Skip to content

Commit 4426100

Browse files
committed
refactor: rewrite README as portfolio-first pipeline documentation
Lead with 5-stage pipeline architecture table and diagram instead of course submission guide. Documents key implementation decisions: GHCR tagging strategy, ESLint as hard gate, Trivy SARIF permissions, Docker Buildx requirement, and GHCR package permissions.
1 parent dc40c18 commit 4426100

1 file changed

Lines changed: 65 additions & 115 deletions

File tree

README.md

Lines changed: 65 additions & 115 deletions
Original file line numberDiff line numberDiff line change
@@ -1,127 +1,77 @@
1-
# GitHub Actions CI/CD Demo
2-
3-
This project is a demonstration of a complete Continuous Integration and Continuous Deployment (CI/CD) pipeline for a Node.js application using GitHub Actions. It showcases best practices for automating the build, test, and deployment processes, ensuring code quality and security.
4-
5-
## Features
6-
7-
- **Continuous Integration (CI):**
8-
- Automated testing on multiple Node.js versions.
9-
- Code linting and static analysis to enforce code quality.
10-
- Vulnerability scanning to identify security risks.
11-
- Test coverage reports to measure code testability.
12-
- **Continuous Deployment (CD):**
13-
- Automated deployment to staging and production environments.
14-
- Docker containerization for consistent and portable deployments.
15-
- Health checks to ensure application availability.
16-
- **Node.js Application:**
17-
- A simple Express.js application with a few API endpoints.
18-
- Unit and integration tests using Jest and Supertest.
19-
20-
## Technologies Used
21-
22-
- **Application:** Node.js, Express.js
23-
- **Testing:** Jest, Supertest
24-
- **CI/CD:** GitHub Actions
25-
- **Containerization:** Docker
26-
- **Code Quality:** ESLint
27-
- **Security:** Trivy
28-
29-
## Getting Started
30-
31-
To get a local copy up and running, follow these simple steps.
32-
33-
### Prerequisites
34-
35-
- Node.js (v18.x or later)
36-
- npm
37-
- Docker
38-
39-
### Installation
40-
41-
1. Clone the repo
42-
```sh
43-
git clone https://github.com/your_username/github-actions-cicd-demo.git
44-
```
45-
2. Install NPM packages
46-
```sh
47-
npm install
48-
```
49-
3. Run the application
50-
```sh
51-
npm start
52-
```
53-
4. Run the tests
54-
```sh
55-
npm test
56-
```
57-
58-
## CI/CD Pipeline
59-
60-
The CI/CD pipeline is defined in the `.github/workflows/cicd.yml` file and consists of the following jobs:
61-
62-
```mermaid
63-
graph TD
64-
A[Push to main/develop] --> B{Test};
65-
B --> C{Code Quality};
66-
B --> D{Security Scan};
67-
C --> E{Build};
68-
D --> E;
69-
E --> F{Deploy to Staging};
70-
F --> G{Integration Tests};
71-
G --> H{Deploy to Production};
72-
H --> I{Smoke Tests};
73-
I --> J{Notify};
74-
```
1+
# github-actions-cicd-demo
752

76-
- **Test:** Runs unit tests on multiple Node.js versions.
77-
- **Code Quality:** Performs static analysis using ESLint.
78-
- **Security Scan:** Scans for vulnerabilities using Trivy.
79-
- **Build:** Builds the Docker image and pushes it to the container registry.
80-
- **Deploy to Staging:** Deploys the application to a staging environment.
81-
- **Integration Tests:** Runs integration tests against the staging environment.
82-
- **Deploy to Production:** Deploys the application to the production environment.
83-
- **Smoke Tests:** Runs smoke tests against the production environment.
84-
- **Notify:** Sends a notification about the deployment status.
3+
> A complete CI/CD pipeline demonstrating security scanning, multi-version testing,
4+
> Docker image publishing to GHCR, and staged deployment — all built with GitHub Actions.
855
86-
## API Endpoints
6+
**Context:** This is the pipeline implementation from [devops-labs Module-3 Mini-Project 9](https://github.com/darestack/devops-labs/tree/main/Module-3/mini-project-09). Full implementation notes live there.
877

88-
| Method | Endpoint | Description |
89-
| ------ | ------------ | ------------------------------------------ |
90-
| GET | `/` | Returns a welcome message. |
91-
| POST | `/calculate` | Calculates the sum of an array of numbers. |
92-
| GET | `/health` | Returns the application status. |
8+
---
939

94-
### POST /calculate
10+
## Pipeline Stages
9511

96-
**Request Body:**
12+
| Stage | What It Does | Key Detail |
13+
|---|---|---|
14+
| `test` | Unit tests across multiple Node.js versions | Build matrix: Node 12, 14, 16 with npm dependency caching |
15+
| `code-quality` | ESLint static analysis | Configured to **fail the build** on lint errors — no `continue-on-error` |
16+
| `security` | Trivy vulnerability scan | Results uploaded as SARIF to GitHub Code Scanning |
17+
| `build` | Docker image creation | Pushes to GHCR tagged with both `branch-name` and `commit-SHA` |
18+
| `deploy` | Staged rollout | Staging deploy → integration + smoke tests → production deploy |
9719

98-
```json
99-
{
100-
"numbers": [1, 2, 3, 4, 5]
101-
}
102-
```
20+
---
10321

104-
**Response:**
22+
## Architecture
10523

106-
```json
107-
{
108-
"numbers": [1, 2, 3, 4, 5],
109-
"sum": 15,
110-
"isEven": false
111-
}
24+
```
25+
Push to main / PR opened
26+
27+
├── test (matrix: Node 12, 14, 16)
28+
│ └── npm ci (cached) → npm test → coverage report
29+
30+
├── code-quality
31+
│ └── ESLint → fails build on any error
32+
33+
├── security
34+
│ └── Trivy filesystem scan → SARIF → GitHub Code Scanning
35+
36+
├── build (depends on: test + code-quality + security)
37+
│ └── docker/setup-buildx → docker/build-push → GHCR
38+
39+
└── deploy (depends on: build)
40+
├── Staging environment deploy
41+
├── Integration tests + smoke tests
42+
└── Production deploy
11243
```
11344

114-
## Project Structure
45+
---
11546

47+
## Key Implementation Decisions
48+
49+
**GHCR image tagging:** Each image is tagged with both `latest` and the commit SHA — enabling rollback to any previous build without relying on the `latest` tag alone.
50+
51+
**ESLint as a hard gate:** Removed `continue-on-error: true` from the lint step. If ESLint finds errors, the entire pipeline stops — no broken code reaches Docker build.
52+
53+
**Trivy SARIF upload:** Required adding `security-events: write` to the job-level permissions block. Without this, the upload fails silently.
54+
55+
**Docker Buildx:** The default GitHub Actions Docker driver does not support cache export. Fixed by adding `docker/setup-buildx-action@v3` before the build step.
56+
57+
**GHCR push permissions:** `GITHUB_TOKEN` requires explicit `packages: write` in the job permissions to create new container packages.
58+
59+
---
60+
61+
## How to Run
62+
63+
```bash
64+
git clone https://github.com/darestack/github-actions-cicd-demo.git
65+
cd github-actions-cicd-demo
66+
npm ci
67+
npm test
68+
npm run lint
11669
```
117-
.
118-
├── .github/workflows/cicd.yml
119-
├── Dockerfile
120-
├── package.json
121-
├── src/
122-
│ ├── app.js
123-
│ └── utils.js
124-
└── tests/
125-
├── app.test.js
126-
└── utils.test.js
127-
```
70+
71+
Push to `main` or open a PR to trigger the full pipeline.
72+
73+
---
74+
75+
## Stack
76+
77+
`GitHub Actions` · `Docker` · `GHCR` · `Trivy` · `Node.js` · `ESLint`

0 commit comments

Comments
 (0)