DevOps Infrastructure
Build Pipeline
Enterprise-grade CI/CD with GitHub Actions, comprehensive testing, and zero-downtime deployments averaging 12 minutes from commit to production.
45/day
Deploy Frequency
8.2min
Avg Build Time
94.7%
Test Coverage
99.8%
Deploy Success
GitHub Actions Workflow
Parallelized CI pipeline with matrix builds, caching, and early exit on failures.
# .github/workflows/ci.yml
name: CI Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
concurrency:
group: ci-{{ github.ref }}
cancel-in-progress: true
env:
PYTHON_VERSION: "3.12"
NODE_VERSION: "20"
REGISTRY: ghcr.io
IMAGE_NAME: {{ github.repository }}
jobs:
# Lint and type check first (fast fail)
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: {{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Install dependencies
run: |
pip install ruff mypy
pip install -r requirements.txt
- name: Run Ruff linter
run: ruff check .
- name: Run type checking
run: mypy src/ --ignore-missing-imports
- name: Frontend lint
working-directory: frontend/console
run: |
npm ci --prefer-offline
npm run lint
npm run type-check
# Unit tests in parallel
test-backend:
needs: lint
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
redis:
image: redis:7
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: {{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Install dependencies
run: pip install -r requirements.txt -r requirements-dev.txt
- name: Run tests with coverage
env:
DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test
REDIS_URL: redis://localhost:6379
run: |
pytest tests/ \
--cov=src \
--cov-report=xml \
--cov-report=html \
-n auto \
--dist loadgroup
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
token: {{ secrets.CODECOV_TOKEN }}
files: coverage.xml
fail_ci_if_error: trueBuild & Cache Strategy
test-frontend:
needs: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: {{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: frontend/console/package-lock.json
- name: Install dependencies
working-directory: frontend/console
run: npm ci --prefer-offline
- name: Run tests
working-directory: frontend/console
run: npm run test -- --coverage
- name: Build application
working-directory: frontend/console
run: npm run build
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: frontend-build
path: frontend/console/.next
retention-days: 1
# Docker build with layer caching
build-image:
needs: [test-backend, test-frontend]
runs-on: ubuntu-latest
outputs:
image-tag: {{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: {{ env.REGISTRY }}
username: {{ github.actor }}
password: {{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: {{ env.REGISTRY }}/{{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=
type=ref,event=branch
type=semver,pattern={{version}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: {{ steps.meta.outputs.tags }}
labels: {{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION={{ github.sha }}
BUILD_TIME={{ github.event.head_commit.timestamp }}Pipeline Flow
Lint
Test Backend
Test Frontend
Build Image
Security Scan
Deploy
Ship Fast, Ship Safe
From commit to production in 12 minutes with enterprise security.
45 Deploys/Day94.7% CoverageZero Critical CVEs