This project implements a fully automated DevSecOps pipeline for Python packages, integrating code quality, security, and deployment workflows. The system:
- Runs unit tests for multiple Python packages within GitHub Actions.
- Performs static code analysis and security scans using SonarQube and security agents (hosted in AWS).
- Enforces compliance by automatically merging code only if quality gates and coverage thresholds are met.
- Updates the project README with latest test coverage and reports, pulling information from both SonarQube and GitHub Releases.
- Builds Docker images and publishes them to GitHub Container Registry.
- Deploys validated artifacts to AWS infrastructure.
| Current code status |  |
|---|
| Current Status | Acceptance Condition |
|---|---|
 |
New code has 0 security issues |
 |
New code has 0 reliability issues |
 |
New code has at least 80% coverage |
 |
Code has less than 3% of lines duplicated |
This project aims to automate as much as possible of the CI/CD pipeline git GitHub actions, so each time there is a commit to the master branch, all workflows (except release to docker hub and GitHub packages) run.
| Workflow output | SonarQube platform |
|---|---|
 |
 |
| Workflow output | Images on repo |
|---|---|
 |
 |
| Workflow output | Package on repo |
|---|---|
 |
 |
| Workflow output | Coverage report |
|---|---|
 |
 |
| Load Balancer | ECR images |
|---|---|
 |
 |
| ECS Cluster |
|---|
 |