publishers (below), verification, tagged + announced |
Deploying a publish farm without downtime
for each publisher:
1. drain from LB (health check → out)
2. install versioned package; wait bundles Active + health green
3. targeted smoke on the instance directly
4. re-enter LB; proceed to next
author: deploy in a maintenance-tolerant window (authors pause), same verification
dispatcher: config via config-management, reload, selective cache flush only if needed
Principles
- The artefact is immutable and complete (the
all package): same zip goes to every environment; only run-mode config differs. No environment-specific builds, ever. - Anything manual (console config, packmgr upload) is drift — the pipeline is the only write path to /apps and OSGi config (config management).
- Rollback = redeploy previous artefact through the same pipeline (rollback).
- Pipeline speed is a feature: sub-15-minute dev feedback keeps trunk healthy.