https://github.com/pk2731/enterprise-cicd-template
π Enterprise-grade CI/CD template with zero-human production access, comprehensive quality gates, and Kubernetes deployments
https://github.com/pk2731/enterprise-cicd-template
ci-cd devops docker enterprise github-actions kubernetes quality-gates security sonarqube template
Last synced: 3 months ago
JSON representation
π Enterprise-grade CI/CD template with zero-human production access, comprehensive quality gates, and Kubernetes deployments
- Host: GitHub
- URL: https://github.com/pk2731/enterprise-cicd-template
- Owner: pk2731
- Created: 2025-10-01T15:32:14.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-10-01T16:19:54.000Z (9 months ago)
- Last Synced: 2025-10-12T11:22:36.547Z (9 months ago)
- Topics: ci-cd, devops, docker, enterprise, github-actions, kubernetes, quality-gates, security, sonarqube, template
- Language: Shell
- Size: 48.8 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# π Enterprise CI/CD Template
> **Ready to use enterprise-grade CI/CD for your next project? Click "Use this template" above! π**
## π― Overview
This is a comprehensive **enterprise-grade CI/CD template** that enforces **zero-human access to production** while maintaining the highest standards of code quality, security, and reliability.
## π How to Use This Template
### Option 1: GitHub Web Interface
1. **Click "Use this template"** button above
2. **Create your new repository**
3. **Follow the [Complete Usage Guide β](./TEMPLATE_USAGE_GUIDE.md)**
### Option 2: GitHub CLI
```bash
gh repo create your-project-name --template pk2731/enterprise-cicd-template --public --clone
cd your-project-name
# Follow the usage guide for setup
```
**π [READ THE COMPLETE USAGE GUIDE](./TEMPLATE_USAGE_GUIDE.md) π**
## π Key Features
- **π Zero-Human Production Access** - All deployments are automated
- **π Comprehensive Quality Gates** - SonarQube integration with 85% coverage requirement
- **π‘οΈ Security-First Approach** - Automated vulnerability scanning and secret management
- **βΈοΈ Kubernetes Production Deployments** - Zero-downtime rolling updates
- **π Multi-Environment Pipeline** - Dev β Staging β Production workflow
- **π Mandatory Code Reviews** - CODEOWNERS with required approvals
- **π Detailed PR Templates** - Comprehensive checklists for all changes
## ποΈ Architecture
```
Feature Branch β Quality Gates β Build β Dev β Staging β Production
β β β β β β
PR Created All Tests Docker Docker Blue-Green Kubernetes
Template Pass Build Deploy Deploy Rolling Update
Required Coverage>80% Push Health E2E Tests Health Check
Code Review Security Scan Registry Check Load Test Auto-Rollback
```
## π Repository Structure
```
βββ .github/
β βββ workflows/
β β βββ ci-cd.yml # Main CI/CD pipeline
β βββ pull_request_template.md # Mandatory PR checklist
β βββ CODEOWNERS # Required reviewers
β βββ ISSUE_TEMPLATE/
β βββ bug_report.yml # Structured bug reports
βββ k8s/production/
β βββ namespace.yaml # Production namespace + policies
β βββ deployment.yaml # High-security deployment
β βββ service.yaml # Service configuration
β βββ ingress.yaml # SSL + security headers
β βββ configmap.yaml # Non-sensitive config
β βββ secret.yaml # Sensitive data template
β βββ hpa.yaml # Auto-scaling configuration
βββ scripts/
β βββ deploy-dev.sh # Development deployment
β βββ deploy-staging.sh # Staging deployment (blue-green)
β βββ health-check.sh # Universal health checker
βββ sonar-project.properties # SonarQube configuration
βββ README.md # This file
```
## π¦ Quality Gates
### β
Required Checks (All must pass)
- **Linting** (ESLint/Prettier)
- **Unit Tests** (80%+ coverage)
- **Integration Tests**
- **Security Vulnerability Scan**
- **SonarQube Quality Gate** (85%+ coverage)
- **Performance Tests**
- **Build Verification**
### π« Deployment Blockers
- Failed automated tests
- Security vulnerabilities
- Code coverage below threshold
- Incomplete PR checklist
- Missing required approvals
- Hardcoded secrets detected
## π Getting Started
### π **Complete Setup Guide**
π **[READ THE COMPLETE USAGE GUIDE](./TEMPLATE_USAGE_GUIDE.md)** π
For detailed step-by-step instructions on how to use this template, customize it for your project, and set up all the integrations.
### β‘ Quick Start
1. **Click "Use this template"** β Create new repository
2. **Clone your new repo** locally
3. **Follow the [Template Usage Guide](./TEMPLATE_USAGE_GUIDE.md)** for complete setup
4. **Configure GitHub secrets** for your integrations
5. **Set up branch protection rules** as described in the guide
6. **Start coding** with enterprise-grade CI/CD!
## π Workflow
### Development Flow
```bash
git checkout -b feature/JIRA-123-new-feature
# Make changes
git commit -m "feat: add new feature"
git push origin feature/JIRA-123-new-feature
# Open PR to develop
```
### Deployment Flow
- **develop** β Automatic deployment to **Development**
- **staging** β Blue-green deployment to **Staging** + E2E tests
- **main** β Zero-downtime Kubernetes deployment to **Production**
## π Monitoring & Observability
### Built-in Health Checks
- Application health endpoints
- Database connectivity
- External service dependencies
- Performance metrics
- Security headers validation
### Automatic Scaling
- **HPA** based on CPU (70%) and Memory (80%)
- **Min replicas**: 3 (high availability)
- **Max replicas**: 20 (load handling)
## π Security Features
### Production Security
- **Read-only root filesystem**
- **Non-root user execution**
- **Resource limits enforced**
- **Network policies**
- **Security context constraints**
### Secrets Management
- **No hardcoded secrets** in code
- **Kubernetes secrets** for sensitive data
- **Automatic secret scanning**
- **Base64 encoding required**
## π οΈ Customization
### Adding New Services
1. **Update Kubernetes manifests** in `k8s/production/`
2. **Modify deployment scripts** in `scripts/`
3. **Add health checks** to `scripts/health-check.sh`
4. **Update CODEOWNERS** for new components
### Different Tech Stacks
This template supports:
- **Node.js/TypeScript** (default)
- **Python** (update workflow)
- **Go** (update workflow)
- **Java** (update workflow)
Simply modify `.github/workflows/ci-cd.yml` for your language.
## π Troubleshooting
### Common Issues
**Quality Gates Failing?**
```bash
# Check SonarQube logs
curl -u token: "${SONAR_HOST_URL}/api/qualitygates/project_status?projectKey=${PROJECT_KEY}"
# Run tests locally
npm run test:coverage
```
**Kubernetes Deployment Issues?**
```bash
# Check deployment status
kubectl rollout status deployment/app-deployment -n production
# View pod logs
kubectl logs -l app=yourapp -n production
# Check events
kubectl get events -n production --sort-by='.lastTimestamp'
```
**GitHub Actions Failing?**
1. Check workflow logs in Actions tab
2. Verify all secrets are set correctly
3. Validate YAML syntax
4. Check branch protection rules
## π Best Practices
### Code Quality
- **Write tests first** (TDD approach)
- **Keep functions small** and focused
- **Document complex logic** with comments
- **Follow naming conventions**
### Security
- **Never commit secrets**
- **Validate all inputs**
- **Use parameterized queries**
- **Keep dependencies updated**
### Performance
- **Monitor response times**
- **Optimize database queries**
- **Use caching strategies**
- **Monitor resource usage**
## π€ Contributing
1. **Fork** the template repository
2. **Create** a feature branch
3. **Make** your improvements
4. **Test** thoroughly
5. **Submit** a pull request
## π License
This template is released under the MIT License. See [LICENSE](LICENSE) for details.
---
## π Success Metrics
With this template, you can expect:
- **π 100% Automated Production Deployments**
- **π Consistent 85%+ Code Coverage**
- **π‘οΈ Zero Security Vulnerabilities in Production**
- **β‘ Sub-200ms API Response Times**
- **π 99.9% Uptime with Auto-scaling**
- **π Zero-downtime Deployments**
**Ready to deploy enterprise-grade applications with confidence!** π