CI/CD Pipeline with Docker

🔄 CI/CD Pipeline Flow

Automated continuous integration and deployment pipeline using Docker containers. From code commit to production deployment in minutes, not hours.

🔨

Build

✓ Completed

🧪

Test

✓ Passed

🔍

Security Scan

✓ Clean

🚀

Deploy

⏳ Ready

Pipeline Logs 0 logs

[00:00:00] [INFO] Pipeline ready. Click "Run Pipeline" to start.

0s

Build Time

0

Tests Executed

0%

Code Coverage

0s

Deploy Time

🔨

Build Stage

Docker Multi-Stage Build: Compile application code, install dependencies, and create optimized production images with minimal size.

✅ Multi-stage Dockerfile optimization
✅ Layer caching for faster builds
✅ Dependency installation and compilation
✅ Image tagging with version and commit SHA

🧪

Test Stage

Automated Testing: Run unit tests, integration tests, and end-to-end tests in isolated Docker containers to ensure code quality.

✅ Unit tests with code coverage reports
✅ Integration tests with database containers
✅ E2E tests in isolated environments
✅ Parallel test execution for speed

🔍

Security Scan

Vulnerability Detection: Scan Docker images for known vulnerabilities, security issues, and compliance violations before deployment.

✅ CVE vulnerability scanning with Trivy
✅ Dependency security audit
✅ Container image best practices check
✅ Secret detection and prevention

🚀

Deploy Stage

Automated Deployment: Push images to registry, update Kubernetes manifests, and deploy to production with zero-downtime rolling updates.

✅ Docker image push to registry (Docker Hub/ECR)
✅ Kubernetes rolling update deployment
✅ Health checks and readiness probes
✅ Automatic rollback on failure

📝 Pipeline Configuration

.github/workflows/ci-cd.yml

name: Docker CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main ] jobs: build-and-test: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build Docker image run: | docker build -t myapp:${{ github.sha }} . docker build -t myapp:latest . - name: Run unit tests run: | docker run --rm myapp:${{ github.sha }} npm test - name: Run integration tests run: | docker-compose -f docker-compose.test.yml up --abort-on-container-exit - name: Security scan with Trivy uses: aquasecurity/trivy-action@master with: image-ref: myapp:${{ github.sha }} format: 'sarif' output: 'trivy-results.sarif' - name: Login to Docker Hub if: github.ref == 'refs/heads/main' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Push to Docker Hub if: github.ref == 'refs/heads/main' run: | docker tag myapp:${{ github.sha }} username/myapp:${{ github.sha }} docker tag myapp:latest username/myapp:latest docker push username/myapp:${{ github.sha }} docker push username/myapp:latest - name: Deploy to Kubernetes if: github.ref == 'refs/heads/main' run: | kubectl set image deployment/myapp myapp=username/myapp:${{ github.sha }} kubectl rollout status deployment/myapp

Dockerfile - Multi-Stage Build

# Build stage FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build # Production stage FROM node:18-alpine WORKDIR /app # Copy only necessary files from builder COPY --from=builder /app/dist ./dist COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/package.json ./ # Security: Run as non-root user RUN addgroup -g 1001 -S nodejs && \ adduser -S nodejs -u 1001 USER nodejs EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD node healthcheck.js CMD ["node", "dist/server.js"]

docker-compose.test.yml

version: '3.8' services: app: build: . environment: - NODE_ENV=test - DB_HOST=postgres depends_on: postgres: condition: service_healthy command: npm run test:integration postgres: image: postgres:15-alpine environment: - POSTGRES_DB=test_db - POSTGRES_USER=test - POSTGRES_PASSWORD=test healthcheck: test: ["CMD-SHELL", "pg_isready -U test"] interval: 5s timeout: 3s retries: 5

🔧

Tools & Technologies

Docker GitHub Actions Kubernetes Trivy Docker Compose Docker Buildx Container Registry Jest

🎯

Pipeline Benefits

⚡ Automated testing on every commit
🔒 Security scanning before deployment
🚀 Zero-downtime deployments
📊 Build and deployment metrics

📊 Pipeline Monitoring

98.5%

Success Rate

5.2m

Avg Build Time

1,247

Total Builds

12

Deployments Today

📈

Performance Metrics

Key Performance Indicators:

⏱️ Lead Time: 8 minutes (commit to production)
📊 Deployment Frequency: 15-20 per day
🔄 Change Failure Rate: 1.5%
⚡ Mean Time to Recovery: 12 minutes

🔍

Quality Metrics

Code Quality & Testing:

✅ Test Coverage: 92% (minimum 80% required)
🧪 Unit Tests: 1,200+ automated tests
🔒 Security Vulnerabilities: 0 critical, 2 low
📋 Code Linting: ESLint + Prettier compliance

🎯

Best Practices

✅ Automated rollback on deployment failure
✅ Blue-green deployment strategy
✅ Container image scanning in every build
✅ Comprehensive logging and monitoring
✅ Infrastructure as Code (IaC) with version control

🛡️

Security Features

🔒 Image signing and verification
🔐 Secrets management with HashiCorp Vault
🛡️ Runtime security monitoring
📝 Compliance auditing and reporting
🔍 Continuous vulnerability scanning