CI/CD

Let’s focus on Welma Yocto Linux CI/CD infrastructure.

We made the deliberate choice to standardize the use of CI/CD across all our internal development workflows and ship it with Welma to our customers. Our CI rebuilds the entire system every weekend: manufacturing image, SDK, update artefacts, vulnerability report. By Monday morning, we have a full picture: builds and tests.

CI/CD is not optional; it’s a cornerstone of our quality strategy.

Why CI/CD matter

  • Reproducibility: a single, centralized build environment that guarantees reliable image generation.
  • Automation: artifact generation, vulnerability scans, automated tests… everything can be triggered at the end of a build.
  • Traceability: every version, image, and SDK is tracked and linked to its metadata (SBOMs, licenses, vulnerability reports…).

Why CI/CD matters even more with Yocto

Yocto means thousands of dependencies, variable build environments, long compilation times… CI/CD helps centralize builds, optimize resources, and ensure system robustness.

Welma CI/CD

Your system needs more than vendors’ Yocto layers

If you rely solely on the Yocto layers provided by your hardware vendor, you’ll get a basic starting point. However, it will lack the critical mechanisms needed to ensure security, maintainability, and long-term quality for your embedded system.

How does it work within Welma?

Welma includes complete CI/CD infrastructure, ready to be replicated in your own environment.

Modular pipeline

We’ve broken our CI into GitLab snippets, each focused on a specific task: Yocto build, SDK generation, vulnerability scanning, automated testing… These blocks can be easily reused in your own projects with parameters tailored to your setup.

Welma Yocto Linux modular CI/CD pipeline architecture

Flexible configuration

Each CI job can be customized to fit your needs:

  • Yocto version (e.g., Kirkstone, Scarthgap…)
  • Image type (headless, graphical, minimal…)
  • Hardware target (i.MX8, i.MX93, STM32MP2…)
  • Optional activation of SDK generation, vulnerability scanning, automated testing…
Welma CICD flexible configuration

Hybrid infrastructure

We use both internal servers and AWS virtual machines to parallelize builds, scans, and tests.

GitLab centralization

CI configuration is stored in a dedicated GitLab repository, separate from other repos. This repo contains manifest files that define which versions to build and which sources to use.

Artifacts & traceability

Each build produces complete artifacts:

  • Flashable images and update packages
  • Associated SDKs
  • SBOMs and license digests
  • Vulnerability reports
  • Test results (JUnit format)
Welma CICD artifact

Visualization & automation

Test results are displayed directly in GitLab, and artifacts are stored via the GitLab Package Registry. Tag-based triggers automatically generate official releases.

Welma test results stm32mp25 headless Yocto image

This system is ready-to-use with Welma. You can use our GitLab setup or adapt it to your CI (GitHub Actions, Jenkins or else). 
In a nutshell, Welma provides the CI/CD infrastructure you need for improved system robustness and quality.

Get to next section: Test bench