Description

The curriculum spans the technical and operational rigor of a multi-workshop cloud migration program, addressing the same pipeline design, security, and governance challenges encountered when modernizing CI/CD for regulated, enterprise-scale systems.

Module 1: Assessing Application Readiness for Cloud-Native Delivery

Evaluate monolithic application dependencies to determine refactoring scope before enabling CI/CD pipelines.
Classify workloads by statefulness, compliance requirements, and coupling to legacy systems to prioritize migration candidates.
Conduct technical debt assessments to identify code quality issues that could block automated testing and deployment.
Map existing deployment workflows to identify manual approval gates that must be automated or formally documented.
Define service boundaries for candidate microservices based on domain-driven design principles during decomposition.
Establish performance baselines for critical transactions to validate post-migration behavior under CI/CD releases.

Module 2: Designing Cloud-Agnostic CI/CD Infrastructure

Select configuration management tools (e.g., Ansible, Terraform) that support multi-cloud provisioning with consistent state management.
Implement immutable artifact promotion across environments using versioned container images or AMIs.
Configure secure, auditable access to CI/CD tools using role-based access control integrated with enterprise identity providers.
Design pipeline concurrency limits to prevent resource exhaustion during peak deployment windows.
Integrate secrets management (e.g., HashiCorp Vault, AWS Secrets Manager) into pipeline execution contexts.
Structure pipeline-as-code repositories with branching strategies that align with release train models.

Module 3: Migrating Legacy Build and Deployment Processes

Reproduce legacy build environments in containerized agents to maintain compatibility during transition.
Translate batch deployment scripts into declarative pipeline stages with error handling and rollback triggers.
Preserve audit trails from legacy systems by forwarding deployment logs to centralized observability platforms.
Coordinate deployment freeze periods with business stakeholders during pipeline cutover.
Implement dual-run deployments to validate new pipelines against legacy outcomes for critical systems.
Decouple configuration from code by externalizing environment-specific parameters using config servers or service meshes.

Module 4: Securing Continuous Delivery in Regulated Environments

Embed static application security testing (SAST) into pull request validation with policy-controlled failure thresholds.
Enforce signed commits and artifact provenance verification using Sigstore or Notary in production pipelines.
Isolate pipelines for PCI or HIPAA workloads using dedicated runners and network segmentation.
Implement manual approval gates with multi-person authorization for production promotions in audit-compliant workflows.
Generate compliance evidence packages automatically after each deployment for regulatory review cycles.
Rotate pipeline service account credentials using automated rotation policies with dependency impact analysis.

Module 5: Managing Stateful Workloads in CI/CD Pipelines

Design database schema migration strategies that support backward-compatible changes for zero-downtime deployments.
Integrate schema linting tools into CI to prevent unsafe DDL operations from reaching production.
Coordinate application and database version co-deployment using blue-green or canary patterns.
Automate backup and restore validation for stateful services before and after deployment events.
Implement data masking in non-production environments used by CI/CD pipelines to meet privacy requirements.
Use feature flags to decouple deployment from release for functionality dependent on database changes.

Module 6: Observing and Validating Deployments in Dynamic Environments

Correlate deployment markers with metrics, logs, and traces to accelerate root cause analysis of post-deploy incidents.
Configure automated rollback based on SLO violation detection during canary analysis periods.
Integrate synthetic transaction monitoring into pipeline post-deployment stages for critical user journeys.
Define health check endpoints that reflect actual service readiness, including dependency validation.
Establish baseline performance profiles for services to detect regression in staging environments.
Route real user traffic selectively to new versions using service mesh-based traffic shifting rules.

Module 7: Governing CI/CD at Enterprise Scale

Define centralized pipeline templates with guardrails while allowing controlled customization per team.
Implement cost attribution for CI/CD infrastructure by tagging cloud resources with project and owner metadata.
Enforce pipeline validation standards through shared linting rules and pre-commit hooks.
Manage technical onboarding for new teams using standardized pipeline bootstrapping tooling.
Conduct quarterly pipeline access reviews to remove stale service accounts and permissions.
Measure deployment frequency, lead time, and failure recovery metrics across business units for operational benchmarking.

Module 8: Evolving CI/CD Post-Migration

Refactor pipelines to eliminate environment-specific logic as applications achieve cloud-native maturity.
Adopt progressive delivery frameworks (e.g., Argo Rollouts, Flagger) to standardize canary and blue-green patterns.
Integrate chaos engineering experiments into staging pipelines to validate resilience of new versions.
Optimize pipeline execution time using parallelization, caching, and selective test suite execution.
Migrate from VM-based to serverless CI/CD runners for variable workloads to reduce idle infrastructure costs.
Establish feedback loops from production incidents to trigger pipeline policy updates and test coverage improvements.