Pipeline Engineering
You are entering advanced pipeline engineering where you'll create self-managing deployment systems that automatically test, build, and deploy your applications across multiple environments with zero human intervention.
Commander, the most sophisticated space missions are those that operate autonomously across vast distances. Just as spacecraft deploy automated systems for navigation, life support, and communication, your development projects need intelligent pipelines that automatically validate code quality, run comprehensive tests, and deploy applications to production environments without manual intervention.
You'll master GitHub Actions and CI/CD Pipeline Engineering - the mission control systems that transform your repositories into fully automated development and deployment platforms. From simple workflow automation to complex multi-environment deployment strategies, you'll build pipelines that ensure every code change is thoroughly validated before reaching users.
GitHub Actions is your mission control system for automation. Think of it as the central command center that coordinates all automated operations across your development lifecycle, from code validation to deployment and monitoring.
Definition: YAML files that define your automation processes
.github/workflows/ci.yml, deploy.yml, release.yml
Definition: Groups of steps that run on the same runner
Definition: Individual commands or actions within a job
run:, uses:, with:
Definition: Reusable units of code for common tasks
Master the art of creating sophisticated GitHub Actions workflows that automate every aspect of your development lifecycle. From basic CI to complex multi-environment deployments.
Mission: Understand the fundamental structure of GitHub Actions workflows
# .github/workflows/ci.yml
name: ๐ Continuous Integration Pipeline
# Define when this workflow runs
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
# Run every day at 2 AM UTC
- cron: '0 2 * * *'
# Define environment variables available to all jobs
env:
NODE_VERSION: '18'
CI: true
# Define the jobs that make up this workflow
jobs:
# Job 1: Code Quality & Testing
test:
name: ๐งช Test & Quality Checks
runs-on: ubuntu-latest
# Define job-specific environment variables
env:
DATABASE_URL: postgresql://test:test@localhost:5432/testdb
# Define the steps for this job
steps:
# Step 1: Get the source code
- name: ๐ฅ Checkout repository
uses: actions/checkout@v4
with:
# Fetch full history for better analysis
fetch-depth: 0
# Step 2: Set up Node.js environment
- name: โ๏ธ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
# Step 3: Install dependencies
- name: ๐ฆ Install dependencies
run: npm ci
# Step 4: Run linting
- name: ๐ Run ESLint
run: npm run lint
# Step 5: Run tests with coverage
- name: ๐งช Run tests
run: npm run test:coverage
# Step 6: Upload test results
- name: ๐ Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./coverage/lcov.info
flags: unittests
name: codecov-umbrellaon:
push:
branches: [ main, develop ]
paths-ignore:
- 'docs/**'
- '*.md'
pull_request:
types: [opened, synchronize]Controls when the workflow executes
env:
NODE_VERSION: '18'
DATABASE_URL: ${{ secrets.DB_URL }}
CUSTOM_VAR: 'production-value'Share configuration across jobs and steps
jobs:
test:
runs-on: ubuntu-latest
deploy:
needs: [test]
runs-on: ubuntu-latestControl execution order and dependencies
- name: Deploy to production
if: github.ref == 'refs/heads/main'
run: npm run deploy:prodRun steps only under specific conditions
Mission: Implement sophisticated workflow patterns for enterprise-grade automation
# Test across multiple environments
jobs:
test:
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: [16, 18, 20]
include:
- os: ubuntu-latest
node-version: 18
upload-coverage: true
exclude:
- os: windows-latest
node-version: 16
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install & Test
run: |
npm ci
npm test
- name: Upload Coverage
if: matrix.upload-coverage
uses: codecov/codecov-action@v3# .github/workflows/reusable-deploy.yml
name: ๐ Reusable Deployment
on:
workflow_call:
inputs:
environment:
required: true
type: string
version:
required: false
type: string
default: 'latest'
secrets:
DEPLOY_TOKEN:
required: true
jobs:
deploy:
environment: ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy to ${{ inputs.environment }}
env:
DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
VERSION: ${{ inputs.version }}
run: |
echo "Deploying version $VERSION to ${{ inputs.environment }}"
# Your deployment logic here
# Usage in another workflow:
# jobs:
# deploy-staging:
# uses: ./.github/workflows/reusable-deploy.yml
# with:
# environment: staging
# version: ${{ github.sha }}
# secrets:
# DEPLOY_TOKEN: ${{ secrets.STAGING_TOKEN }}# Multi-environment deployment with protection
jobs:
deploy-staging:
environment: staging
runs-on: ubuntu-latest
steps:
- name: Deploy to Staging
run: echo "Deploying to staging..."
deploy-production:
needs: deploy-staging
environment:
name: production
url: https://myapp.com
runs-on: ubuntu-latest
# Only deploy to prod from main branch
if: github.ref == 'refs/heads/main'
steps:
- name: Deploy to Production
run: echo "Deploying to production..."
- name: Run Health Check
run: |
curl -f https://myapp.com/health || exit 1
echo "โ
Health check passed!"# Build artifacts and share between jobs
jobs:
build:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Build application
run: |
npm ci
npm run build
npm run test
- name: Generate version
id: version
run: echo "version=$(date +%Y%m%d)-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: build-${{ steps.version.outputs.version }}
path: |
dist/
package.json
retention-days: 30
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
name: build-${{ needs.build.outputs.version }}
- name: Deploy version ${{ needs.build.outputs.version }}
run: |
echo "Deploying version: ${{ needs.build.outputs.version }}"
# Deployment commands hereImplement comprehensive security scanning and quality assurance within your CI/CD pipelines. Every deployment must pass through multiple security checkpoints before reaching production.
# .github/workflows/security-pipeline.yml
name: ๐ก๏ธ Security & Quality Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
# Job 1: Static Code Analysis
static-analysis:
name: ๐ Static Code Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# Security scanning with CodeQL
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript, python
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
# Dependency vulnerability scanning
- name: Run npm audit
run: |
npm audit --audit-level=critical
npm audit --audit-level=high --dry-run
# License compliance check
- name: License compliance
run: |
npm install -g license-checker
license-checker --onlyAllow "MIT;Apache-2.0;BSD;ISC"
# Job 2: Security Secrets Scanning
secrets-scan:
name: ๐ Secrets Detection
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: main
head: HEAD
- name: Check for hardcoded secrets
run: |
# Custom secret patterns
if grep -r "password.*=" --include="*.js" --include="*.py" .; then
echo "โ Potential hardcoded passwords found"
exit 1
fi
if grep -r "api[_-]?key.*=" --include="*.js" --include="*.py" .; then
echo "โ Potential API keys found"
exit 1
fi
echo "โ
No obvious secrets detected"
# Job 3: Container Security (if using Docker)
container-security:
name: ๐ณ Container Security Scan
runs-on: ubuntu-latest
if: contains(github.event.head_commit.modified, 'Dockerfile')
steps:
- uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t security-scan:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'security-scan:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
# Job 4: Quality Gates
quality-gates:
name: ๐ Quality Assessment
runs-on: ubuntu-latest
needs: [static-analysis, secrets-scan]
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
# Code coverage requirements
- name: Run tests with coverage
run: npm run test:coverage
- name: Coverage Quality Gate
run: |
COVERAGE=$(cat coverage/coverage-summary.json | jq '.total.lines.pct')
echo "Coverage: $COVERAGE%"
if (( $(echo "$COVERAGE < 80" | bc -l) )); then
echo "โ Coverage below 80% ($COVERAGE%)"
exit 1
fi
echo "โ
Coverage requirement met: $COVERAGE%"
# Code complexity analysis
- name: Complexity Analysis
run: |
npm install -g complexity-report
complexity-report --format json src/ > complexity.json
MAX_COMPLEXITY=$(cat complexity.json | jq '.reports[].complexity.cyclomatic' | sort -n | tail -1)
if (( MAX_COMPLEXITY > 10 )); then
echo "โ Cyclomatic complexity too high: $MAX_COMPLEXITY"
exit 1
fi
echo "โ
Complexity check passed: $MAX_COMPLEXITY"
# Performance benchmarks
- name: Performance Benchmarks
run: |
npm run build
# Check bundle size
BUNDLE_SIZE=$(stat -c%s "dist/main.js")
MAX_SIZE=1048576 # 1MB
if [ $BUNDLE_SIZE -gt $MAX_SIZE ]; then
echo "โ Bundle size too large: $(($BUNDLE_SIZE / 1024))KB"
exit 1
fi
echo "โ
Bundle size acceptable: $(($BUNDLE_SIZE / 1024))KB"# Never store secrets in code
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }}
API_KEY: ${{ secrets.API_KEY }}
# Use environment-specific secrets
- name: Deploy to production
if: github.ref == 'refs/heads/main'
env:
DEPLOY_KEY: ${{ secrets.PROD_DEPLOY_KEY }}
run: ./deploy.sh production# Limit workflow permissions
permissions:
contents: read
pull-requests: write
issues: write
# Or more restrictive
permissions: read-all
# Job-specific permissions
jobs:
deploy:
permissions:
contents: read
deployments: write# Sign and verify artifacts
- name: Sign artifacts
uses: sigstore/cosign-installer@v3
- name: Upload signed artifact
uses: actions/upload-artifact@v3
with:
name: signed-build
path: |
dist/
signature.sig
retention-days: 7# Pin action versions with SHA
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
# @v4
# Audit dependencies
- name: Audit dependencies
run: |
npm audit --audit-level=high
npm run security-checkYou'll create a comprehensive CI/CD pipeline that includes testing, security scanning, multi-environment deployment, and rollback capabilities. This represents a real-world enterprise deployment system.
mkdir cicd-pipeline-demo
cd cicd-pipeline-demo
# Initialize Node.js project
npm init -y
# Install dependencies
npm install express helmet cors dotenv
npm install --save-dev jest supertest eslint prettier nodemon
# Create application files
mkdir -p src tests .github/workflows
cat > src/app.js << 'EOF'
const express = require('express');
const helmet = require('helmet');
const cors = require('cors');
const app = express();
// Security middleware
app.use(helmet());
app.use(cors());
app.use(express.json());
// Health check endpoint
app.get('/health', (req, res) => {
res.json({
status: 'healthy',
timestamp: new Date().toISOString(),
version: process.env.npm_package_version || '1.0.0'
});
});
// API endpoint
app.get('/api/users', (req, res) => {
res.json([
{ id: 1, name: 'Commander Alpha' },
{ id: 2, name: 'Navigator Beta' }
]);
});
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`๐ Server running on port ${PORT}`);
});
module.exports = app;
EOF
cat > src/server.js << 'EOF'
require('dotenv').config();
require('./app');
EOFcat > tests/app.test.js << 'EOF'
const request = require('supertest');
const app = require('../src/app');
describe('Application Tests', () => {
describe('Health Check', () => {
it('should return healthy status', async () => {
const response = await request(app)
.get('/health')
.expect(200);
expect(response.body.status).toBe('healthy');
expect(response.body.timestamp).toBeDefined();
});
});
describe('Users API', () => {
it('should return users list', async () => {
const response = await request(app)
.get('/api/users')
.expect(200);
expect(Array.isArray(response.body)).toBe(true);
expect(response.body.length).toBeGreaterThan(0);
});
});
});
EOF
# Update package.json with scripts
cat > package.json << 'EOF'
{
"name": "cicd-pipeline-demo",
"version": "1.0.0",
"scripts": {
"start": "node src/server.js",
"dev": "nodemon src/server.js",
"test": "jest",
"test:coverage": "jest --coverage",
"test:watch": "jest --watch",
"lint": "eslint src/ tests/",
"lint:fix": "eslint src/ tests/ --fix",
"format": "prettier --write src/ tests/",
"security-check": "npm audit --audit-level=high"
},
"dependencies": {
"express": "^4.18.2",
"helmet": "^7.0.0",
"cors": "^2.8.5",
"dotenv": "^16.3.1"
},
"devDependencies": {
"jest": "^29.6.2",
"supertest": "^6.3.3",
"eslint": "^8.46.0",
"prettier": "^3.0.1",
"nodemon": "^3.0.1"
}
}
EOFcat > .github/workflows/cicd-pipeline.yml << 'EOF'
name: ๐ Production CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
env:
NODE_VERSION: '18'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# Stage 1: Code Quality & Testing
quality-gate:
name: ๐ Quality Gate
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
should-deploy: ${{ steps.deploy-check.outputs.should-deploy }}
steps:
- name: ๐ฅ Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: โ๏ธ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: ๐ฆ Install dependencies
run: npm ci
- name: ๐ Lint code
run: npm run lint
- name: ๐งช Run tests with coverage
run: npm run test:coverage
- name: ๐ Coverage Quality Gate
run: |
COVERAGE=$(cat coverage/coverage-summary.json | jq '.total.lines.pct')
echo "Code coverage: $COVERAGE%"
if (( $(echo "$COVERAGE < 70" | bc -l) )); then
echo "โ Coverage below 70%"
exit 1
fi
echo "โ
Coverage requirement met"
- name: ๐ Security audit
run: npm run security-check
- name: ๐ท๏ธ Generate version
id: version
run: |
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
VERSION="v$(date +%Y%m%d)-$(git rev-parse --short HEAD)"
else
VERSION="dev-$(git rev-parse --short HEAD)"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Generated version: $VERSION"
- name: ๐ฏ Check deployment eligibility
id: deploy-check
run: |
if [ "${{ github.ref }}" = "refs/heads/main" ] && [ "${{ github.event_name }}" = "push" ]; then
echo "should-deploy=true" >> $GITHUB_OUTPUT
echo "โ
Deployment authorized for main branch"
else
echo "should-deploy=false" >> $GITHUB_OUTPUT
echo "โน๏ธ Deployment skipped (not main branch or not push event)"
fi
- name: ๐ค Upload test results
uses: actions/upload-artifact@v3
if: always()
with:
name: test-results-${{ steps.version.outputs.version }}
path: |
coverage/
jest-results.xml
# Stage 2: Security Scanning
security-scan:
name: ๐ก๏ธ Security Scan
runs-on: ubuntu-latest
needs: quality-gate
steps:
- uses: actions/checkout@v4
- name: ๐ Run CodeQL Analysis
uses: github/codeql-action/init@v2
with:
languages: javascript
- uses: github/codeql-action/autobuild@v2
- uses: github/codeql-action/analyze@v2
- name: ๐ Check for secrets
run: |
echo "Scanning for hardcoded secrets..."
if grep -r "password\|secret\|key" --include="*.js" src/ | grep -v "test\|example"; then
echo "โ Potential secrets found in code"
exit 1
fi
echo "โ
No secrets detected"
# Stage 3: Build & Package
build:
name: ๐๏ธ Build Application
runs-on: ubuntu-latest
needs: [quality-gate, security-scan]
if: needs.quality-gate.outputs.should-deploy == 'true'
steps:
- uses: actions/checkout@v4
- name: โ๏ธ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: ๐ฆ Install dependencies
run: npm ci --production
- name: ๐๏ธ Create production build
run: |
# Create production bundle
mkdir -p dist
cp -r src/ dist/
cp package.json package-lock.json dist/
# Create deployment manifest
cat > dist/deployment-manifest.json << EOF
{
"version": "${{ needs.quality-gate.outputs.version }}",
"buildTime": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"gitSha": "${{ github.sha }}",
"gitRef": "${{ github.ref }}",
"nodeVersion": "${{ env.NODE_VERSION }}"
}
EOF
- name: ๐ค Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: production-build-${{ needs.quality-gate.outputs.version }}
path: dist/
retention-days: 30
# Stage 4: Deploy to Staging
deploy-staging:
name: ๐ Deploy to Staging
runs-on: ubuntu-latest
needs: [quality-gate, build]
environment: staging
if: needs.quality-gate.outputs.should-deploy == 'true'
steps:
- name: ๐ฅ Download build artifacts
uses: actions/download-artifact@v3
with:
name: production-build-${{ needs.quality-gate.outputs.version }}
path: ./build
- name: ๐ Deploy to Staging Environment
env:
VERSION: ${{ needs.quality-gate.outputs.version }}
STAGING_HOST: ${{ secrets.STAGING_HOST }}
STAGING_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
run: |
echo "๐ Deploying version $VERSION to staging..."
# Simulate deployment (replace with actual deployment commands)
echo "- Connecting to staging server..."
echo "- Uploading application files..."
echo "- Installing dependencies..."
echo "- Starting application..."
echo "- Running smoke tests..."
# Health check simulation
sleep 2
echo "โ
Staging deployment successful!"
echo "๐ Application available at: https://staging.yourapp.com"
- name: ๐งช Run staging smoke tests
run: |
echo "๐งช Running smoke tests against staging..."
# Simulate smoke tests
echo "- Testing health endpoint..."
echo "- Testing API endpoints..."
echo "- Verifying database connectivity..."
echo "โ
All smoke tests passed!"
# Stage 5: Deploy to Production
deploy-production:
name: ๐๏ธ Deploy to Production
runs-on: ubuntu-latest
needs: [quality-gate, deploy-staging]
environment:
name: production
url: https://yourapp.com
if: needs.quality-gate.outputs.should-deploy == 'true'
steps:
- name: ๐ฅ Download build artifacts
uses: actions/download-artifact@v3
with:
name: production-build-${{ needs.quality-gate.outputs.version }}
path: ./build
- name: ๐๏ธ Deploy to Production
env:
VERSION: ${{ needs.quality-gate.outputs.version }}
PROD_HOST: ${{ secrets.PRODUCTION_HOST }}
PROD_KEY: ${{ secrets.PRODUCTION_DEPLOY_KEY }}
run: |
echo "๐๏ธ Deploying version $VERSION to production..."
# Blue-green deployment simulation
echo "- Creating new deployment slot..."
echo "- Uploading application to new slot..."
echo "- Installing dependencies..."
echo "- Running pre-flight checks..."
echo "- Switching traffic to new deployment..."
echo "- Monitoring application health..."
sleep 3
echo "โ
Production deployment successful!"
echo "๐ Application live at: https://yourapp.com"
- name: ๐ Production health check
run: |
echo "๐ Performing production health check..."
# Simulate health checks
echo "- Checking application response time..."
echo "- Verifying database connections..."
echo "- Testing critical user flows..."
echo "- Monitoring error rates..."
echo "โ
Production health check passed!"
- name: ๐ Create deployment summary
run: |
cat > deployment-summary.md << EOF
# ๐ Deployment Summary
**Version:** ${{ needs.quality-gate.outputs.version }}
**Environment:** Production
**Deployed at:** $(date -u +%Y-%m-%dT%H:%M:%SZ)
**Git SHA:** ${{ github.sha }}
## Deployment Steps Completed
- โ
Quality gates passed
- โ
Security scan completed
- โ
Build artifacts created
- โ
Staging deployment successful
- โ
Production deployment successful
- โ
Health checks passed
## URLs
- ๐ **Production:** https://yourapp.com
- ๐งช **Staging:** https://staging.yourapp.com
## Rollback Information
Previous version can be restored using:
\`\`\`bash
# Emergency rollback command
git revert ${{ github.sha }}
\`\`\`
EOF
echo "๐ Deployment summary created"
cat deployment-summary.md
- name: ๐ค Upload deployment report
uses: actions/upload-artifact@v3
with:
name: deployment-report-${{ needs.quality-gate.outputs.version }}
path: deployment-summary.md
# Stage 6: Post-Deployment Monitoring
post-deployment:
name: ๐ Post-Deployment Monitoring
runs-on: ubuntu-latest
needs: [quality-gate, deploy-production]
if: always() && needs.deploy-production.result == 'success'
steps:
- name: ๐ Setup monitoring
run: |
echo "๐ Setting up post-deployment monitoring..."
# Simulate monitoring setup
echo "- Configuring application performance monitoring..."
echo "- Setting up error tracking..."
echo "- Enabling user analytics..."
echo "- Creating deployment dashboard..."
echo "โ
Monitoring configured for version ${{ needs.quality-gate.outputs.version }}"
- name: ๐ Send deployment notification
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VERSION: ${{ needs.quality-gate.outputs.version }}
run: |
echo "๐ Sending deployment notification..."
# Simulate Slack notification
cat > notification.json << EOF
{
"text": "๐ Production Deployment Successful!",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Deployment Complete* ๐\\n\\n*Version:* $VERSION\\n*Environment:* Production\\n*Status:* โ
Successful\\n*URL:* https://yourapp.com"
}
}
]
}
EOF
echo "๐ง Notification sent to team channels"
echo "โ
Deployment pipeline complete!"
EOF# Initialize Git repository and test pipeline
git init
git add .
git commit -m "feat: initial CI/CD pipeline implementation"
# Create main branch and push (this will trigger the pipeline)
git branch -M main
# Simulate pull request workflow
git checkout -b feature/test-pipeline
echo "// Test change" >> src/app.js
git add .
git commit -m "test: verify CI/CD pipeline functionality"
# The pipeline will run on:
# 1. Push to feature branch (quality gates only)
# 2. Pull request to main (full validation)
# 3. Merge to main (complete deployment)
# Check pipeline status
echo "๐ Pipeline will execute the following stages:"
echo "1. ๐ Quality Gate - Code quality, testing, security audit"
echo "2. ๐ก๏ธ Security Scan - CodeQL analysis, secrets detection"
echo "3. ๐๏ธ Build - Create production artifacts"
echo "4. ๐ Deploy Staging - Deploy and test in staging environment"
echo "5. ๐๏ธ Deploy Production - Blue-green production deployment"
echo "6. ๐ Post-Deployment - Monitoring and notifications"
echo ""
echo "โ
Complete CI/CD pipeline created!"
echo "๐ฏ Pipeline includes:"
echo " - Automated testing and quality gates"
echo " - Security scanning and vulnerability assessment"
echo " - Multi-environment deployment (staging โ production)"
echo " - Health checks and rollback capabilities"
echo " - Monitoring and team notifications"on: push, pull_request, schedule
strategy: matrix: {os, node-version}
environment: {name, url}
upload-artifact, download-artifact
${{ secrets.SECRET_NAME }}
if: github.ref == 'refs/heads/main'