# Complete GitHub Actions CI/CD Pipeline Example # This pipeline builds, tests, and deploys a containerized application name: CI/CD Pipeline on: push: branches: [main, develop] pull_request: branches: [main] env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} KUBE_NAMESPACE: production jobs: # Lint and validate lint: name: Lint Code runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run linters run: | echo "Running code linters..." # Add your linting commands here # Build and test build: name: Build and Test runs-on: ubuntu-latest needs: lint permissions: contents: read packages: write steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha,prefix={{branch}}- - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Run tests run: | echo "Running unit tests..." # Add your test commands here # Security scanning security: name: Security Scan runs-on: ubuntu-latest needs: build if: github.event_name != 'pull_request' steps: - uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy results to GitHub Security uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' # Deploy to staging deploy-staging: name: Deploy to Staging runs-on: ubuntu-latest needs: [build, security] if: github.ref == 'refs/heads/develop' environment: name: staging url: https://staging.example.com steps: - uses: actions/checkout@v4 - name: Configure kubectl uses: azure/k8s-set-context@v3 with: method: kubeconfig kubeconfig: ${{ secrets.KUBE_CONFIG_STAGING }} - name: Deploy to Kubernetes run: | kubectl set image deployment/app \ app=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ -n staging kubectl rollout status deployment/app -n staging --timeout=5m # Deploy to production deploy-production: name: Deploy to Production runs-on: ubuntu-latest needs: [build, security] if: github.ref == 'refs/heads/main' environment: name: production url: https://app.example.com steps: - uses: actions/checkout@v4 - name: Configure kubectl uses: azure/k8s-set-context@v3 with: method: kubeconfig kubeconfig: ${{ secrets.KUBE_CONFIG_PROD }} - name: Deploy to Kubernetes run: | kubectl set image deployment/app \ app=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ -n ${{ env.KUBE_NAMESPACE }} kubectl rollout status deployment/app -n ${{ env.KUBE_NAMESPACE }} --timeout=10m - name: Verify deployment run: | kubectl get deployment app -n ${{ env.KUBE_NAMESPACE }} kubectl get pods -n ${{ env.KUBE_NAMESPACE }} -l app=example-app # Notify on failure notify: name: Notify on Failure runs-on: ubuntu-latest needs: [deploy-staging, deploy-production] if: failure() steps: - name: Send notification run: | echo "Deployment failed! Sending notification..." # Add your notification logic here (Slack, email, etc.)