Lab 12: CI/CD Pipeline¶
| Field | Value |
|---|---|
| Tier | 3 — Operations |
| Estimated Time | 60 minutes |
| Prerequisites | Docker, Git |
| Auto-Grade | Yes |
Scenario¶
Your team is deploying a Python web application manually. Every release involves someone SSH-ing into the server, pulling the latest code, running tests by hand, and restarting the service. Last month, a developer pushed broken code directly to main and the manual deployer did not notice the tests were failing. The bug reached production and took down the payment processing page for two hours.
The engineering director has mandated that all deployments go through an automated CI/CD pipeline. You need to build a pipeline that lints the code, runs tests, builds a Docker image, scans it for vulnerabilities, and deploys to a staging environment. The pipeline must block deployments if tests or security scans fail.
Objectives¶
- Create a GitHub Actions workflow file at
.github/workflows/ci.yml - Pipeline has a
lintjob that runsflake8 - Pipeline has a
testjob that runspytestand requires lint to pass - Pipeline has a
buildjob that builds a Docker image - Pipeline has a
scanjob that runs Trivy on the built image - Pipeline has a
deployjob that only runs on main branch after all checks pass - All jobs use proper dependency chains (needs:)
Setup¶
Creates a sample Python project at /tmp/lab-cicd/ with tests and a Dockerfile.
Hints¶
Hint 1: Workflow structure
Hint 2: Job dependencies
Use `needs:` to create dependency chains:Hint 3: Conditional deployment
Use `if: github.ref == 'refs/heads/main'` on the deploy job to only deploy from the main branch.Hint 4: Trivy scanning
Hint 5: Artifact passing
Use `actions/upload-artifact` and `actions/download-artifact` to pass the Docker image between the build and scan jobs, or use a container registry.Grading¶
Solution¶
See the solution/ directory for the complete workflow file.