CI/CD Systems 2026 — Deep Dive into GitHub Actions, Buildkite, CircleCI, GitLab, Jenkins, Argo, Tekton, Earthly, and Dagger

Intro — In May 2026, the CI/CD landscape looks like "GitHub Actions won"

In 2020 the CI/CD market was multipolar. Jenkins owned the enterprise, CircleCI owned startups, Travis CI was the OSS standard, and Buildkite was a niche option for advanced teams. As of May 2026 the picture has consolidated almost into one direction. GitHub Actions has effectively taken the market through network effects. If your code lives on GitHub, not using Actions takes effort. There are more than 20,000 actions in the Marketplace, and OIDC federation lets you deploy to AWS/GCP/Azure without long-lived secrets.

That said, others are not dead. Buildkite dominates the high-end of large monorepos with self-hosted agents (Shopify, Airbnb, Lyft are the standard). CircleCI keeps its lead in Apple Silicon, ARM, and GPU runners. GitLab CI/CD remains the first choice for GitLab users. The Kubernetes-native space is owned by Tekton + Argo Workflows, and Dagger is growing a new category called "programmable CI". This piece honestly traces who is using what, where, and how, as of May 2026.

Decomposing the 2026 CI/CD stack into five layers

Treating CI/CD as a single tool always makes comparisons drift. The accurate decomposition is five layers.

Trigger and workflow definition: GitHub Actions, GitLab CI, CircleCI, Buildkite, Jenkins, Tekton
Execution environment (runner / agent / executor): GitHub-hosted, ARC, RunsOn, BuildJet, Namespace, Buildkite agents, K8s Jobs
Build system: Bazel, Buck2, Pants, Nx, Turborepo, Earthly, Mill, Make, Gradle
Cache / remote execution: Bazel Remote Cache, Turborepo Remote Cache, Nx Cloud, sccache, ccache
Delivery / orchestration: Argo CD, Argo Rollouts, Spinnaker, Harness, Octopus, Flux, Vercel, Cloud Run, ECS Service

Historically a single tool tried to absorb layers 2 through 5 (Jenkins was famous for it), so everything ended up in one pot and broke together. Best practice in 2026 is separation. Use GitHub Actions for CI, Argo CD for CD, and Bazel + RBE or Turborepo Remote Cache for build acceleration — different tools per layer.

GitHub Actions has, since its 2019 GA, taken about 75% of GitHub users and over 60% of the total CI/CD market as of 2026 (JetBrains DevEcosystem 2025 Survey). The biggest reason is simply that it lives inside GitHub. No separate SaaS signup. PRs and workflows live in the same screen. 20,000 Marketplace actions are a uses: away.

Its core features as of May 2026 are:

Reusable Workflows: Use the workflow_call trigger to modularize entire workflows. A single org-level standard pipeline that 100 repos call.
Composite Actions: Bundle steps into one action. Lighter than JavaScript or Docker actions.
OIDC Federation: Exchange a GitHub OIDC token with AWS IAM, GCP Workload Identity, or Azure Federated Credentials — no cloud secrets needed.
Large Runners: 4, 8, 16, 32, 64 vCPU plus GPU options on Windows and macOS. macOS uses an M2 Pro base.
ARC (Actions Runner Controller): GitHub's official controller for dynamically launching self-hosted runners on Kubernetes.
Workflow Templates: Seed new repos in an organization with standard workflows automatically.

A real-world workflow combining OIDC federation, matrix builds, and reusable workflows looks like this.

name: deploy
on:
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  test:
    runs-on: ubuntu-latest-16-cores
    strategy:
      matrix:
        node: [20, 22]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}
          cache: 'pnpm'
      - run: pnpm install --frozen-lockfile
      - run: pnpm test

  deploy:
    needs: test
    runs-on: ubuntu-latest
    environment: production
    steps:
      - uses: actions/checkout@v4
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::123456789012:role/github-actions-deploy
          aws-region: ap-northeast-2
      - run: aws s3 sync ./dist s3://my-bucket --delete
      - run: aws cloudfront create-invalidation --distribution-id $CF_ID --paths '/*'

The crucial line is permissions.id-token: write. Only with that does a GitHub OIDC token get issued, which configure-aws-credentials then exchanges with AWS STS. There is no AWS access key anywhere. This pattern rapidly became the standard from 2024 onward, and by 2026 PAT/deploy-key based deployment has nearly disappeared from new systems.

GitHub Actions security — SHA pinning vs tag pinning, and supply-chain attacks

The September 2024 tj-actions/changed-files incident was a turning point for GitHub Actions security. A popular action was compromised and the secrets of every caller leaked. Industry standards have since consolidated:

Pin actions by commit SHA, not version tag (@v4): uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Audit non-official actions regularly via Dependabot or Renovate
Explicitly minimize permissions per workflow or job (the default is no longer read-all but an empty set)
Group secrets into environments with required approvers
Use pull_request_target with extreme care — fork PRs can reach main's secrets

As of 2026 GitHub has applied a "trusted publishers" model to actions as well. Like the OIDC-verified publisher badge on npm and PyPI, actions show publisher authentication and attached SBOMs. SLSA level 3 actions are surfaced first in the Marketplace.

Self-hosted runners — ARC, RunsOn, BuildJet, Namespace

GitHub-hosted runners are convenient but expensive. A large 8 vCPU runner costs roughly USD 0.064 per minute, and a 64 vCPU GPU runner is more than USD 0.50 per minute. Once monthly build minutes exceed 10,000, self-hosting cuts costs by more than half. As of May 2026 the options are:

ARC (Actions Runner Controller): GitHub's official. Runs a runner pool on a K8s cluster. An autoscaler watches the job queue and scales pods. The enterprise default.
RunsOn.io: Auto-provisions an EC2 spot fleet in your AWS account. Runners boot within 60 seconds, route via GitHub labels. About 1/8 the cost of GitHub-hosted, so adoption is rising fast.
BuildJet: An external SaaS. Same interface as GitHub-hosted, bare-metal ARM/Intel, accelerated caching. Roughly half the cost.
Namespace.so: A cloud specialized in container build/test. Distributed caches across regions speed up docker pull and push.

A minimal Helm config for ARC on Kubernetes looks like this.

apiVersion: actions.github.com/v1alpha1
kind: AutoscalingRunnerSet
metadata:
  name: linux-large
  namespace: arc-runners
spec:
  githubConfigUrl: https://github.com/my-org
  githubConfigSecret: github-app-secret
  minRunners: 2
  maxRunners: 80
  template:
    spec:
      containers:
        - name: runner
          image: ghcr.io/actions/actions-runner:latest
          resources:
            requests:
              cpu: '4'
              memory: 8Gi
            limits:
              cpu: '8'
              memory: 16Gi

With maxRunners: 80, a backed-up queue still caps at 80 runners, so costs cannot run away. Toss, Woowa Brothers, and LINE all run ARC on their own K8s clusters and execute hundreds of thousands of CI minutes per month at roughly 60% less than GitHub-hosted.

Buildkite — the high-end standard for large monorepos

By raw market share Buildkite is less than 1/10 of GitHub Actions, but it dominates at large engineering organizations. Shopify (6,000+ engineers), Airbnb, Lyft, and Pinterest use it as their standard. Its differentiation:

Agents run on user infrastructure (the SaaS holds only metadata and UI). Code never leaves your environment for Buildkite servers.
Dynamic pipeline generation. Rather than a static YAML, buildkite-agent pipeline upload lets a build emit new steps mid-run.
Optimized for monorepos and massively sharded execution. Only the affected packages are built and tested.
Granular retry and flake policies at the stage level.

A typical pipeline definition:

steps:
  - label: ':go: lint'
    command: make lint
    agents:
      queue: 'linux-amd64'

  - wait

  - label: ':go: test ({{matrix.shard}}/8)'
    command: make test SHARD={{matrix.shard}}
    parallelism: 8
    matrix:
      setup:
        shard: [0, 1, 2, 3, 4, 5, 6, 7]
    agents:
      queue: 'linux-amd64-large'

  - wait

  - block: 'Deploy to production?'
    branches: 'main'

  - label: ':rocket: deploy'
    command: ./deploy.sh
    concurrency: 1
    concurrency_group: 'deploy-prod'

Here parallelism: 8 shards the same command across 8 workers. block requires a human to click before proceeding. Shopify runs Buildkite pipelines with roughly 200 steps per PR that expand into about 6,000 jobs after matrix sharding. The same scale on GitHub Actions would be challenging in both cost and queueing.

CircleCI — the leader for Apple Silicon, ARM, and GPU runners

CircleCI was effectively the standard for early-2010s CI/CD, and while it has lost the general market to GitHub Actions by 2026, it remains the top choice for specialized runners.

Apple Silicon (M2 Pro / M3) macOS runners: The standard for iOS and macOS builds. Reputed to be more stable and faster than GitHub-hosted macOS.
ARM Graviton runners: Build on the same ISA as AWS Graviton, then deploy directly to ECS Fargate ARM.
GPU runners: A100/H100 options. Wraps ML training and validation pipelines inside CircleCI.
Docker Layer Cache: A first-class cache layer accelerates docker pull and build.

The config.yml structure mirrors GitHub Actions with matrices, orbs (reusable units), and shared executors, but the macOS, ARM, and GPU pools are more stable — the 2026 consensus.

GitLab CI/CD — first choice if you already use GitLab

GitLab CI/CD is not a separate tool; it is part of GitLab. A single .gitlab-ci.yml covers build, test, deploy, and security scanning. The biggest differences from GitHub Actions:

Explicit DAGs: The needs: keyword draws job dependencies as a graph.
Auto DevOps: Applies a standard pipeline automatically — SAST, DAST, container scanning, license scanning.
GitLab Runner: A first-party agent supporting Docker, K8s, Shell, and SSH executors. Drops easily into on-prem.
Pipeline Editor: A web UI to visually inspect job dependencies.

Organizations holding GitLab Premium or Ultimate have little reason to bring in an external CI. So while GitLab CI/CD trails GitHub Actions in raw share, it captures over 90% of GitLab users.

Jenkins + JCasC — still alive, but rarely chosen for new systems

Jenkins, which began in 2004 as Hudson, still leads in the raw number of CI instances worldwide in 2026. But new adoption is rare. Most installations exist because they are "already too deeply embedded to remove".

The 2026 best practices for Jenkins:

Pipeline as Code (Jenkinsfile): No more clicking through the UI to create jobs. Put a Jenkinsfile in Git.
JCasC (Jenkins Configuration as Code): Manage instance configuration itself in YAML. UI-click configuration is the enemy of disaster recovery.
Kubernetes Plugin + Pod templates: Agents are dynamic K8s pods, not static VMs.
Shared Libraries: Put Groovy libraries in a separate repo and import them across jobs.

A typical declarative Jenkinsfile:

pipeline {
  agent {
    kubernetes {
      yaml '''
        spec:
          containers:
            - name: node
              image: node:22
              command: ["sleep", "infinity"]
      '''
    }
  }
  stages {
    stage('Install') {
      steps { container('node') { sh 'npm ci' } }
    }
    stage('Test') {
      steps { container('node') { sh 'npm test' } }
    }
    stage('Deploy') {
      when { branch 'main' }
      steps { sh './deploy.sh' }
    }
  }
}

Banks, telcos, and enterprise IT subsidiaries still run Jenkins in 2026. New teams, though, start with GitHub Actions or Argo Workflows.

Tekton — the Kubernetes-native CI/CD standard

Tekton makes CI/CD a first-class citizen on Kubernetes. Everything is a K8s CRD (Custom Resource). Task, Pipeline, PipelineRun, and TaskRun are K8s resources, and the controller runs them as pods.

Tekton's position in 2026 is clear. Users rarely write Tekton YAML directly. Instead, higher-level tools that use Tekton as a backend have become the standard. Jenkins X, Red Hat OpenShift Pipelines, Google Cloud Build, and JetBrains Space all use Tekton internally. In other words, Tekton is the K8s runtime standard for CI/CD.

Argo Workflows + Events + Rollouts — the Argo ecosystem

Argo holds the largest K8s-native ecosystem. As of May 2026 there are four core projects.

Argo CD: GitOps deployment (reconciling Git into a K8s cluster).
Argo Workflows: A workflow engine on K8s (DAGs, step sequences, ML pipelines).
Argo Events: Event-to-workflow triggers (S3, Kafka, GitHub webhooks, calendar).
Argo Rollouts: A controller for canary, blue-green, and progressive deployments.

A DAG template in Argo Workflows.

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: build-test-deploy-
spec:
  entrypoint: main
  templates:
    - name: main
      dag:
        tasks:
          - name: build
            template: run-script
            arguments:
              parameters: [{name: script, value: 'make build'}]
          - name: test
            template: run-script
            dependencies: [build]
            arguments:
              parameters: [{name: script, value: 'make test'}]
          - name: deploy
            template: run-script
            dependencies: [test]
            arguments:
              parameters: [{name: script, value: 'make deploy'}]
    - name: run-script
      inputs:
        parameters:
          - name: script
      container:
        image: alpine:3.20
        command: [sh, -c]
        args: ['{{inputs.parameters.script}}']

Each task runs as its own pod for isolation. GPU nodes and high-memory nodes can be scheduled differently per task. ML training pipelines, data ETL, and nightly settlement jobs are the bread and butter of Argo Workflows.

Argo Rollouts replaces K8s Deployments with progressive delivery primitives. 5% traffic, then a metrics check, then 25%, 50%, 100% — all in one YAML. If Prometheus metrics breach a threshold, it auto-rollbacks.

Earthly and Dagger — a new category that unifies build and CI

Traditional CI calls build commands from YAML, and the build commands run via Makefiles and Dockerfiles. That split creates a familiar pain: local builds and CI builds diverge. Local is fast but CI fails. Local caches hit but CI does not.

Earthly merges Dockerfile, Makefile, and CI into a single format called Earthfile.

VERSION 0.8
FROM golang:1.23-alpine
WORKDIR /app

deps:
    COPY go.mod go.sum .
    RUN go mod download
    SAVE ARTIFACT /go/pkg/mod /pkg-cache

build:
    FROM +deps
    COPY . .
    RUN go build -o app ./cmd/server
    SAVE ARTIFACT app AS LOCAL ./build/app

test:
    FROM +build
    RUN go test ./...

docker:
    FROM alpine:3.20
    COPY +build/app /usr/local/bin/app
    ENTRYPOINT ["/usr/local/bin/app"]
    SAVE IMAGE myorg/app:latest

Whether you run earthly +docker locally or one line in a GitHub Actions workflow, the result is identical. Caching is consistent across both via BuildKit. Local and CI agree, so debugging is easy.

Dagger goes one step further. Build pipelines are not YAML but TypeScript/Go/Python code. The SDK executes containers as a graph on top of BuildKit.

import { dag, Container, Directory } from '@dagger.io/dagger'

export class Build {
  async test(source: Directory): Promise<string> {
    return dag
      .container()
      .from('node:22-alpine')
      .withMountedDirectory('/app', source)
      .withWorkdir('/app')
      .withExec(['npm', 'ci'])
      .withExec(['npm', 'test'])
      .stdout()
  }
}

CI YAML only needs one line — dagger call test --source=. — while the actual pipeline logic lives in code. CI becomes testable. In early 2026 Dagger raised a Series B, and reports surfaced of Replit, Vercel, and Anthropic running production evaluations. Market share is still small, but the direction is unambiguous.

Bazel, Buck2, Pants, and Mill — monorepo build systems

The build-system layer is independent of CI. Even on the same GitHub Actions, build time can vary 10x depending on whether you use make, npm, Bazel, or Buck2.

Bazel: Google's monorepo build system. BUILD files declare precise inputs and outputs; only affected targets rebuild. Remote Build Execution (RBE) distributes builds across a cluster. The learning curve is steep.
Buck2: Meta's Bazel replacement. Rewritten in Rust, evaluation is 2 to 5 times faster than Bazel. Open-sourced in 2023; user base grew quickly through 2026.
Pants: Built by ex-Twitter/Stripe engineers. Python and JVM friendly. The de facto standard for Python monorepos.
Mill: A Scala build system. Replaces SBT with a simpler model; share is rising fast.

A conceptual Bazel BUILD file.

load("@rules_go//go:def.bzl", "go_library", "go_test")

go_library(
    name = "server",
    srcs = ["server.go"],
    importpath = "example.com/server",
    deps = ["//pkg/db"],
)

go_test(
    name = "server_test",
    srcs = ["server_test.go"],
    embed = [":server"],
)

With these declarations Bazel knows exactly which file changes invalidate which targets. In a 10,000-file monorepo, changing 5 files rebuilds only the targets that depend on them. A 30-minute full build becomes a 30-second incremental build.

Nx, Turborepo, and sccache — build cache acceleration

Bazel and Buck2 are powerful but expensive to learn. Most JS/TS monorepos use Nx or Turborepo instead.

Nx: A monorepo tool from the Angular CLI team. JS/TS first, with plugins for Python, Java, and Go. Nx Cloud provides remote caching plus distributed execution.
Turborepo: A Rust-based monorepo builder acquired by Vercel. A simpler model than Nx; tasks declared in turbo.json. Vercel Remote Cache is free.
Bazel Remote Cache: Bazel's remote cache. Self-host on S3 or GCS, or use a SaaS like BuildBuddy or EngFlow.
sccache: Mozilla's compiler cache for C/C++/Rust. A distributed ccache.
Rust + sccache + S3: The de facto combination for Rust builds. Cuts build times to roughly a third.

A comparison across the three tools.

Tool	Language scope	Remote cache	Distributed exec	Learning curve	Monorepo size
Bazel + RBE	All languages	Self/SaaS	Yes	Steep	10,000+ files
Buck2	All languages	Bazel-compatible	Yes	Steep	10,000+ files
Nx + Nx Cloud	JS/TS core + plugins	SaaS	Yes (Cloud)	Moderate	100 to 5,000 files
Turborepo + Vercel Cache	JS/TS	SaaS (free)	Planned	Very gentle	100 to 3,000 files
sccache	C/C++/Rust	S3/GCS	No	Very gentle	Compiler cache

The 2026 trend is clear. New JS monorepos start with Turborepo, scale up to Nx Cloud when needed, and only resort to Bazel when neither suffices.

Spinnaker, Harness, Octopus, and Codefresh — enterprise CD

Argo CD has become the de facto GitOps standard, but enterprise CD is its own market.

Spinnaker: Netflix's multi-cloud CD. Was once the standard after its 2014 release; operational complexity slowed new adoption by 2026. Existing users (Netflix, Salesforce, Google) keep running it.
Harness: A commercial CD platform. Bundles ML-based canary verification, cost insights, feature flags, and security testing orchestration. After acquiring Drone CI, it absorbed CI as well.
Octopus Deploy: The Windows/.NET CD leader. Friendly to IIS, SQL Server, and Active Directory environments.
Codefresh: A SaaS layering commercial UI and admin features on top of Argo. Friendly to CNCF.

For new K8s-native workloads, Argo CD is the default; Octopus for Windows or hybrid; Harness for multi-cloud and policy-heavy estates.

Codeship, Travis CI, and Drone — gone or fading

The CI market changes fast. As of May 2026 the following are essentially no longer recommended for new systems.

Travis CI: The 2010s OSS standard. After its 2020 usage policy change, share collapsed. Rarely seen in 2026.
Codeship: Acquired by CloudBees, effectively sunset by 2021. New signups closed.
Drone CI: Acquired by Harness; Drone 2.x is in maintenance. Its successor, Gitness (Harness' open-source SCM + CI), launched but market share is minimal.

For existing users locked into these tools, drawing up a migration plan is the standard practice in 2026.

Bitrise and Codemagic — mobile-focused CI

iOS/Android builds carry constraints normal CI does not. Mandatory macOS runners, code signing, App Store and Play Store uploads, a matrix of simulators and devices. Mobile-focused CIs dominate here.

Bitrise: The largest mobile CI. M2 macOS runners, signing management, Firebase Test Lab integration.
Codemagic: Flutter-friendly. Officially recommended by the Flutter team. iOS, Android, web, and desktop builds in a single YAML.

Many organizations pair GitHub Actions for general backends with Bitrise/Codemagic for the mobile app.

TeamCity, Bamboo, and Semaphore — niche leaders

JetBrains TeamCity is strong in .NET/Java-heavy enterprise stacks and has the smoothest IDE (IntelliJ) integration. Atlassian Bamboo, bundled with Jira and Confluence, lives on at some shops, though Atlassian shifted focus to Bitbucket Pipelines from 2024. Semaphore CI is a SaaS positioned on Apple Silicon and fast boot. All have lost the general market to GitHub Actions but persist in specific contexts.

DORA metrics — where is the 2026 average

The four DORA (DevOps Research and Assessment) metrics remain industry standard in 2026.

Deployment Frequency: How often you deploy.
Lead Time for Changes: From merge to production.
Change Failure Rate: Share of deployments that cause incidents.
MTTR (Mean Time to Restore): Time to recovery after an incident.

A summary of the 2025 State of DevOps Report (released as of May 2026):

Tier	Deploy frequency	Lead time	Failure rate	Restore time
Elite	Multiple per day	Under 1 hour	0 to 5%	Under 1 hour
High	Weekly to monthly	1 day to 1 week	5 to 10%	Under 1 day
Medium	Monthly to quarterly	1 week to 1 month	10 to 15%	1 day to 1 week
Low	Quarterly or less	1 to 6 months	15%+	1 week or more

Across all respondents, Elite is around 18%, High is 30%, Medium is 35%, and Low is 17%. Elite share rose 4 points over 2024, and the largest differentiator was automated test coverage and the depth of PR-merge automation. Average build times cluster in the 8 to 15 minute band, with Elite teams often under 5 minutes.

Korea — Toss and Coupang's engineering productivity

The 2026 CI landscape at Korean big tech looks like this.

Toss: GitHub Enterprise + GitHub Actions + ARC (self-hosted). Some monorepos mix Bazel and Turborepo. Argo CD for K8s. An internal "Toss CI" abstraction sits on top of GitHub Actions.
Coupang: An engineering-productivity team runs an in-house Buildkite-like system (originally Jenkins, replaced internally). Build cache is Bazel RBE-based. Container image caches are deployed per region.
Kakao: Krew CI (internal) plus GitHub Actions. New work goes to Actions first.
Naver: GitHub Enterprise + Actions as standard. Some teams use Argo Workflows for ML pipelines.
Woowa Brothers: GitHub Actions + ARC. K8s is EKS + Argo CD.
Daangn (Karrot): GitHub Actions + Argo CD as the standard combo.

The common pattern is a three-axis stack: GitHub Actions for CI, Argo CD for CD, monorepo tools for build acceleration.

Japan — Mercari, CyberAgent, and Cookpad

Japan is also converging on GitHub Actions but with different details.

Mercari: GitHub Actions + ARC + Argo CD. Some monorepos use Bazel. A dedicated CI infrastructure team has its own org.
CyberAgent: Uses the phrase "CI culture" enough that CI/CD is talked about as a culture. GitHub Actions + GKE + Argo CD. The gaming division keeps Jenkins and Unreal Engine build jobs separately.
Cookpad: 2010s Jenkins standard, 2020s CircleCI, then migrating to GitHub Actions + ARC from 2024.
DeNA, GREE, Rakuten: Heavy Jenkins legacy, but new work goes to Actions or GitLab CI.
LINE: An internal standard of GitHub Enterprise + Actions + ARC. Some monorepos evaluate Buck2.

Japan tends to carry thicker Jenkins legacy than Korea, and migrations run longer.

GitHub Codespaces Prebuilds, Vercel Preview, Devbox, and Garden — adjacent territory

By 2026 the tools adjacent to CI/CD are inseparable from the workflow itself.

GitHub Codespaces Prebuilds: When a PR opens, a prebuilt dev container is ready. Code review shifts from "wait 30 minutes for the environment" to "enter the IDE in 30 seconds".
Vercel Preview Deployments: Every PR gets its own URL with a production-grade environment automatically deployed. Designers and PMs review before merge. The de facto pattern in the Next.js ecosystem.
Devbox (Jetpack.io): A Nix-backed reproducible dev environment tool. Guarantees the same environment in CI.
Garden.io: Auto-provisions a K8s dev environment per PR. View dev, preview, and prod as one graph.

These are not standalone CIs, but they fit inside the CI/CD workflow. The reviewer-facing pre-merge environment and the automated post-merge environment are managed in the same pipeline.

Vendor comparison — the 2026 CI/CD market at a glance

Comparing the full tool list across usage contexts:

Tool	Category	Primary use	Pricing	Self-hosted
GitHub Actions	CI/CD	GitHub users at large	Per-minute + free quota	Possible via ARC
Buildkite	CI	Large monorepos	Per-user SaaS	Agents self-hosted by design
CircleCI	CI/CD	macOS/ARM/GPU	Credit-based	Partial
GitLab CI/CD	CI/CD	GitLab users	GitLab license	Full
Jenkins	CI/CD	Existing enterprise	OSS	100% self-hosted
TeamCity	CI/CD	JetBrains/.NET	Per-user/agent	100% self-hosted
Tekton	CI/CD	K8s-native	OSS	Self-hosted on K8s
Argo Workflows	Workflow	ML/batch/CI	OSS	Self-hosted on K8s
Argo CD	CD	K8s GitOps	OSS	Self-hosted on K8s
Spinnaker	CD	Multi-cloud	OSS	Heavy ops burden
Harness	CD/CI	Enterprise unified	SaaS	Partial
Octopus	CD	Windows/.NET	License	Self-hosted possible
Bitrise	CI	Mobile	SaaS	No
Codemagic	CI	Flutter/mobile	SaaS	No
Earthly	Build	Local-CI parity	OSS + Cloud	OSS self-hosted
Dagger	Build/CI	Programmable CI	OSS + Cloud	OSS self-hosted

Tool selection does not collapse to a single axis. Team size, SCM location, monorepo or not, K8s depth, and self-hosting policy — these five axes settle the choice together.

Migration playbook — from Jenkins/Travis to GitHub Actions

When moving an existing Jenkins or Travis CI estate to GitHub Actions, the 2026 best practice is:

Inventory first: Tabulate currently running jobs, triggers, secrets, and the location of bespoke scripts.
Abstract into reusable workflows: If 100 repos share a pattern, compress into one org-level reusable workflow.
Replace secrets with OIDC: Start new workflows with OIDC federation. Stop minting PATs and access keys.
Decide on self-hosted runners: Above ~10,000 build minutes a month, evaluate ARC or RunsOn.
Migrate gradually: Do not flip everything at once. Start new jobs on Actions and leave existing jobs on Jenkins.
Verify with metrics: Measure the four DORA metrics before and after. "Feels better" is not a result; numbers are.

Most organizations span this in 1 to 2 years. Single-shot migrations almost always fail.

Closing — three principles for choosing CI/CD in 2026

To wrap up the big picture:

Separate CI and CD. When one tool tries to do everything, both halves get mediocre. CI with GitHub Actions (or Buildkite or CircleCI), CD with Argo CD, Harness, or Spinnaker.
Invest in the build system. No matter how fast your CI, if the build itself is 30 minutes, it stays 30 minutes. Bazel/Buck2/Nx/Turborepo plus remote cache is the real acceleration.
OIDC for security, SHA for pinning, least privilege for permissions. As tj-actions showed in 2024, CI is the primary target of supply-chain attacks. SHA pinning, OIDC, and least privilege are the default for new systems in 2026.

GitHub Actions has clearly taken the market, but "everyone uses GitHub Actions" is not the right takeaway. Shopify might be better off with Buildkite, ML teams with Argo Workflows, mobile teams with Bitrise, K8s-native teams with Tekton. The principle is separate the layers, pick the best tool per layer, and decide with metrics.

References

GitHub Actions Docs: docs.github.com/actions
Buildkite Docs: buildkite.com/docs
CircleCI Docs: circleci.com/docs
GitLab CI/CD Docs: docs.gitlab.com/ee/ci
Jenkins Docs: jenkins.io/doc
Tekton: tekton.dev
Argo Project: argoproj.github.io
Earthly: earthly.dev
Dagger: dagger.io
Nx: nx.dev
Turborepo: turbo.build
Bazel: bazel.build
DORA: dora.dev
Actions Runner Controller: github.com/actions/actions-runner-controller
SLSA Framework: slsa.dev