CI/CD for .NET Applications
Build production-grade CI/CD pipelines for .NET — from code commit to deployment with automated testing, security scanning, and quality gates.
CI/CD Pipeline Structure
A production .NET CI/CD pipeline should include: Source Control (Git with branch protection — PR reviews, status checks), Build (dotnet restore, dotnet build — verify compilation), Unit Tests (dotnet test with code coverage threshold — fail pipeline if coverage drops below 80%), Integration Tests (Testcontainers with real databases — verify data access and API contracts), Static Analysis (SonarQube for code quality, security vulnerabilities, and code smells), Container Build (multi-stage Docker build — small, secure production images), Container Scanning (Trivy for CVE detection in base images and dependencies), Staging Deployment (deploy to staging, run smoke tests against real infrastructure), and Production Deployment (blue-green or canary release with automated rollback). Use GitHub Actions for open-source projects, Azure DevOps for enterprise, or GitLab CI for self-hosted — all support .NET natively.
GitHub Actions for .NET
- Build & Test: Use actions/setup-dotnet@v4, run dotnet build/test — cache NuGet packages with actions/cache for faster builds (30-50% speedup)
- Code Coverage: Use Coverlet with dotnet test, upload to Codecov or SonarCloud — track coverage trends and enforce minimum thresholds per PR
- Multi-targeting: Build matrix with multiple .NET versions (net6.0, net8.0) and OS (ubuntu, windows, macos) — catch platform-specific issues
- Release Automation: Tag-based releases — push a tag (v1.2.3) triggers: build → test → publish NuGet package → create GitHub Release → deploy to production
- Environment Protection: Use GitHub Environments with required reviewers — staging deploys automatically, production requires manual approval
- Secrets Management: Use GitHub Secrets for connection strings, API keys — reference with ${{ secrets.SECRET_NAME }}, never log or echo