Reusable Workflows: Pipeline DRY Done Right

Pipeline duplication compounds across repos. Reusable workflows fix it without trading flexibility.

Why duplicate pipelines hurt

Per-repo pipelines drift over time. Security checks, quality gates, deployment steps diverge silently; the cost shows up as compliance findings or incidents.

• Drift. Same logic in 50 repos; the security check on repo A passes; on repo B it is six months out of date.
• Maintenance load. Updating one logic change in 50 places is unsustainable; engineers stop trying.
• One workflow source. Centrally maintained; all repos inherit; the maintenance is bounded.
• Audit win. Compliance reviewers can read one workflow file instead of 50; the audit closes faster.

Reusable patterns

• GitHub: workflow_call + composite actions.
• GitLab: include from a shared repo.
• Jenkins: shared libraries.

Versioning shared workflows

Shared workflows need explicit versioning. Pinning to tags lets consumers update on their own schedule; pinning to main ships surprises.

• Pin to tag. @v3 or similar; consumer controls when they pick up changes.
• Central bump. Workflow author publishes @v4; consumers update their pin when ready.
• Consumer PR verifies. Each consumer's pipeline runs against the new tag before merging the bump.
• Avoid @main. Pinning to main means every workflow author commit could break every consumer.

When to NOT reuse

Reuse is not free. Forcing every pipeline into the shared template produces workarounds that are worse than duplication.

• One-off pipelines. Special workloads with unusual requirements; do not force into the shared template.
• Healthy ratio. 90% reusable plus 10% custom is healthy; 100% reusable is rigid.
• Escape hatch. Consumers can opt out for specific jobs; document why and revisit annually.
• Workaround signal. If consumers stack hacks on the shared workflow, the shared workflow is wrong, not the consumer.

Antipatterns

• Copy-pasted pipelines across 50 repos. Drift; security debt.
• Pinning to @main. Surprise outages.
• Reuse forced where it does not fit. Workarounds proliferate.

What to do this week

Three moves. (1) Apply this to one pipeline first. (2) Measure deploy frequency / MTTR before/after. (3) Document the outcome so the next team starts from data.