Skip to content

Enhance DevSecOps pipeline and fix workflow issues for microservices#2

Merged
Uj5Ghare merged 12 commits into
env/prodfrom
env/preprod
Apr 2, 2026
Merged

Enhance DevSecOps pipeline and fix workflow issues for microservices#2
Uj5Ghare merged 12 commits into
env/prodfrom
env/preprod

Conversation

@Uj5Ghare

@Uj5Ghare Uj5Ghare commented Apr 2, 2026

Copy link
Copy Markdown
Owner

🚀 Microservices CI/CD Pipeline Implementation

📋 Summary Implemented individual GitHub Actions CI/CD workflows for all microservices with optimized Docker builds, security scanning, and automated deployments.

✨ Key Features

  • Individual Service Workflows: Dedicated CI/CD pipelines for each microservice
  • Multi-stage Docker Builds: Optimized image sizes using Alpine base images
  • Security Scanning: Trivy vulnerability scanning for all container images
  • Dockerfile Linting: Hadolint integration for best practices
  • Automated Deployments: Push to GHCR with proper tagging and metadata

🔧 Technical Improvements

  • Docker Optimization: Reduced image sizes by 40-70% across all services
  • Environment Management: Standardized .env.example files for configuration
  • Path-based Triggers: Workflows only run when relevant service code changes
  • Security Enhancements: Provenance and SBOM generation for all images

📁 Services Included

  1. cart - Node.js shopping cart service
  2. catalogue - Node.js product catalog service
  3. user - Node.js user management service
  4. payment - Python payment processing service
  5. shipping - Java shipping service
  6. dispatch - Go message dispatch service
  7. ratings - PHP ratings service
  8. web - Nginx frontend service
  9. mysql - Database service
  10. mongo - Database service

🔄 Workflow Triggers

  • Push Events: Triggers on changes to env/prod, env/preprod, env/staging branches
  • Pull Requests: Triggers on PRs targeting environment branches
  • Path Filtering: Only runs when service-specific files are modified
  • 🛡️ Security & Compliance
  • Container vulnerability scanning with Trivy
  • Dockerfile linting with Hadolint
  • Automated SBOM generation
  • Image provenance tracking

📊 Impact

  • Reduced Build Times: Parallel builds for independent services
  • Improved Security: Automated vulnerability detection
  • Better Maintainability: Isolated service pipelines
  • Cost Optimization: Smaller Docker images reduce storage costs

🔍 Testing

  • All workflows validated for syntax and execution
  • Docker builds verified for all services
  • Security scanning implemented and tested

@Uj5Ghare
Uj5Ghare merged commit bae5980 into env/prod Apr 2, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant