Why Your CI/CD Pipeline Isn't Secure—And How to Fix It with DevSecOps


PS: I am looking for a job for the role of “Devops Engineer“ or “Fullstack Developer“, If you know someone who could refer or help, A referral would be appreciated ❤️
We will be focusing on building a pipeline with Github actions, Docker, and security with Trivy Scan and ArgoCD.
Features of this project:
Deploying a Tik Tak Toe React Application
Running Unit tests on our application
Using Github Actions Workflow for the CI CD part
Using Docker to containerize the Application and generating an Image
Using AWS ec2 instance to run our deployed application container on the ec2 machine to make our application run on working IP Address of the ec2 instance’s Public IP.
Prerequisites for this project:
A working React Application (client only) will do.
Docker installed on your local system
Knowledge about Docker, writing yaml files and CI Workflows
AWS Account and ec2 t2.medium instance for our argo cd part
Step 1: Running your project locally
You should be able to run your project locally on your system.
Next, Build your project.
npm run build
Step 2: Write a Dockerfile in the root of your project with a .dockerignore file
Now let’s build a container image for our project
Docker Containerization
docker build -t <IMAGE_NAME>:v1 .
It will build an image and give you the container image.
Now run your image using this command
docker run -d -p 1101:80 <IMAGE_NAME>
Your React Application would be running on “http://localhost:1101”
How to check if your container is running ?
docker ps
Step 3: Write the CI-CD workflow yaml file
This Yaml file consists of 5 stages
Unit Testing of application
Static Code Analysis
Build
Docker Build and Push + Trivy Image Scan
Update Kubernetes deployment.yaml file
Then starting a AWS ec2 instance and installing docker, kind, and later installing argocd on the instance.
The next steps were performed directly on the AWS ec2 session manager, so the codes and screenshots were not available.
However, we successfully deployed our k8s cluster and our app on the Public Ip given by the ec2 instance.
You can see the source code here:
Subscribe to my newsletter
Read articles from Jyotindra Tavanoji directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Jyotindra Tavanoji
Jyotindra Tavanoji
Empowering startups with technology and design