DevOps / CI-CD Engineer (GitHub Actions)

Job Title

DevOps / CI-CD Engineer (GitHub Actions)

Project Objective

The company is developing a home automation box for integrators, based on:

- A hardware box using a Raspberry Pi Compute Module

- A rebranding and extension of Home Assistant

- Custom Docker images (core + extensions)

Currently, builds and releases are done manually. The goal is to industrialize this process using GitHub

Actions, inspired by Home Assistant but tailored to this specific fork and release cycle.

Your Mission

Design, implement and document a complete CI/CD pipeline to:

1. Automatically build Docker images (multi-arch ARM/ARM64/AMD64)

2. Run tests (linting, unit tests, basic integration)

3. Version, tag and publish artifacts (Docker registry, GitHub Releases)

4. Set up a reproducible release process (dev → staging → prod) with controlled promotions

5. Secure the pipeline (secret management)

6. Transfer knowledge and train the internal team (runbooks, docs, handover)

Deliverables

A. Architecture & Design:

- Repository and build package mapping

- Workflow architecture proposal (monorepo vs multi-repo, reusable workflows, triggers)

- Multi-arch strategy: Docker Buildx + QEMU or ARM self-hosted runners

- Versioning and naming strategy (SemVer, tags, branches, release channels)

- Caching and parallelization strategy (BuildKit, matrix builds)

→ Deliverable: CI/CD architecture document (diagrams + decisions)

B. GitHub Actions Implementation:

- CI workflows: linting, unit tests, formatting checks, secret scans

- Build workflows: Docker images, wheels if needed

- Publishing workflows: pushing to registry, GitHub Releases with changelog

- Promotion workflows: manual or automatic promotion between environments

- Secrets management, branch protection, reproducibility

→ Deliverable: Workflows, scripts, config files

C. Testing & Quality:

- Minimal integration test (Home Assistant rebranded + smoke tests)

→ Deliverable: Test jobs, badges, local execution docs

D. Release Management:

- Automatic changelog generation (conventional commits)

- Tagging rules (vX.Y.Z, -beta.N, -rc.N, nightly, hotfix)

- Artifact publishing with hashes, SBOMs

→ Deliverable: Documented release process + templates

E. Documentation & Handover:

- Runbooks (how-to guides for builds, troubleshooting, releases)

- Developer onboarding materials

- Live handover session + recording

→ Deliverable: Full documentation package + training sessionMust-Have Skills

- Advanced GitHub Actions (reusable workflows, matrix builds, environments, caching, permissions)

- Docker, Buildx, BuildKit, QEMU, registries (GHCR, Docker Hub, private)

- Python 3.x

- Python packaging (wheels), pip/Poetry, and/or NPM/pnpm

- CI for Home Assistant, IoT or similar edge projects

- CI/CD security (secrets, scans, SBOM, signatures, branch policies)

- Linux (Debian/Ubuntu), Bash scripting, Makefiles

- Technical English writing and professional

Nice-to-Have Skills

- Hands-on experience with Home Assistant (core, supervisor, add-ons)

- Knowledge of Raspberry Pi Compute Module and ARM constraints

- Experience with ARM64 self-hosted runners, GitHub OIDC to cloud registry

- System image tooling (Balena, Yocto, Buildroot)

- Knowledge of Terraform / OpenTofu

- Familiarity with AWS (Lambda, IoT Core, DynamoDB, Fargate)

Collaboration & Workflow

- 1–2 onboarding sessions to understand the current architecture and constraints

- Iterative deliveries with short demos at each milestone

- All CI/CD code and scripts delivered under company repositories

- Success criteria:

• Reproducible multi-arch build via GitHub Actions in under X minutes, >95% success rate over 30 days

• Automated publication of tagged images (nightly/beta/stable) + generated changelog

• No plaintext secrets in workflows, integrated vulnerability scanning

• Complete documentation allowing internal developers to trigger a release autonomously