Files
wehub-resource-sync bb5c75ce05
Component Security Validation / Security Audit (push) Has been cancelled
Deploy to Cloudflare Pages / deploy (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:38:58 +08:00

322 lines
9.0 KiB
Markdown

---
allowed-tools: Read, Write, Edit, Bash
argument-hint: [platform] | --github-actions | --gitlab-ci | --jenkins | --full-setup
description: Setup comprehensive CI/CD pipeline with automated testing, building, and deployment
---
# CI/CD Pipeline Setup
Setup continuous integration pipeline: $ARGUMENTS
## Current Project Analysis
- Project type: @package.json or @setup.py or @go.mod or @pom.xml (detect language/framework)
- Existing workflows: !`find .github/workflows -name "*.yml" 2>/dev/null | head -3`
- Git branches: !`git branch -r | head -5`
- Dependencies: @package-lock.json or @requirements.txt or @go.sum (if exists)
- Build scripts: Check for build commands in package.json or Makefile
## Task
Implement comprehensive CI/CD following best practices: $ARGUMENTS
1. **Project Analysis**
- Identify the technology stack and deployment requirements
- Review existing build and test processes
- Understand deployment environments (dev, staging, prod)
- Assess current version control and branching strategy
2. **CI/CD Platform Selection**
- Choose appropriate CI/CD platform based on requirements:
- **GitHub Actions**: Native GitHub integration, extensive marketplace
- **GitLab CI**: Built-in GitLab, comprehensive DevOps platform
- **Jenkins**: Self-hosted, highly customizable, extensive plugins
- **CircleCI**: Cloud-based, optimized for speed
- **Azure DevOps**: Microsoft ecosystem integration
- **AWS CodePipeline**: AWS-native solution
3. **Repository Setup**
- Ensure proper `.gitignore` configuration
- Set up branch protection rules
- Configure merge requirements and reviews
- Establish semantic versioning strategy
4. **Build Pipeline Configuration**
**GitHub Actions Example:**
```yaml
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- run: npm ci
- run: npm run test
- run: npm run build
```
**GitLab CI Example:**
```yaml
stages:
- test
- build
- deploy
test:
stage: test
script:
- npm ci
- npm run test
cache:
paths:
- node_modules/
```
5. **Environment Configuration**
- Set up environment variables and secrets
- Configure different environments (dev, staging, prod)
- Implement environment-specific configurations
- Set up secure secret management
6. **Automated Testing Integration**
- Configure unit test execution
- Set up integration test running
- Implement E2E test execution
- Configure test reporting and coverage
**Multi-stage Testing:**
```yaml
test:
strategy:
matrix:
node-version: [16, 18, 20]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm test
```
7. **Code Quality Gates**
- Integrate linting and formatting checks
- Set up static code analysis (SonarQube, CodeClimate)
- Configure security vulnerability scanning
- Implement code coverage thresholds
8. **Build Optimization**
- Configure build caching strategies
- Implement parallel job execution
- Optimize Docker image builds
- Set up artifact management
**Caching Example:**
```yaml
- name: Cache node modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
```
9. **Docker Integration**
- Create optimized Dockerfiles
- Set up multi-stage builds
- Configure container registry integration
- Implement security scanning for images
**Multi-stage Dockerfile:**
```dockerfile
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:18-alpine AS runtime
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "start"]
```
10. **Deployment Strategies**
- Implement blue-green deployment
- Set up canary releases
- Configure rolling updates
- Implement feature flags integration
11. **Infrastructure as Code**
- Use Terraform, CloudFormation, or similar tools
- Version control infrastructure definitions
- Implement infrastructure testing
- Set up automated infrastructure provisioning
12. **Monitoring and Observability**
- Set up application performance monitoring
- Configure log aggregation and analysis
- Implement health checks and alerting
- Set up deployment notifications
13. **Security Integration**
- Implement dependency vulnerability scanning
- Set up container security scanning
- Configure SAST (Static Application Security Testing)
- Implement secrets scanning
**Security Scanning Example:**
```yaml
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
```
14. **Database Migration Handling**
- Automate database schema migrations
- Implement rollback strategies
- Set up database seeding for testing
- Configure backup and recovery procedures
15. **Performance Testing Integration**
- Set up load testing in pipeline
- Configure performance benchmarks
- Implement performance regression detection
- Set up performance monitoring
16. **Multi-Environment Deployment**
- Configure staging environment deployment
- Set up production deployment with approvals
- Implement environment promotion workflow
- Configure environment-specific configurations
**Environment Deployment:**
```yaml
deploy-staging:
needs: test
if: github.ref == 'refs/heads/develop'
runs-on: ubuntu-latest
steps:
- name: Deploy to staging
run: |
# Deploy to staging environment
deploy-production:
needs: test
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to production
run: |
# Deploy to production environment
```
17. **Rollback and Recovery**
- Implement automated rollback procedures
- Set up deployment verification tests
- Configure failure detection and alerts
- Document manual recovery procedures
18. **Notification and Reporting**
- Set up Slack/Teams integration for notifications
- Configure email alerts for failures
- Implement deployment status reporting
- Set up metrics dashboards
19. **Compliance and Auditing**
- Implement deployment audit trails
- Set up compliance checks (SOC 2, HIPAA, etc.)
- Configure approval workflows for sensitive deployments
- Document change management processes
20. **Pipeline Optimization**
- Monitor pipeline performance and costs
- Implement pipeline parallelization
- Optimize resource allocation
- Set up pipeline analytics and reporting
**Best Practices:**
1. **Fail Fast**: Implement early failure detection
2. **Parallel Execution**: Run independent jobs in parallel
3. **Caching**: Cache dependencies and build artifacts
4. **Security**: Never expose secrets in logs
5. **Documentation**: Document pipeline processes and procedures
6. **Monitoring**: Monitor pipeline health and performance
7. **Testing**: Test pipeline changes in feature branches
8. **Rollback**: Always have a rollback strategy
**Sample Complete Pipeline:**
```yaml
name: Full CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
lint-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- run: npm ci
- run: npm run lint
- run: npm run test:coverage
- run: npm run build
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Security scan
run: npm audit --audit-level=high
deploy-staging:
needs: [lint-and-test, security-scan]
if: github.ref == 'refs/heads/develop'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Deploy to staging
run: echo "Deploying to staging"
deploy-production:
needs: [lint-and-test, security-scan]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v3
- name: Deploy to production
run: echo "Deploying to production"
```
Start with basic CI and gradually add more sophisticated features as your team and project mature.