|
1 | | -# GitHub Actions CI/CD Demo |
2 | | - |
3 | | -This project is a demonstration of a complete Continuous Integration and Continuous Deployment (CI/CD) pipeline for a Node.js application using GitHub Actions. It showcases best practices for automating the build, test, and deployment processes, ensuring code quality and security. |
4 | | - |
5 | | -## Features |
6 | | - |
7 | | -- **Continuous Integration (CI):** |
8 | | - - Automated testing on multiple Node.js versions. |
9 | | - - Code linting and static analysis to enforce code quality. |
10 | | - - Vulnerability scanning to identify security risks. |
11 | | - - Test coverage reports to measure code testability. |
12 | | -- **Continuous Deployment (CD):** |
13 | | - - Automated deployment to staging and production environments. |
14 | | - - Docker containerization for consistent and portable deployments. |
15 | | - - Health checks to ensure application availability. |
16 | | -- **Node.js Application:** |
17 | | - - A simple Express.js application with a few API endpoints. |
18 | | - - Unit and integration tests using Jest and Supertest. |
19 | | - |
20 | | -## Technologies Used |
21 | | - |
22 | | -- **Application:** Node.js, Express.js |
23 | | -- **Testing:** Jest, Supertest |
24 | | -- **CI/CD:** GitHub Actions |
25 | | -- **Containerization:** Docker |
26 | | -- **Code Quality:** ESLint |
27 | | -- **Security:** Trivy |
28 | | - |
29 | | -## Getting Started |
30 | | - |
31 | | -To get a local copy up and running, follow these simple steps. |
32 | | - |
33 | | -### Prerequisites |
34 | | - |
35 | | -- Node.js (v18.x or later) |
36 | | -- npm |
37 | | -- Docker |
38 | | - |
39 | | -### Installation |
40 | | - |
41 | | -1. Clone the repo |
42 | | - ```sh |
43 | | - git clone https://github.com/your_username/github-actions-cicd-demo.git |
44 | | - ``` |
45 | | -2. Install NPM packages |
46 | | - ```sh |
47 | | - npm install |
48 | | - ``` |
49 | | -3. Run the application |
50 | | - ```sh |
51 | | - npm start |
52 | | - ``` |
53 | | -4. Run the tests |
54 | | - ```sh |
55 | | - npm test |
56 | | - ``` |
57 | | - |
58 | | -## CI/CD Pipeline |
59 | | - |
60 | | -The CI/CD pipeline is defined in the `.github/workflows/cicd.yml` file and consists of the following jobs: |
61 | | - |
62 | | -```mermaid |
63 | | -graph TD |
64 | | - A[Push to main/develop] --> B{Test}; |
65 | | - B --> C{Code Quality}; |
66 | | - B --> D{Security Scan}; |
67 | | - C --> E{Build}; |
68 | | - D --> E; |
69 | | - E --> F{Deploy to Staging}; |
70 | | - F --> G{Integration Tests}; |
71 | | - G --> H{Deploy to Production}; |
72 | | - H --> I{Smoke Tests}; |
73 | | - I --> J{Notify}; |
74 | | -``` |
| 1 | +# github-actions-cicd-demo |
75 | 2 |
|
76 | | -- **Test:** Runs unit tests on multiple Node.js versions. |
77 | | -- **Code Quality:** Performs static analysis using ESLint. |
78 | | -- **Security Scan:** Scans for vulnerabilities using Trivy. |
79 | | -- **Build:** Builds the Docker image and pushes it to the container registry. |
80 | | -- **Deploy to Staging:** Deploys the application to a staging environment. |
81 | | -- **Integration Tests:** Runs integration tests against the staging environment. |
82 | | -- **Deploy to Production:** Deploys the application to the production environment. |
83 | | -- **Smoke Tests:** Runs smoke tests against the production environment. |
84 | | -- **Notify:** Sends a notification about the deployment status. |
| 3 | +> A complete CI/CD pipeline demonstrating security scanning, multi-version testing, |
| 4 | +> Docker image publishing to GHCR, and staged deployment — all built with GitHub Actions. |
85 | 5 |
|
86 | | -## API Endpoints |
| 6 | +**Context:** This is the pipeline implementation from [devops-labs Module-3 Mini-Project 9](https://github.com/darestack/devops-labs/tree/main/Module-3/mini-project-09). Full implementation notes live there. |
87 | 7 |
|
88 | | -| Method | Endpoint | Description | |
89 | | -| ------ | ------------ | ------------------------------------------ | |
90 | | -| GET | `/` | Returns a welcome message. | |
91 | | -| POST | `/calculate` | Calculates the sum of an array of numbers. | |
92 | | -| GET | `/health` | Returns the application status. | |
| 8 | +--- |
93 | 9 |
|
94 | | -### POST /calculate |
| 10 | +## Pipeline Stages |
95 | 11 |
|
96 | | -**Request Body:** |
| 12 | +| Stage | What It Does | Key Detail | |
| 13 | +|---|---|---| |
| 14 | +| `test` | Unit tests across multiple Node.js versions | Build matrix: Node 12, 14, 16 with npm dependency caching | |
| 15 | +| `code-quality` | ESLint static analysis | Configured to **fail the build** on lint errors — no `continue-on-error` | |
| 16 | +| `security` | Trivy vulnerability scan | Results uploaded as SARIF to GitHub Code Scanning | |
| 17 | +| `build` | Docker image creation | Pushes to GHCR tagged with both `branch-name` and `commit-SHA` | |
| 18 | +| `deploy` | Staged rollout | Staging deploy → integration + smoke tests → production deploy | |
97 | 19 |
|
98 | | -```json |
99 | | -{ |
100 | | - "numbers": [1, 2, 3, 4, 5] |
101 | | -} |
102 | | -``` |
| 20 | +--- |
103 | 21 |
|
104 | | -**Response:** |
| 22 | +## Architecture |
105 | 23 |
|
106 | | -```json |
107 | | -{ |
108 | | - "numbers": [1, 2, 3, 4, 5], |
109 | | - "sum": 15, |
110 | | - "isEven": false |
111 | | -} |
| 24 | +``` |
| 25 | +Push to main / PR opened |
| 26 | + │ |
| 27 | + ├── test (matrix: Node 12, 14, 16) |
| 28 | + │ └── npm ci (cached) → npm test → coverage report |
| 29 | + │ |
| 30 | + ├── code-quality |
| 31 | + │ └── ESLint → fails build on any error |
| 32 | + │ |
| 33 | + ├── security |
| 34 | + │ └── Trivy filesystem scan → SARIF → GitHub Code Scanning |
| 35 | + │ |
| 36 | + ├── build (depends on: test + code-quality + security) |
| 37 | + │ └── docker/setup-buildx → docker/build-push → GHCR |
| 38 | + │ |
| 39 | + └── deploy (depends on: build) |
| 40 | + ├── Staging environment deploy |
| 41 | + ├── Integration tests + smoke tests |
| 42 | + └── Production deploy |
112 | 43 | ``` |
113 | 44 |
|
114 | | -## Project Structure |
| 45 | +--- |
115 | 46 |
|
| 47 | +## Key Implementation Decisions |
| 48 | + |
| 49 | +**GHCR image tagging:** Each image is tagged with both `latest` and the commit SHA — enabling rollback to any previous build without relying on the `latest` tag alone. |
| 50 | + |
| 51 | +**ESLint as a hard gate:** Removed `continue-on-error: true` from the lint step. If ESLint finds errors, the entire pipeline stops — no broken code reaches Docker build. |
| 52 | + |
| 53 | +**Trivy SARIF upload:** Required adding `security-events: write` to the job-level permissions block. Without this, the upload fails silently. |
| 54 | + |
| 55 | +**Docker Buildx:** The default GitHub Actions Docker driver does not support cache export. Fixed by adding `docker/setup-buildx-action@v3` before the build step. |
| 56 | + |
| 57 | +**GHCR push permissions:** `GITHUB_TOKEN` requires explicit `packages: write` in the job permissions to create new container packages. |
| 58 | + |
| 59 | +--- |
| 60 | + |
| 61 | +## How to Run |
| 62 | + |
| 63 | +```bash |
| 64 | +git clone https://github.com/darestack/github-actions-cicd-demo.git |
| 65 | +cd github-actions-cicd-demo |
| 66 | +npm ci |
| 67 | +npm test |
| 68 | +npm run lint |
116 | 69 | ``` |
117 | | -. |
118 | | -├── .github/workflows/cicd.yml |
119 | | -├── Dockerfile |
120 | | -├── package.json |
121 | | -├── src/ |
122 | | -│ ├── app.js |
123 | | -│ └── utils.js |
124 | | -└── tests/ |
125 | | - ├── app.test.js |
126 | | - └── utils.test.js |
127 | | -``` |
| 70 | + |
| 71 | +Push to `main` or open a PR to trigger the full pipeline. |
| 72 | + |
| 73 | +--- |
| 74 | + |
| 75 | +## Stack |
| 76 | + |
| 77 | +`GitHub Actions` · `Docker` · `GHCR` · `Trivy` · `Node.js` · `ESLint` |
0 commit comments