[ DevOps Experience ]

Design predictable bare metal delivery pipelines

Use Bullionet as an infrastructure execution layer for your GitOps and CI/CD flows, from provisioning to rollout policy.

Back to Developer Platform Use bulli CLI

Copy-ready CI workflow

bulli init
source <(bulli env --output sh)
terraform plan -var-file=prod-fr1.tfvars
terraform apply -auto-approve -var-file=prod-fr1.tfvars
bulli server list --output json

[ Real Pipeline ]

Build a production-ready infra pipeline in under an hour

Start from a practical baseline: repo structure, CI workflow, and post-deploy verification.

Structure the infra repository

Create separate folders for reusable modules and production environments.

Define CI secrets and environment

Add BULLI_TOKEN and Terraform variables in CI, and protect production with approval.

Split plan and apply

Run plan on pull requests, then apply only on main after review.

Automate post-deploy checks

Run a verification script to confirm inventory, host state, and rollout health.

Recommended variables and safeguards

•CI secret: BULLI_TOKEN scoped to provisioning actions only.

•Protected environment: production approval required before apply.

•Post-deploy verification script required before marking pipeline green.

Minimal repository layout

infra/
  modules/
    server-group/
      main.tf
      variables.tf
  envs/
    prod-fr/
      main.tf
      prod-fr1.tfvars
scripts/
  verify.sh
.github/
  workflows/
    infra-prod.yml

Copy-ready CI workflow

name: infra-prod
on:
  pull_request:
    paths: ["infra/**"]
  push:
    branches: [main]
    paths: ["infra/**"]
  workflow_dispatch:

jobs:
  plan:
    runs-on: ubuntu-latest
    env:
      BULLI_TOKEN: $BULLI_TOKEN
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: bulli init --token "$BULLI_TOKEN"
      - run: terraform -chdir=infra/envs/prod-fr init
      - run: terraform -chdir=infra/envs/prod-fr plan -out=tfplan -var-file=prod-fr1.tfvars

  apply:
    if: github.ref == 'refs/heads/main'
    needs: plan
    runs-on: ubuntu-latest
    environment: production
    env:
      BULLI_TOKEN: $BULLI_TOKEN
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - run: bulli init --token "$BULLI_TOKEN"
      - run: terraform -chdir=infra/envs/prod-fr apply -auto-approve -var-file=prod-fr1.tfvars
      - run: ./scripts/verify.sh

Post-deploy verification script

#!/usr/bin/env bash
set -euo pipefail

bulli server list --output json | jq '.[] | {hostname,status,location}'
bulli server get --hostname api-fr1-01
bulli server get --hostname api-fr1-02
bulli server get --hostname api-fr1-03

[ Git-friendly model ]

One Git flow from infra change to production rollout

Treat infrastructure changes like product code: branch, PR, automated plan, human approval, and protected apply.

Concrete workflow example

# 1) Create branch for infra change
git checkout -b infra/prod-api-green-rollout

# 2) Update environment variables and rollout target
$EDITOR infra/envs/prod-fr/prod-fr1.tfvars
git add infra/envs/prod-fr/prod-fr1.tfvars
git commit -m "infra(prod-fr): add green API nodes for release 2026-02"
git push -u origin infra/prod-api-green-rollout

# 3) Open PR -> CI runs terraform plan (no production apply)
# 4) Review plan output + approve PR
# 5) Merge to main -> protected apply job starts with production approval

# 6) Post-deploy verification
./scripts/verify.sh

Faster delivery without ticket loops

Engineers ship infra changes through pull requests instead of waiting on fragmented handoffs.

Lower production risk

Plan runs before merge, apply is gated, and rollback targets stay explicit at every rollout step.

Audit-ready operations

Each change has a branch, commit, reviewer, and execution trace for compliance and post-incident analysis.

[ Simple DevOps Procedures ]

Three practical procedures teams can run this week

Each procedure keeps scope small, validation explicit, and rollback possible.

Release one API change with blue/green

You need to ship an API release without risking immediate production impact.

•Provision green nodes with release tags in the same location as current blue nodes.

•Run health checks (boot, SSH, app endpoint) and review results in CI.

•Approve cutover only when checks pass and rollback target remains available.

Expected result: release deployed with controlled cutover and clear rollback path.

Recover from one degraded worker

One worker node is unstable and must be replaced quickly without improvisation.

•Read source node metadata (plan, location, tags) and prepare replacement profile.

•Provision replacement node and validate readiness before traffic changes.

•Drain old node, switch traffic, and record incident summary for audit.

Expected result: degraded node replaced with minimal service disruption.

Schedule weekday batch capacity

You only need batch capacity during office hours and want predictable cost.

•Target only nodes tagged for weekday scheduling in approved project scope.

•Apply power-on at start time and power-off at end time with state checks.

•Review daily capacity and cost deltas, then flag anomalies for human review.

Expected result: predictable batch availability with controlled spend.

[ Workflow Blocks ]

Everything needed for delivery teams

Build repeatable environments and ship changes confidently across your infrastructure lifecycle.

Terraform-compatible provisioning

Create and mutate infrastructure declaratively for reproducible environments.

Git-friendly operational model

Promote changes through environments with explicit, auditable workflow steps.

Scriptable command surface

Integrate lifecycle actions in pipelines with machine-readable output.

Controlled rollout cadence

Apply progressive deployment logic and keep production changes predictable.

[ Command Kit ]

Concrete commands for CI/CD and rollout

Use these commands as building blocks in release pipelines and controlled changes.

bulli init

Initialize execution context

Set CLI context before pipeline actions.

source <(bulli env --output sh)

Inject environment variables

Load auth and project context for automation jobs.

bulli server list --output json

Validate inventory state

List servers and parse output in CI checks.

bulli server reboot --hostname edge-worker-03

Apply controlled reboot

Trigger planned restart operations in rollout windows.

bulli server reinstall --hostname edge-worker-03 --os ubuntu-24.04

Reinstall during recovery

Rebuild a node quickly from an OS baseline.

[ Pipeline Pattern ]

Provision, apply, verify, and release

Use a simple but robust sequence that maps directly to daily DevOps operations.

Example infrastructure pipeline

# prod-fr1.tfvars
# plan = \"bm.performance\"
# location = \"paris\"
# hostname_prefix = \"api-fr1\"

terraform plan -var-file=prod-fr1.tfvars
terraform apply -auto-approve -var-file=prod-fr1.tfvars
bulli server list --output json
bulli server get --hostname api-fr1-01

[ Safety Layer ]

Operate fast without losing control

Use scoped access and operational checks to keep automation safe at scale.

Scoped automation access

Limit token permissions by environment and workflow purpose.

Traceable rollout actions

Keep deployment and operational changes auditable.

Guardrails for AI and scripts

Automate aggressively while preserving clear operational boundaries.