Full CI/CD Pipeline
๐ฅ Vibe Prompt
"Create a complete multi-stage CI/CD pipeline: test โ build โ push โ staging deploy โ DAST scan โ production deploy with rollback."
name: Full CI/CD Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '20', cache: 'npm' }
- run: npm ci && npm run lint && npm test
build:
needs: test
runs-on: ubuntu-latest
permissions: { contents: read, packages: write }
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.ref == 'refs/heads/main' }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
deploy:
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: azure/setup-kubectl@v4
- uses: azure/k8s-set-context@v4
with: { kubeconfig: ${{ secrets.KUBECONFIG }} }
- name: Deploy
run: |
kubectl set image deployment/my-app app=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} --record
kubectl rollout status deployment/my-app --timeout=5m || \
(kubectl rollout undo deployment/my-app && exit 1)
CI/CD Course Complete! ๐
- โ GitHub Actions
- โ Docker Build & Push
- โ Zero-downtime Deploy
- โ Rollback
- โ Full Pipeline
Chapter Summary
- Understand core concepts and principles
- Master implementation methods and techniques
- Familiar with common issues and solutions
- Able to apply in real projects
Further Reading
- Official documentation and API references
- Open source examples on GitHub
- Technical books and online courses
- Community discussions and tech blogs
Implementation Example
Basic Example
# This section provides a complete implementation example
Steps
- Setup: Configure development environment
- Data: Prepare required data
- Implementation: Build core functionality
- Testing: Verify correctness
- Optimization: Improve performance
Common Errors
| Error Type | Cause | Solution | |------------|-------|----------| | Compilation | Syntax | Check code syntax | | Runtime | Environment | Verify dependencies installed | | Logic | Algorithm | Step-by-step debugging | | Performance | Efficiency | Use profilers |
Code Example
import sys
def main():
print("Hello, World!")
if __name__ == "__main__":
main()
References
- Official documentation
- API reference
- Open source examples
- Community discussions
Complete CI/CD Pipeline Architecture
Developer pushes to main
โ
GitHub Actions triggers
โ
Job 1: Lint
โ need: [lint]
Job 2: Test (matrix: Node 18, 20, 22)
โ need: [test]
Job 3: Build & Docker Push
โ need: [build]
Job 4: Deploy to Staging
โ (manual approval)
Job 5: Deploy to Production
โ
Job 6: Smoke Test
โ
โ
Done
Full Pipeline YAML
name: Full CI/CD Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch: # Manual trigger
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run lint
test:
needs: [lint]
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18, 20]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci
- run: npm test
- name: Upload coverage
uses: codecov/codecov-action@v3
build-and-push:
needs: [test]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: type=sha,prefix=
- uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-staging:
needs: [build-and-push]
runs-on: ubuntu-latest
environment: staging
steps:
- name: Deploy to staging
run: |
echo "Deploying ${{ steps.meta.outputs.tags }} to staging..."
# Deploy to staging environment
curl -X POST https://staging-api.example.com/deploy \
-H "Authorization: Bearer ${{ secrets.DEPLOY_TOKEN }}"
deploy-production:
needs: [deploy-staging]
runs-on: ubuntu-latest
environment: production
steps:
- name: Manual approval gate
run: echo "Waiting for manual approval..."
- name: Deploy to production
run: |
echo "Deploying to production..."
./scripts/deploy.sh
smoke-test:
needs: [deploy-production]
runs-on: ubuntu-latest
steps:
- name: Smoke test
run: |
for i in $(seq 1 10); do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://myapp.com/health)
if [ "$STATUS" = "200" ]; then
echo "Smoke test passed"
exit 0
fi
sleep 5
done
echo "Smoke test failed"
exit 1
Environment Protection Rules
# In repository Settings โ Environments โ production
# Required reviewers: 1
# Wait timer: 5 minutes
# Deployment branches: main
Environment protection ensures:
- Deployments to production require manual approval
- Only the main branch can deploy to production
- A 5-minute wait timer prevents rapid-fire deployments
Pipeline Optimization
| Technique | Impact | |-----------|--------| | Cache npm dependencies | 30-60s faster per job | | Parallel test matrix | 2-3x faster (Node 18 + 20 run together) | | Docker layer caching | 50-80% faster builds | | Only build on main | Saves time on feature branch pushes | | Cancel outdated runs | Saves runner minutes |
Summary
A complete CI/CD pipeline combines lint, test, build, push, deploy, and verify stages. Use environment protection rules for production, manual approval gates for safety, and smoke tests for verification.
Key takeaways:
- Pipeline: lint โ test โ build โ push โ staging โ production โ smoke test
- Matrix testing: run tests across multiple Node versions in parallel
- Environment protection: manual approval for production
- Docker layer caching: 50-80% faster builds
- Cancel outdated runs to save resources
- Smoke tests verify the deployment actually works
- Always tag Docker images with commit SHA for traceability
- Use environments in GitHub for deployment tracking
What's Next: Algorithm โ Greedy MST
The next course covers greedy algorithms and minimum spanning trees โ Kruskal, Prim, and Union-Find.