CI/CD Pipelines
GitHub Actions-based CI/CD pipeline documentation for Burdenoff products.
Pipeline Overview
All products use GitHub Actions for continuous integration and deployment.
Standard Pipeline Stages
1. Code Quality
- Linting (ESLint, Ruff)
- Formatting check (Prettier, Black)
- Type checking (TypeScript, mypy)
2. Security Scanning
- Dependency vulnerabilities (npm audit, safety)
- Code security (bandit for Python)
- Secret scanning
- Container image scanning
3. Testing
- Unit tests
- Integration tests
- E2E tests (where applicable)
- Coverage reporting
4. Build
- Docker image build
- Multi-stage optimization
- Image tagging (git SHA, branch, latest)
5. Deploy
- Push to Azure Container Registry
- Update Kubernetes manifests
- Apply Helm charts
- Health checks
- Rollback on failure
Frontend Pipeline
name: Frontend CI/CD
on:
push:
branches: [alpha, main]
pull_request:
branches: [alpha, main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
- name: Format check
run: npm run format:check
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test -- --coverage
build:
needs: [lint, test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t app:latest .
- name: Push to ACR
run: |
az acr login --name burdenoff
docker push app:latest
Backend Pipeline (Python)
name: Backend CI/CD
on:
push:
branches: [alpha, main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Poetry
run: pip install poetry
- name: Install dependencies
run: poetry install
- name: Lint
run: |
poetry run black --check .
poetry run ruff check .
poetry run mypy src/
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Security scan
run: |
poetry run bandit -r src/
poetry run safety check
poetry run pip-audit
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:18.1-alpine
env:
POSTGRES_PASSWORD: testpass
steps:
- uses: actions/checkout@v4
- name: Run tests
run: poetry run pytest --cov
Deployment Strategies
Alpha Environment
- Automatic deployment on push to
alphabranch - No manual approval required
- Deploy to
alphaapp.[product].com
Production Environment
- Manual approval required
- Deploy from
mainbranch - Blue-green deployment
- Deploy to
app.[product].com
Secrets Management
All secrets are stored in GitHub Secrets:
AZURE_CREDENTIALSACR_USERNAMEACR_PASSWORDNPM_TOKENPYPI_TOKEN
Notifications
Pipeline notifications sent via:
- GitHub notifications
- Slack (optional)
- Email (on failure)
Rollback Procedure
If deployment fails:
- Automatic rollback to previous version
- Health checks verify rollback
- Notifications sent
- Investigation begins
Best Practices
- Keep pipelines fast (< 10 minutes)
- Fail fast on errors
- Cache dependencies
- Parallelize jobs
- Use matrix builds for multi-version testing