Why AI Deployments Break Standard CI/CD
Traditional application CI/CD assumes that if your tests pass, the new version is safe to ship. AI systems break this assumption. A model can pass unit tests while producing subtly worse outputs due to a data drift issue, a prompt change, or a dependency version bump that affects tokenization. Deploying AI safely requires an extended pipeline that validates model behavior, not just code correctness.
This guide walks through a complete CI/CD setup for AI-powered applications — from model versioning through canary deployment and automated rollback.
Pipeline Architecture Overview
A production-grade AI deployment pipeline has five stages: code validation, model validation, container build, staged deployment, and post-deploy monitoring. Each stage acts as a gate the deployment must pass before proceeding.
- Stage 1 — Code validation: lint, type-check, unit tests, integration tests
- Stage 2 — Model validation: eval suite against golden dataset, latency benchmark
- Stage 3 — Container build: Docker build, vulnerability scan, push to registry
- Stage 4 — Staged deployment: canary to 5% traffic, then 25%, then 100%
- Stage 5 — Post-deploy: automated smoke tests, metric comparison, alert rules
GitHub Actions Workflow
name: AI Service Deploy
on:
push:
branches: [main]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run eval suite
run: |
pip install -r requirements-eval.txt
python scripts/eval.py --threshold 0.85
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
build:
needs: validate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
push: true
tags: ghcr.io/org/ai-service:${{ github.sha }}
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Deploy canary
run: |
kubectl set image deployment/ai-service app=ghcr.io/org/ai-service:${{ github.sha }}
kubectl rollout status deployment/ai-serviceModel Versioning Strategy
Never deploy a model update without a version identifier attached. Use a three-part version scheme: model-name/provider-version/prompt-version. For example: gpt-4o/2024-11-20/v3. Store this in your application config, log it with every request, and make it filterable in your monitoring dashboards.
When the underlying LLM provider releases a new model version, treat it as a breaking change. Run your full eval suite against the new version before updating any environment. Many teams have been burned by GPT-3.5 to GPT-4 "upgrades" that silently changed output formats and broke downstream parsing.
Automated Rollback
Define rollback triggers before you deploy. The system should automatically revert to the previous version if any of these conditions occur within the first 30 minutes post-deploy:
- Error rate exceeds 1%
- P99 latency exceeds 5 seconds
- Faithfulness score drops below threshold
- More than 3 consecutive failed smoke tests
# Kubernetes rollback on failure
kubectl rollout undo deployment/ai-service
kubectl rollout status deployment/ai-service --timeout=120sEnvironment Promotion Strategy
Run three environments: development, staging, and production. Every model or prompt change must run through staging for at least 24 hours with shadow traffic (real production requests replayed against the staging service) before promotion. This catches behavior regressions that only appear on the long tail of real user queries.
- Development: rapid iteration, no evals required
- Staging: full eval suite, shadow traffic, 24-hour soak
- Production: canary deployment, automated rollback armed
This pipeline adds overhead but eliminates the silent degradation that plagues teams deploying AI updates casually. The investment pays for itself the first time automated rollback saves you from a 2am incident.