When working with data in the pharma industry, it is essential to balance efficiency and compliance. 

By leveraging Git and utilizing good practices, we can implement a continuous integration/continuous delivery (CI/CD) pipeline that automates processes and complies with the Good Software Engineering Practices (GESP) GxP such as traceability and audits that are required for submissions to the FDA and other regulatory authorities.

Watch the Recording

Why Git Matters in Regulated Environments 

Git is more than just a version control system (VCS), it is a critical component for managing code, ensuring compliance in regulated industries, and enabling automation to support efficient workflows. Git supports essential GxP compliance by providing a clear record of changes and it serves as the foundation for automated processes in CI/CD pipelines. It provides:

• Traceability: Every change is documented with metadata such as author and timestamp, which creates a robust audit trail for regulators.
• Collaboration: Git manages changes, resolves conflicts, and ensures that teams have a shared understanding of the codebase.
• Reversibility: It is easy to roll back to a previous version, which mitigates risks associated with errors or unwanted changes.

Software development that doesn’t use a VCS will face significant challenges, such as difficulty in tracking changes, complicated rollback processes, inability to recover deleted files, and unclear roles for accountability.

Curious about the best version control approach for pharma? Explore Gitflow vs. Trunk-based Development in our blog. 

Best Practices for Git Workflows

To maximize Git’s potential while meeting compliance requirements, we suggest the following practices:

Start with a Structured Workflow

• Make changes using a reliable code editor or integrated development environment (IDE).
• Stage specific changes to snapshot only what is necessary.
• Commit those changes with a clear and concise message.

Leverage Pre-commit Git Hooks (automation)

A pre-commit script is triggered every time you run git commit, but before Git asks the developer for a commit message or generates a commit object. Pre-commit hooks validate changes before they are saved to catch errors early. Examples of hooks include scripts that:

• Detect YAML syntax issues.
• Remove unnecessary trailing whitespaces.
• Validate code for specific standards (e.g., R language compliance).

By automating quality checks, pre-commit git hooks help maintain high standards and reduce the risk of non-compliance during FDA submissions.

Confused about software development best practices for FDA submissions? Check out the 7 essential software engineering practices to make it easier.

Craft Meaningful Commit Messages

We always suggest everyone on the team uses the existing convention called Conventional Commits. It is a well-defined standard for structuring commit messages and by adhering to it, teams can ensure consistency, improve readability, and unlock automation benefits like changelog generation or CI/CD integration. The main conventions are:

• Each commit should represent only one single logical change to ensure clarity.
• Write concise messages, ideally under 50 characters.
• Use the imperative mood (e.g., “fix” instead of “fixed”).
• Follow a standardized structure, such as <type>[optional scope]: <description> (e.g., fix(auth): resolve empty credentials error).

These conventions improve traceability and also enable automations. For example, tools like automatic changelog generators can parse commit messages that follow the Conventional Commits format, creating clear and consistent release notes.

With consistent syntax, you can also connect other automated tools to your CI/CD pipelines. For example, a commit message can trigger specific pipeline actions, such as running tests or deployments for particular types of changes.

Regulatory audits also benefit from clear and consistent structuring of commit messages, by ensuring compliance is easily demonstrable and reducing the effort needed to produce required documentation.

Did you know GxP validation begins with setting clear project goals? Learn more in our latest blog post.

The Role of CI/CD in Compliance and Efficiency

What is Continuous Integration?

Continuous Integration (CI) frequently merges code changes into a VCS. It automatically creates a build and runs tests to check that the new code changes don’t break the existing codebase.

Key benefits of CI include:

• Early detection of bugs.
• Consistent integration of new code.
• Increased team productivity by automating routine tasks.
• Reduced effort of manual testing.
• Timely feedback to developers.

What is Continuous Delivery?

Continuous Delivery (CD) works with CI to ensure that the integrated code is deployable at any time by automating the delivery process up to a staging or production environment. With CD, you can deploy updates frequently and with confidence, knowing that automated tests and quality checks have validated the changes.

Key benefits of CD include:

• Faster delivery of features to production.
• Reduced deployment risks due to smaller, incremental updates.
• Increased ability to adapt to business needs or changes quickly.

The CI/CD pipeline automates and streamlines the entire software development lifecycle to ensure faster, more reliable, and compliant software delivery. It offers these key benefits:

• Early Issue Detection: Tests that are integrated into the CI/CD workflow immediately validate changes to identify any issues. It ensures that the software meets the required quality standards before it reaches production.
• Streamlined Compliance: It also streamlines the preparation of documentation and reports required for regulatory and FDA submissions, ensuring compliance and GxP standards are met efficiently and with greater ease.
• Error Reduction: CI/CD minimizes the risk of human error and ensures consistent results.

Want to simplify GxP compliance? See how good automated testing can make all the difference in software development.

Good Automation Practices

Automation in CI/CD pipelines not only saves time but also ensures consistency, quality, and GxP compliance. By applying structured processes and avoiding redundancies, you can streamline development while reducing manual errors.

A Good CI/CD Pipeline Structure

• Modularize Your Pipelines: Divide pipelines into logical stages, such as build, test, and deploy. This approach simplifies troubleshooting and ensures each stage clearly serves a specific purpose.
• Trigger: Define events that initiate the pipeline, such as code pushes or pull requests. Allow for manual triggers when necessary to accommodate unique scenarios.
• Pipeline Execution: Automate stages like building, testing, and deploying code. Breaking these into distinct stages enhances clarity and organization.
• Outcome (Good or Bad): Clearly indicate whether pipelines pass or fail, and send notifications for any errors to ensure swift resolution.

We Need to DRY (Don’t Repeat Yourself) it Out

It is bad programming practice to copy and paste the same pipeline into multiple repositories. Instead, create pipeline templates and centralize them into a repository to be utilized and to maintain consistency across your projects.

Summary

When implementing Git workflows and CI/CD pipelines, the key is to balance efficiency and compliance. Structured commit messages, automation practices like pre-commit git hooks, and well-designed CI/CD pipelines are tools that will ensure your projects are GxP-validated and compliant. They simplify traceability, improve quality, and make processes for FDA submissions and regulatory audits more manageable.

As experienced specialists in creating platforms for data science in highly regulated industries, let us help you to design a CI/CD pipeline tailored to your needs.

Did you find this blog post useful? Download our GxP Compliance Definition of Done checklist for pharma teams