Skip to content

Commit c2d1a93

Browse files
committed
Align README with CI workflow
1 parent 4426100 commit c2d1a93

1 file changed

Lines changed: 17 additions & 12 deletions

File tree

README.md

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
# github-actions-cicd-demo
22

3-
> A complete CI/CD pipeline demonstrating security scanning, multi-version testing,
4-
> Docker image publishing to GHCR, and staged deployment — all built with GitHub Actions.
3+
> Node.js CI/CD lab demonstrating matrix tests, linting, Trivy SARIF upload, Docker Buildx, GHCR publishing, and simulated staged deploys with GitHub Actions.
54
65
**Context:** This is the pipeline implementation from [devops-labs Module-3 Mini-Project 9](https://github.com/darestack/devops-labs/tree/main/Module-3/mini-project-09). Full implementation notes live there.
76

@@ -11,11 +10,11 @@
1110

1211
| Stage | What It Does | Key Detail |
1312
|---|---|---|
14-
| `test` | Unit tests across multiple Node.js versions | Build matrix: Node 12, 14, 16 with npm dependency caching |
15-
| `code-quality` | ESLint static analysis | Configured to **fail the build** on lint errors — no `continue-on-error` |
13+
| `test` | Unit tests across multiple Node.js versions | Build matrix: Node 18 and 20 with npm dependency caching. This job also runs the hard lint gate. |
14+
| `code-quality` | ESLint SARIF upload | Publishes lint annotations to GitHub Code Scanning. The hard lint gate lives in the `test` job. |
1615
| `security` | Trivy vulnerability scan | Results uploaded as SARIF to GitHub Code Scanning |
1716
| `build` | Docker image creation | Pushes to GHCR tagged with both `branch-name` and `commit-SHA` |
18-
| `deploy` | Staged rollout | Staging deploy → integration + smoke tests → production deploy |
17+
| `deploy` | Simulated staged rollout | Staging deploy logs -> integration/smoke-test placeholder -> production deploy logs |
1918

2019
---
2120

@@ -24,11 +23,11 @@
2423
```
2524
Push to main / PR opened
2625
27-
├── test (matrix: Node 12, 14, 16)
28-
│ └── npm ci (cached) → npm test → coverage report
26+
├── test (matrix: Node 18, 20)
27+
│ └── npm ci (cached) → npm run lint → npm test → coverage report
2928
3029
├── code-quality
31-
│ └── ESLint → fails build on any error
30+
│ └── ESLint SARIF → GitHub Code Scanning annotations
3231
3332
├── security
3433
│ └── Trivy filesystem scan → SARIF → GitHub Code Scanning
@@ -37,8 +36,8 @@ Push to main / PR opened
3736
│ └── docker/setup-buildx → docker/build-push → GHCR
3837
3938
└── deploy (depends on: build)
40-
├── Staging environment deploy
41-
├── Integration tests + smoke tests
39+
├── Simulated staging deploy
40+
├── Placeholder integration + smoke tests
4241
└── Production deploy
4342
```
4443

@@ -48,13 +47,13 @@ Push to main / PR opened
4847

4948
**GHCR image tagging:** Each image is tagged with both `latest` and the commit SHA — enabling rollback to any previous build without relying on the `latest` tag alone.
5049

51-
**ESLint as a hard gate:** Removed `continue-on-error: true` from the lint step. If ESLint finds errors, the entire pipeline stops — no broken code reaches Docker build.
50+
**ESLint as a hard gate:** The matrix `test` job runs `npm run lint` before tests. The separate `code-quality` job keeps `continue-on-error` for SARIF upload so annotations can still be published for review.
5251

5352
**Trivy SARIF upload:** Required adding `security-events: write` to the job-level permissions block. Without this, the upload fails silently.
5453

5554
**Docker Buildx:** The default GitHub Actions Docker driver does not support cache export. Fixed by adding `docker/setup-buildx-action@v3` before the build step.
5655

57-
**GHCR push permissions:** `GITHUB_TOKEN` requires explicit `packages: write` in the job permissions to create new container packages.
56+
**GHCR push permissions:** `GITHUB_TOKEN` requires explicit `packages: write` in the build job permissions to create new container packages.
5857

5958
---
6059

@@ -72,6 +71,12 @@ Push to `main` or open a PR to trigger the full pipeline.
7271

7372
---
7473

74+
## Current Boundary
75+
76+
The staging and production deploy jobs are intentionally simulated in this lab. They show environment flow and dependency ordering, but they do not deploy to a real target yet. To make this a production deployment project, replace the `echo` deployment steps with a real target such as EC2, ECS, Kubernetes, or a PaaS and add deployment logs.
77+
78+
---
79+
7580
## Stack
7681

7782
`GitHub Actions` · `Docker` · `GHCR` · `Trivy` · `Node.js` · `ESLint`

0 commit comments

Comments
 (0)