4-3 · Chapter 4 · 5 min read

Build: The Stage Where Code Becomes Something Runnable

You have just pushed your latest changes. The pipeline picks them up, checks out the code, and prepares the environment. Now what? The next step is to

Build: The Stage Where Code Becomes Something Runnable

You have just pushed your latest changes. The pipeline picks them up, checks out the code, and prepares the environment. Now what? The next step is to make sure that code can actually run somewhere. That is the build stage.

Many people new to pipelines think build is just compilation. If you write Java, you compile to bytecode. If you write Go, you compile to a binary. That is part of it, but build is broader than that. Every type of work in software delivery needs a build step, even if the output is not a binary file.

What Build Actually Means

Code as developers write it is usually not ready to run on a server. It needs to be transformed into something the target system can execute. For a Java application, that means compiling source code into bytecode and packaging it into a JAR or WAR file. For a Node.js application, build might mean running a bundler, a minifier, or a transpiler so the code is production-ready. For a Go application, build means compiling into a standalone binary.

But build is not only for application code. Databases also need a build step. SQL code, stored procedures, and database schemas need to be compiled or validated. The output is not a binary. It is a set of migration files that are ready to run against a target database in the correct order. Build for databases typically produces verified SQL commands that have been checked for syntax errors and dependency ordering.

Here is how a build stage might look in a pipeline configuration for two common application types:

build-nodejs:
  stage: build
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/

build-go:
  stage: build
  script:
    - go build -o app .
  artifacts:
    paths:
      - app

Infrastructure goes through a build process too. Terraform files, CloudFormation templates, and Ansible playbooks need syntax checking, validation, and sometimes compilation into a more deployable representation. The output of an infrastructure build might be a validated configuration file, a checked template, or even a pre-built machine image.

The common thread is this: build transforms source into something that can be verified and then used by later stages.

The diagram below summarizes how build transforms different types of source code into runnable artifacts:

flowchart TD A[Source Code] --> B{Build Stage} B --> C[Application: Binary / Package / Container Image] B --> D[Database: Verified Migration Scripts] B --> E[Infrastructure: Validated Config / Plan] C --> F[Artifact with Metadata] D --> F E --> F F --> G[Next Stage: Test & Scan]

What a Good Build Produces

A build must produce output that can be inspected. After the build finishes, you need to know three things: did it succeed, what did it produce, and does the output match expectations.

A well-structured build output includes:

An artifact that is ready to use. This could be a binary, a package, a container image, or a migration file.
A record of the version and commit that triggered this build.
Metadata such as a hash or checksum so you can verify the artifact has not changed in transit.
A clear success or failure status.

Without these, you cannot trust what the pipeline hands off to the next stage.

Build Must Be Repeatable

If you run the same build twice with the same code, you should get the same result. This is called a deterministic build. It matters because if builds are not repeatable, your team can never be sure that the artifact actually came from the code you think it came from.

Non-deterministic builds usually happen for two reasons. First, the build depends on external libraries whose versions are not locked down. One day the library updates, and suddenly your build produces a different artifact even though your code did not change. Second, the build runs in an inconsistent environment. Maybe one build agent has a different tool version than another, or some cached files are left over from a previous build.

Lock your dependencies. Pin your tool versions. Use clean build environments. These practices make your build reliable and your team confident.

Build Is the First Gate

Build is the first point in the pipeline where a decision is made: does this change get to proceed or not? If the build fails, the pipeline should stop. There is no point running tests or deploying if the artifact itself is broken.

This means build must be fast. Developers need feedback in minutes, not hours. If a build takes too long, people stop waiting for it. They move on to the next task, and when the build finally fails, they have already switched context. The feedback loop is broken.

Keep your build lean. Only do what is necessary to produce a valid artifact. Leave deeper checks for later stages. A build that runs in under five minutes gives developers the quick signal they need to fix problems while the code is still fresh in their minds.

Build for Different Types of Work

Let us look at how build works for each major area.

Applications. For compiled languages, build means compilation and packaging. For interpreted languages, build might mean dependency resolution, asset compilation, and bundling. Containerized applications add an extra step: building the container image itself becomes part of the build stage.

Databases. Build for databases means validating SQL syntax, checking that migration files are ordered correctly, and sometimes running a dry run against a copy of the schema. The output is a set of verified migration scripts that are ready to execute.

Infrastructure. Build for infrastructure means validating configuration files, checking for syntax errors, and sometimes generating a plan that shows what will change. For tools like Terraform, the build stage might include running terraform plan to produce a preview of changes.

Each type of work has its own build requirements, but the principles are the same: transform source into a verified, repeatable artifact that can be handed off to the next stage.

A Quick Build Checklist

Before you call your build stage done, check these points:

Build produces a verifiable artifact (binary, image, migration file, config)
Build is deterministic: same code, same result, every time
Build runs in under five minutes
Build fails fast and gives clear error messages
Build output includes version, commit, and checksum metadata
External dependencies are locked to specific versions
Build environment is clean and consistent across runs

What Comes Next

Once the build finishes and the artifact is ready, the pipeline moves to the next stage: checking whether that artifact actually works and is safe to deploy. That is the test and scan stage. But before you get there, make sure your build is solid. A weak build stage creates problems that every later stage has to deal with.

Build is not just compilation. It is the first real check that your code is ready to become something useful. Get it right, and the rest of the pipeline has a solid foundation to work from.