DevOps/DevSecOps Pipeline Tutorial

A complete end-to-end DevOps/DevSecOps tutorial demonstrating modern CI/CD practices with Docker, Terraform, and Kubernetes.

📚 What You'll Learn

This tutorial covers:

• Containerization with Docker
• Infrastructure as Code with Terraform
• Container Orchestration with Kubernetes
• CI/CD Pipelines with GitHub Actions
• Security Scanning (SAST, container scanning, dependency checks)
• Best Practices for DevSecOps workflows

🏗️ Project Structure

See PROJECT_STRUCTURE.md for detailed project layout.

.
├── app/                    # Sample application
├── docker/                 # Docker-related files
├── terraform/             # Infrastructure as Code
├── kubernetes/            # K8s manifests
├── .github/
│   └── workflows/         # CI/CD pipelines
├── scripts/               # Helper scripts
└── docs/                  # Additional documentation

🚀 Quick Start

📖 New to DevOps? Check out the Getting Started Guide for a step-by-step walkthrough!

Prerequisites

• Docker Desktop or Docker Engine
• kubectl installed
• Terraform >= 1.0
• AWS/GCP/Azure account (for cloud deployment)
• GitHub account

Local Development

1. Run with Docker Compose:

   docker compose up -d

   Visit http://localhost:5000

2. Build and run Docker image:

   docker build -t devops-app:latest -f docker/Dockerfile .
   docker run -p 5000:5000 devops-app:latest

3. Deploy to Kubernetes (local):

   kubectl apply -f kubernetes/

Infrastructure Deployment

1. Initialize Terraform:

   cd terraform/aws
   terraform init

2. Plan infrastructure:

   terraform plan

3. Apply infrastructure:

   terraform apply

🔄 CI/CD Pipeline

The GitHub Actions workflow includes:

1. Code Quality Checks

   • Linting
   • Unit tests
   • Security scanning (SAST)

2. Build Stage

   • Docker image build
   • Container scanning
   • Dependency vulnerability scanning

3. Deploy Stage

   • Push to container registry
   • Terraform infrastructure deployment
   • Kubernetes deployment

See .github/workflows/ci-cd-pipeline.yml for details.

🔒 Security Features

• SAST: Static Application Security Testing
• Container Scanning: Docker image vulnerability scanning
• Dependency Scanning: Python/Node dependencies check
• Infrastructure Security: Terraform security scanning
• Secrets Management: GitHub Secrets integration

📖 Detailed Documentation

• Getting Started Guide - Start here if you're new!
• Application Setup
• Docker Guide
• Terraform Guide
• Kubernetes Guide
• CI/CD Pipeline
• Project Structure

🤝 Contributing

This is a tutorial repository. Feel free to fork, modify, and use it for learning purposes!

See CONTRIBUTING.md for contribution guidelines.

📝 License

MIT License - Feel free to use this template for your projects.

See LICENSE for details.

🙏 Acknowledgments

Built as a comprehensive DevOps/DevSecOps learning resource for cloud security and DevSecOps practitioners.

📧 Support

• 📚 Check the documentation
• 🐛 Open an issue
• 💬 Ask questions in discussions