Modern CI/CD Starter Kit
Fast, maintainable CI/CD for a new codebase — GitHub Actions as the orchestrator, turbo/Nx for build caching, and drop-in fast runners to cut pipeline minutes.
The Stack
GitHub Actions
— CI/CD orchestratorNative to GitHub repos, huge marketplace of reusable actions, free for public repos and generous for private. Baseline for all other tools in this stack.
Alternatives: circleci, buildkite, tekton
Depot
— Managed fast CI runners (AWS-native) optionalUp to 10x faster builds via persistent layer caching and NVMe-backed runners. Transparent pricing per minute — typically 50–70% cheaper than GitHub-hosted runners for heavy workloads.
Alternatives: blacksmith, buildkite
Blacksmith
— Managed fast CI runners (GitHub Actions drop-in) optionalDrop-in GitHub Actions runner replacement. Persistent Docker layer caching and fast NVMe SSD. Zero pipeline YAML changes needed. Good alternative to Depot.
Turborepo
— Monorepo build cache and task orchestration optionalCaches build/test outputs locally and remotely. Only re-runs tasks affected by changed code. Cuts CI time by 60–80% in JS/TS monorepos.
Alternatives: nx, earthly
Nx
— Monorepo build system (broader language support) optionalCovers JS, Python, Java, Go, and more. Nx Cloud provides hosted remote cache. More opinionated than Turborepo with first-class task graph visualization.
Dagger
— Pipeline-as-code engine optionalDefine CI steps in Go, Python, or TypeScript instead of YAML. Run the exact same pipeline locally as in CI. Prevents 'works on my machine' CI drift.
Alternatives: earthly, tekton
Earthly
— Dockerfile-style build language optionalCombines Makefile and Dockerfile syntax for reproducible builds. Strong caching, parallel execution, and easy local CI replication. Good for polyglot repos.
Buildkite
— Self-hosted CI orchestrator (enterprise path) optionalRuns agents on your own infrastructure for security-sensitive workloads. No source code leaves your network. Better audit trail than GitHub Actions for compliance.
Gotchas
- ⚠️ GitHub Actions concurrency limits (20 concurrent jobs on free, 60 on Team) will become a bottleneck before you expect. Plan your parallelism strategy early and consider fast runners before hitting the wall.
- ⚠️ Turborepo remote cache is free when self-hosted but requires an S3-compatible store and a cache server. Vercel's hosted cache is paid. Nx Cloud has a free tier but locks advanced features behind a subscription.
- ⚠️ Dagger's API is still evolving rapidly (breaking changes between minor versions). Pin SDK versions in your pipeline definitions and test upgrades in a branch first.
- ⚠️ Fast runner services (Depot, Blacksmith) charge per compute-minute. An accidental infinite loop or runaway matrix job can generate a large bill in minutes. Set job-level timeout limits in every workflow file.
- ⚠️ Do not store secrets in workflow environment variables — use GitHub Encrypted Secrets or a secrets manager (Vault, AWS Secrets Manager) referenced at runtime. Leaked secrets in logs are a common incident source.
Related Stacks
Kubernetes Platform Foundation
Core tooling for an internal Kubernetes platform team — GitOps delivery, policy enforcement, secret management, cluster autoscaling, and backup.
Modern Full-Stack Observability
Cover logs, metrics, traces, and RUM for production engineering teams — with both a cost-efficient OSS path and a premium managed path.