Skip to content
Arda Platform Documentation

Release Pipeline Analysis: Design System to Production

Date: 2026-04-10 Context: End-to-end analysis of shipping a design system component change through to production in the Arda frontend.

Full Pipeline

Section titled “Full Pipeline”
#StepTypeEst. Time
Design System (ux-prototype)
1Build/iterate component in Storybook canaryDev1-4 hrs
2Write tests, stories, VRTDev30-60 min
3Update CHANGELOG under [Unreleased]Process10 min
4Push → CI (lint, typecheck, Vitest, Storybook build, VRT)CI wait5-15 min
5Create PRProcess10 min
6Wait for peer review + approvalBlocking4-24 hrs
7Address comments, re-push, wait for re-approvalBlocking2-12 hrs
7bResolve CHANGELOG merge conflicts (manual version edits)Process0-5 min
8Merge to main → auto-publish to GitHub PackagesCI wait5-10 min
Frontend (arda-frontend-app)
9Bump @arda-cards/design-system versionProcess5 min
10Integrate component, wire up props/stateDev1-4 hrs
11Update/fix tests (Jest mocks, etc.)Dev30-60 min
12Update CHANGELOG, check version doesn’t clashProcess10-15 min
13Push → CI (lint, typecheck, tests, build)CI wait10-20 min
14Fix any CI failures, re-pushDev15-60 min
15Create PRProcess10 min
16Wait for peer review + approvalBlocking4-24 hrs
17Address comments, re-push, wait for re-approvalBlocking2-12 hrs
17bResolve CHANGELOG merge conflicts (manual version edits)Process0-5 min
18Merge to mainProcess5 min
Automated Deployment (sequential, no manual gates)
19CI passes → auto-deploy to devCI wait5-15 min
20Dev success → auto-deploy to stageCI wait5-15 min
21Stage success → auto-deploy to demo + prod (parallel)CI wait5-15 min
Post-Deploy
22Verify in dev/stage/prodQA30-60 min

Time Breakdown

Section titled “Time Breakdown”
CategoryTime
Dev work (coding, testing, fixing)4-12 hrs
CI/deploy waits~1-1.5 hrs
Process overhead (changelogs, PRs, versions, merge conflicts)~1 hr
Blocking waits (4 review gates)12-72 hrs
Total calendar time~18-87 hrs

Dev work accounts for roughly 15-25% of the total elapsed time. The remaining 75-85% is waiting.

Critically, the process overhead is fixed-cost. A 2-minute typo fix in a design system component incurs the same ~14-75 hours of pipeline overhead as a multi-day feature. The CI runs, CHANGELOG entries, version bumps, merge conflict resolution, and 4 review gates do not scale with the size of the change — they apply identically regardless.

Gate Analysis

Section titled “Gate Analysis”

Gate 1: Design System PR Review

Section titled “Gate 1: Design System PR Review”

What it catches:

  • API design issues (prop naming, composability) before they’re locked into a published package
  • Visual inconsistencies before they propagate to consuming apps
  • Breaking changes to existing consumers

Pros:

  • Design system is a shared dependency — mistakes here multiply across every consumer
  • Harder to change after publishing (semver constraints, downstream pinning)
  • VRT and Storybook stories already provide automated visual coverage

Cons:

  • Only one consumer currently (arda-frontend-app), so the “blast radius” argument is weaker today
  • Reviewing a component in isolation (Storybook) misses integration context

Possible changes:

  • Auto-merge for patch/minor when CI + VRT pass — if tests and visual regression are green, the risk of a non-breaking change is low. Reserve human review for major bumps.
  • Combine with frontend PR — review the design system change in the context of its actual integration, not in isolation. Ship both as a coordinated PR stack with one review cycle.

Gate 2: Design System Re-approval After Changes

Section titled “Gate 2: Design System Re-approval After Changes”

What it catches:

  • Ensures review comments were addressed correctly
  • Catches regressions introduced while fixing feedback

Pros:

  • Prevents “I addressed it” rubber-stamping

Cons:

  • Often trivial (variable rename, comment fix) — re-review overhead is disproportionate
  • CI already re-runs on every push, catching regressions automatically

Possible changes:

  • Use GitHub’s “dismiss stale reviews” selectively — for changes that only touch lines the reviewer flagged, allow the reviewer to approve with a comment rather than requiring a full re-review cycle.
  • Allow self-merge after addressing minor comments — if the reviewer marks comments as “nit” or “suggestion”, the author can merge after addressing without waiting for re-approval.

Gate 3: Frontend PR Review

Section titled “Gate 3: Frontend PR Review”

What it catches:

  • Integration issues (wrong props, missing state wiring, broken flows)
  • Performance regressions, accessibility gaps
  • Architectural concerns (wrong abstraction layer, coupling)

Pros:

  • This is where the actual user-facing impact lives
  • Frontend changes touch routing, state management, API integration — higher complexity than design system atoms
  • Catches issues that design system review in isolation cannot

Cons:

  • If the design system review already happened, reviewers are seeing the same component logic twice
  • Large PRs that bundle design system integration + feature work slow review down

Possible changes:

  • This is the highest-value gate — keep it, but reduce what it needs to cover. If the design system ships with comprehensive stories and VRT, the frontend reviewer only needs to verify integration, not re-review the component itself.
  • Set a review SLA (e.g., 4 business hours) to prevent multi-day stalls.

Gate 4: Frontend Re-approval After Changes

Section titled “Gate 4: Frontend Re-approval After Changes”

Same analysis as Gate 2. Same recommendations apply.

Non-Gates Worth Examining

Section titled “Non-Gates Worth Examining”

CHANGELOG + Version Management (Steps 3, 12)

Section titled “CHANGELOG + Version Management (Steps 3, 12)”

What it catches:

  • Version conflicts, missing release notes

Cost:

  • ~30 min of manual process per cross-repo change
  • Version clash debugging when two PRs race to merge

Possible changes:

  • Automate CHANGELOG generation from conventional commits. Tools like release-please or semantic-release eliminate manual version bumping and changelog writing entirely. The PR description becomes the changelog.

Cross-Repo Dependency Bump (Step 9)

Section titled “Cross-Repo Dependency Bump (Step 9)”

What it catches:

  • Nothing — it’s pure mechanical overhead

Cost:

  • A separate commit, CI run, and often a separate review cycle just to bump a version number

Possible changes:

  • Dependabot or Renovate for @arda-cards/* packages — auto-create the version bump PR when a new design system version publishes. Reduces step 9 to “approve the bot’s PR.”
  • Monorepo — eliminates the cross-repo dependency entirely. Component changes and frontend integration ship as one atomic PR. This is the nuclear option but removes Gates 1, 2, and Step 9 entirely.

Recommendations (Ordered by Impact)

Section titled “Recommendations (Ordered by Impact)”
ChangeGates RemovedTime SavedEffort to Implement
Review SLA (4 business hours)0Caps blocking time at ~16 hrsLow (policy)
Auto-merge design system patches when CI+VRT pass1 (Gate 1 for patches)4-24 hrsMedium (GitHub ruleset)
Allow self-merge after addressing nit comments2 (Gates 2 + 4)4-24 hrsLow (policy)
Automated CHANGELOG from conventional commits0~30 min + clash debuggingMedium (tooling)
Dependabot for @arda-cards/* bumps0~30 min + CI cycleLow (config)
Coordinated PR stack (review both repos together)1 (Gate 1)4-24 hrsMedium (workflow)
Monorepo3 (Gates 1, 2, Step 9)12-48 hrsHigh (migration)

Best Case vs Worst Case

Section titled “Best Case vs Worst Case”
ScenarioTodayWith Review SLA + Auto-merge Patches + Self-merge Nits
Best case (responsive reviewers, clean CI)~18 hrs~10 hrs
Typical case~40 hrs (1 week)~18 hrs (2 days)
Worst case (busy reviewers, CI failures, comment rounds)~87 hrs (2+ weeks)~36 hrs (4 days)

The deployment pipeline itself is well-automated — the bottleneck is entirely in human review latency. The biggest wins come from reducing the number of review round-trips, not from changing the deployment infrastructure.

Industry Practices for Multi-Repo Velocity

Section titled “Industry Practices for Multi-Repo Velocity”

1. Monorepo (Google, Meta, Vercel, Turborepo)

Section titled “1. Monorepo (Google, Meta, Vercel, Turborepo)”

The most common industry solution. Google, Meta, and Stripe all use monorepos. Turborepo and Nx are purpose-built for JS/TS monorepos with shared packages.

  • How it helps: Design system + frontend live in one repo. One PR, one review cycle, one merge, one deploy. Eliminates Gates 1-2, Step 9, and all cross-repo version management.
  • Trade-off: Migration cost is high. CI needs to be scope-aware (only build/test what changed). Requires tooling like Turborepo, Nx, or Bazel.
  • Who does this: Vercel (Next.js + all packages in one repo), Shopify (Polaris design system + apps), Stripe.

2. Package Versioning Automation (semantic-release, release-please)

Section titled “2. Package Versioning Automation (semantic-release, release-please)”

Used by most large open-source projects and many product teams.

  • How it helps: Eliminates manual CHANGELOG editing, version bumping, and merge conflicts on version files. Commit messages drive versioning automatically. A merge to main auto-publishes with the correct semver bump.
  • Trade-off: Requires conventional commit discipline (e.g., feat:, fix:, breaking:). Team needs to adopt commit conventions.
  • Who does this: Angular, Electron, most CNCF projects, AWS CDK.

3. Automated Dependency PRs (Renovate, Dependabot)

Section titled “3. Automated Dependency PRs (Renovate, Dependabot)”

Standard practice for any team consuming internal packages.

  • How it helps: When @arda-cards/design-system publishes a new version, a bot immediately opens a PR in arda-frontend-app with the version bump. CI runs automatically. If green, it can auto-merge or just needs a quick approval.
  • Trade-off: Minimal — this is table-stakes tooling. Only risk is auto-merging a breaking change, which CI should catch.
  • Who does this: Nearly every team using npm/GitHub Packages.

4. Stacked PRs / PR Trains (Graphite, ghstack, spr)

Section titled “4. Stacked PRs / PR Trains (Graphite, ghstack, spr)”

Used by Meta (internally), and increasingly by startups via Graphite.

  • How it helps: Instead of waiting for PR 1 (design system) to merge before starting PR 2 (frontend), you stack them. Reviewers see both in context. When PR 1 merges, PR 2 auto-rebases and is ready to merge immediately.
  • Trade-off: Requires tooling (Graphite, ghstack). GitHub’s native PR model doesn’t support stacking well.
  • Who does this: Meta (Phabricator stacks), teams using Graphite.

5. CODEOWNERS + Tiered Review (GitHub native)

Section titled “5. CODEOWNERS + Tiered Review (GitHub native)”

Common in orgs with mixed-criticality code.

  • How it helps: Not all changes need the same review rigor. CODEOWNERS can require review for src/components/ but auto-approve changes to __mocks__/ or test files. Combined with branch protection rules, low-risk changes (test fixes, version bumps, changelog) can skip human review.
  • Trade-off: Requires careful CODEOWNERS configuration. Risk of under-reviewing if categories are too broad.
  • Who does this: Most GitHub-native engineering orgs.

6. Canary Releases / Preview Deployments (Vercel, Chromatic)

Section titled “6. Canary Releases / Preview Deployments (Vercel, Chromatic)”

Already partially in place (Amplify preview deploys on PRs).

  • How it helps: Reviewers can test the actual running app from the PR, not just read code. This speeds up review quality and reduces back-and-forth. For design system changes, Chromatic provides per-PR Storybook previews with visual diffs.
  • Trade-off: Adds CI cost (build + deploy per PR). Already happening via Amplify.
  • Who does this: Vercel (automatic), Netlify, any team using Chromatic for Storybook.

7. Ship/Show/Ask Framework (Rouan Wilsenach)

Section titled “7. Ship/Show/Ask Framework (Rouan Wilsenach)”

A review policy framework adopted by ThoughtWorks and others.

  • How it helps: Not every change needs pre-merge review. Changes are categorized:
    • Ship: Merge directly (typo fixes, version bumps, test-only changes)
    • Show: Merge, then notify team for async review (low-risk refactors, adding tests)
    • Ask: Traditional PR review (new features, API changes, security-sensitive code)
  • Trade-off: Requires team trust and good CI coverage. Bad actors or insufficient tests can let bugs through.
  • Who does this: ThoughtWorks, many high-trust small teams.

8. Trunk-Based Development with Feature Flags (LaunchDarkly, Unleash)

Section titled “8. Trunk-Based Development with Feature Flags (LaunchDarkly, Unleash)”

Used by high-velocity teams that deploy continuously.

  • How it helps: Everyone commits to main behind feature flags. No long-lived branches, no merge conflicts, no stale PRs. Changes deploy immediately but are toggled off until ready. Review happens post-merge via pair programming or async code review.
  • Trade-off: Requires feature flag infrastructure. Not all changes are flag-able (design system atoms, for example). Cultural shift from PR-gated to trust-based.
  • Who does this: Google, GitHub (ship.github.com), Netflix, teams using LaunchDarkly.

What Would Move the Needle Most for Arda

Section titled “What Would Move the Needle Most for Arda”

Given the current team size (small), single consumer of the design system, and existing CI coverage:

  1. Renovate/Dependabot for @arda-cards/* — near-zero effort, immediate ROI
  2. semantic-release or release-please — eliminates CHANGELOG friction and merge conflicts
  3. Ship/Show/Ask policy — version bumps, test fixes, and CHANGELOG-only changes should Ship without review
  4. Stacked PRs (Graphite) — review design system + frontend integration together, merge sequentially
  5. Monorepo (long-term) — if the design system stays single-consumer, the separation is overhead without benefit

Copyright: © Arda Systems 2025-2026, All rights reserved