CI - CD Separation

Fully managed JFrog Platform SaaS sites/regions
Separate JFrog Platform sites are used for different concerns
1. CI (Continuous Integration): R&D development and release lifecycle management. Building, testing and releasing (ops focus on promotion and cleanup)
2. CD (Continuous Delivery or Deployment): Operations for distribution and deploying to production (ops focus on compliance and archiving)
Each site is separately owned and managed by its respective team(s)
Using Federation to promote only production ready packages from CI to CD site or region
The sites can be in different cloud providers and regions as the federation is a JFrog feature and not related to the cloud provider
The CD site is the single source of all production environments’ binaries

Why?

Why separate CI servers and sites from CD servers and sites?

CI and CD teams often have different workflows and infrastructure needs, so separate sites let each focus on their priorities
Enforcing separation of concerns improves security by isolating build and deployment stages, reducing risk from changes or breaches
Compliance and regulatory mandates may require production environments (CD) to be operated with stricter controls than development (CI)
Geographic, organizational, or departmental boundaries might dictate separate CI and CD locations or ownership
High-frequency CI workloads can overwhelm a shared site; splitting sites ensures scalability and stability for both environments
Restricting access to CD sites minimizes the risk of unauthorized or accidental production releases
Keeping production binaries solely in the CD site improves auditability and simplifies compliance

Architecture

The following is a schematic high level architecture of such a topology with two organizations having a dedicated CI JPD each, federating production releases to a common CD site.