Most teams of up to 20 developers don't need Jenkins, TeamCity or even GitLab CI with their own runners. GitHub Actions with a well-structured pipeline covers 95% of scenarios and requires minimal upkeep.
A baseline 4-stage pipeline
- 01Lint + type-check — 30–60 seconds, fail-fast
- 02Unit tests with dependency caching
- 03Build + integration tests with Testcontainers or Playwright
- 04Deploy to staging automatically, to production via approval
Caching — the biggest win
Without npm/pnpm/Gradle cache your pipeline runs 3–5x slower. Use actions/cache with a key derived from the lockfile. For Docker builds, buildx with registry cache cuts build time from 8 minutes to 90 seconds.
Secret hygiene
- OIDC authentication with AWS/GCP instead of static keys
- Environment-protection rules — production secrets only on the main branch
- Dependencies — Dependabot + auto-merge minor bumps
- SAST via CodeQL — free for public repos, cheap for private
What saves the most time
- 01Matrix builds — parallel test runs across Node or Python versions
- 02Concurrency controls — don't run builds on stale PR commits
- 03Reusable workflows — don't copy the same steps across repos
- 04Path filters — don't run a frontend build on backend-only changes
A team that waits 25 minutes on CI stops making small commits. CI slower than 8 minutes is a process problem, not a tooling problem.
When GitHub Actions stops working
If your team grows past 50 developers and you're paying $3,000+/month for Actions, move to self-hosted runners on Hetzner or your own Kubernetes. 5–10x savings and 2–3 days to set up.