Semaphore manages your build, test, and deployment workflows with pipelines, blocks, and promotions:

  • Workflows may contain multiple pipelines, e.g. one to run tests and another for deployment.
  • Blocks define what to do at each step in the pipeline.
  • Blocks run in agents that define the hardware and software environment.
  • Promotions connect different pipelines.

All configuration is specified in YAML files. The initial pipeline is always sourced from .semaphore/semaphore.yml. Additional pipelines triggered via promotions are defined in separate files.

Semaphore 2.0 concepts diagram

Blocks & Tasks#

Blocks are the building blocks of a pipeline. Each block has a task defined by one or more jobs. Jobs specify the commands to execute.

If your task contains multiple jobs, Semaphore will execute them in parallel. Each job runs in a separate, isolated machine that boots a clean environment. For example, a Tests task may define jobs for running unit and integration tests in parallel, making the task finish faster.

By default, blocks run sequentially, waiting for all tasks in the previous block to complete before continuing. However, you can also define your pipeline as a dependency graph or run blocks in parallel by defining block dependencies.

Each task can configure its own environment (including machine type), set its own environment variables, and use any predefined secrets.

For an introduction to creating blocks, tasks and jobs, refer to the getting started guide. You can also refer to the pipeline reference documentation.


Promotions are junction blocks in your workflow. Promotions are commonly used for deployment and promoting builds to different environments. A pipeline can have multiple promotions. Promoting loads an entirely new pipeline, so you can build complex pipelines using only configuration files.

To see how to manage deployments using promotions, refer to the promotions reference documentation.


Secrets are used to store and retrieve sensitive data, such as API keys, which should never be committed to source control. Semaphore securely manages sensitive data for use in blocks and tasks via encrypted environment variables or files. You can create a secret using the sem CLI and reference it in the pipeline YML definition.

To see how to define and use secrets, refer to the secrets documentation.

Agents, Machines, and Containers#

Semaphore makes sure that there are always agents ready to run all your jobs. When configuring an agent, you can select from a number of memory/CPU combinations and virtual machine (VM) operating system environments.

The Ubuntu Linux and MacOS VM environments have common build tools and programming languages pre-installed, so you can run your code without the overhead of installing numerous dependencies in every workflow. Agents provide you with full sudo access, so you can install additional software when needed.

Agents can also use custom Docker containers to run your jobs. This is an alternative to using Semaphore VMs, which gives you complete control over your CI/CD environment.

More reading: