CI/CD workflows overview

Learn about the automated CI/CD workflows that streamline the development, testing, and deployment of agents on the Agentic AI platform.

​

What you’ll learn

​

CI/CD pipeline overview

The Agentic AI platform uses a comprehensive CI/CD pipeline that automates:

1. Repository Provisioning: Initial setup when cloning from template
2. Pull Request Validation: Quality checks, security scans, and testing on PRs
3. Build and Publish: Automated build and artifact publishing on merge
4. Release Management: Create release drafts and publish production releases
5. Hotfix Handling: Emergency release process for critical fixes

The workflows use reusable GitHub Actions workflows from backbase-common/gc-ai-workflows for consistency across all agent projects.

​

Reusable workflows and actions

All workflows use standardized reusable components from backbase-common/gc-ai-workflows:

​

Reusable workflows

• build-publish.yaml: Complete build, test, and publish pipeline
• pull-request-check.yaml: Comprehensive PR validation workflow

​

Reusable actions

• setup-project: Project environment setup with Python and uv
• code-quality: Code quality checks (pylint, pytest, hadolint)
• sonar-check: SonarCloud code analysis
• security-check: Trivy vulnerability scanning
• promptfoo-evaluation: LLM prompt evaluation
• promptfoo-redteaming: Security and adversarial testing
• build-docker: Docker image building
• push-docker: Docker image publishing to Azure ACR
• create-release-draft: Release draft creation with versioning
• provision-python-project: Python project template provisioning
• validate-pull-request-body: PR body validation
• check-action-pinning: GitHub Actions security validation
• resolve-metadata: Version and metadata resolution
• setup-promptfoo: Promptfoo environment setup

See the Reusable Components page for detailed documentation.

​

Workflow files location

Your agent repository defines all CI/CD workflows in the .github/workflows/ directory:

• build-publish.yaml - Build and publish artifacts on PR merge
• pull-request-check.yaml - PR validation and quality checks
• release.yaml - Production release workflow
• release-draft.yaml - Create release drafts manually
• hotfix-release-draft.yaml - Create hotfix release drafts
• repository-provisioning.yaml - Initial repository setup

These workflows use reusable workflows from backbase-common/gc-ai-workflows and follow standardized CI/CD practices.

​

Workflow stages

​

Repository provisioning

Automated setup when creating a new agent from template, including project configuration and baseline versioning.

​

Pull request validation

Comprehensive validation including:

• Code quality checks (pylint, pytest, hadolint)
• Security scanning (Trivy)
• SonarCloud analysis
• Testing (Promptfoo evaluation, Redteam)
• PR body validation

​

Build and publish

Automated build and artifact publishing triggered on PR merge, with optional quality gates for main/develop branches:

• Docker image building
• Security scanning
• Publishing to Azure Container Registry

​

Release management

• Manual release draft creation with quality checks
• Automatic hotfix release drafts
• Production release publishing with full quality gates

​

Benefits

• Automation: Reduce manual errors and speed up delivery
• Quality: Automated testing and validation at every stage
• Consistency: Standardized processes across all agent projects via reusable workflows
• Visibility: Clear feedback on build and deployment status
• Security: Integrated security scanning and quality gates

​

Next steps

• Understand the build and publish workflow
• Learn about PR validation
• Explore release management
• Repository provisioning guide
• Reusable components reference