Modern software development has to conform to high standards. Developers rely on Continuous Integration and Continuous Delivery (CI/CD) to automate the software lifecycle. However, many developers are falling short in reaping all its benefits. Developers are often misguided due to a lack of awareness of all automations, and over-engineering specific aspects does not yield the expected outcomes.

Developers need guidance on their automation focus. A deeper understanding of the automation landscape is necessary to fully leverage the full potential of CI/CD, along with a structured framework that guides developers through these possibilities. We accomplish this by applying the concept of maturity to CI/CD practices.

In this work, we analyzed Python and Java repositories on GitHub. Through open coding and card sorting, an automation taxonomy was created to chart the automation landscape. We explore an approach that helps developers identify the most valuable automations for the current state of the project, aiming to ensure a balanced approach to different automation aspects and maximize the value of automation effort. We utilize this taxonomy in a survey and series of interviews to create a maturity model, which we validated through developer feedback on our repository analysis.

It was found that maturity has a strong positive association with key repository metrics, such as commit frequency. The majority of developers perceive the maturity model as effective and would use it to guide their CI/CD efforts.

In this paper, we investigate whether developers of artifacts on Maven Central adhere to semantic versioning. We also investigate whether there is a link between violations in semantic versioning and the popularity of the violating method. Developers can violate semantic versioning by removing or altering methods in their API, which we refer to as breaking changes. They can also violate semantic versioning by extending the API in a patch version, referred to as an illegal API extension. APIs that do not keep their promise of adhering to semantic versioning, will unexpectedly break their dependents during upgrading of dependencies.

We have found that these two types of violations do occur in practice. We find that 24% of analyzed artifacts contain breaking changes and 24% of artifacts contain illegal API extensions. Finally, we show that popularity of a method does not have an impact on breaking changes.

We conclude that semantic versioning can not always guarantee that upgrading dependencies will not lead to incompatibility. This indicates a need for developers to be more aware of the impact that violating semantic versioning has.