Building a Complete DevSecOps Pipeline: From Code to Kubernetes with ArgoCD


In today's rapidly evolving software landscape, integrating security into every stage of the development lifecycle isn't just a best practice—it's essential. This blog post walks through building a comprehensive DevSecOps pipeline for a Tic-tac-Toe application using modern tools and practices.
What is DevSecOps?
DevSecOps extends beyond simply building CI/CD pipelines with security measures. While it includes integrating static code analysis, OWASP security checks, and unit testing, true DevSecOps encompasses:
Securing Terraform state files
Using HashiCorp Vault for sensitive data management (API keys, tokens, passwords)
Implementing Kubernetes encryption and secrets management
Container security scanning and vulnerability assessment
Infrastructure as Code (IaC) securityProject Overview
This project demonstrates a complete DevSecOps implementation for a Node.js-based Tic-tac-Toe application, featuring:
Application: React-based Tic-tac-Toe game
Infrastructure: Minikube for local Kubernetes deployment
CI/CD: GitHub Actions with integrated security scanning
Container Registry: GitHub Container Registry (GHCR)
Deployment: ArgoCD for GitOps-based continuous deployment
Development Environment: Complete local development setup with Minikube
Architecture and Tech Stack
Core Technologies
Frontend: React with TypeScript
Containerization: Docker with multi-stage builds
Orchestration: Kubernetes (Minikube for local development and deployment)
CI/CD: GitHub Actions
GitOps: ArgoCD
Security: Trivy, ESLint, OWASP integration
Implementation Deep Dive
1. Local Development Setup
Starting with local development is crucial for understanding application dependencies and environment variables. This approach helps DevOps engineers grasp the application architecture and requirements before building the pipeline.
Key Benefits:
Understanding application flow and dependencies
Identifying required environment variables
Testing application functionality before containerization
2. Multi-Stage Dockerfile
Security and efficiency drove the decision to implement a multi-stage Docker build:
dockerfile
# Stage 1: Build Stage FROM node:20-alpine AS builder COPY package.json ./ RUN npm install COPY . . RUN npm run build # Stage 2: Production Stage FROM nginx:alpine COPY --from=builder /app/dist /usr/share/nginx/html EXPOSE 80 CMD ["nginx", "-g", "daemon off;"]
Advantages:
Reduced image size
Enhanced security (no build tools in production image)
Improved deployment speed
3. GitHub Actions DevSecOps Pipeline
The pipeline implements a sequential job flow with integrated security checks:
Pipeline Jobs
1. Unit Testing
Executes comprehensive test suites using Node.js 20
Validates code functionality before proceeding
2. Static Code Analysis (Linting)
Performs code quality checks using ESLint
Generates detailed reports in JSON format
Uploads artifacts for review
3. Build Process
Compiles the project after successful tests and linting
Creates build artifacts (dist folder)
Prepares application for containerization
4. Docker Image Build
Creates optimized Docker images using multi-stage builds
Tags images with SHA-based versioning
Pushes to GitHub Container Registry (GHCR)
5. Security Scanning
Trivy Vulnerability Scanning: Scans Docker images for critical and high-severity vulnerabilities
Prevents deployment of vulnerable images
Generates security reports
6. Kubernetes Manifest Updates
Automatically updates deployment files with new image tags
Commits changes back to repository
Triggers ArgoCD sync for deployment
4. Minikube Kubernetes Environment
This project uses Minikube to provide a complete local Kubernetes environment that closely mirrors production setups. Minikube offers several advantages for DevSecOps development:
Benefits:
Full Kubernetes API compatibility
Local testing of complete deployment pipeline
Cost-effective development environment
Easy integration with ArgoCD and other Kubernetes tools
5. GitOps with ArgoCD
ArgoCD serves as the continuous deployment controller, monitoring Git repositories for changes in Kubernetes manifests or Helm charts.
# Install ArgoCD on Minikube kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
Key Features:
3-minute default sync interval
Automated rollback capabilities
Visual deployment tracking
Multi-environment support
6. Minikube Development Environment
Minikube Setup and Configuration:
# Start Minikube with Docker driver minikube start --driver=docker --cpus=2 # Enable Ingress addon for external access minikube addons enable ingress # Verify ingress controller is running kubectl get pods -n ingress-nginx # Create container registry secret kubectl create secret docker-registry github-container-registry \ --docker-server=ghcr.io \ --docker-username=shudhoo \ --docker-password=$GITHUB_TOKEN \ --docker-email=shudhowani@gmail.com
Local Access Configuration:
# Get Minikube IP minikube ip # Add to /etc/hosts echo "$(minikube ip) tic-tac-toe.local" >> /etc/hosts # Start tunnel for local access minikube tunnel
Security Implementation
Container Security
Base Image Selection: Using Alpine Linux for minimal attack surface
Multi-stage Builds: Eliminating build tools from production images
Vulnerability Scanning: Trivy integration for continuous security assessment
Secrets Management
GitHub Secrets for sensitive data
Kubernetes secrets for runtime configuration
Container registry authentication
Code Quality
ESLint for static code analysis
Automated security dependency scanning
Pull request validation workflows
Key Benefits Achieved
1. Automated Security Integration
Every code change undergoes comprehensive security scanning before deployment, ensuring vulnerabilities are caught early in the development cycle.
2. GitOps Workflow
ArgoCD provides declarative deployment management, ensuring infrastructure and application state consistency across environments.
3. Scalable Architecture
Kubernetes orchestration enables horizontal scaling and high availability, while Minikube provides a complete local development environment that mirrors production capabilities.
4. Developer Experience
Minikube setup allows developers to test the complete deployment pipeline locally, ensuring consistency between development and production environments.
5. Compliance and Auditability
All changes are tracked through Git, providing complete audit trails for security and compliance requirements.
Best Practices Implemented
Local-First Development: Complete local Kubernetes environment with Minikube
Immutable Deployments: Container-based deployments with versioned artifacts
Security-First Approach: Integrated security scanning at every stage
Monitoring and Observability: ArgoCD provides deployment visibility
Environment Consistency: Minikube ensures development-production parity
Conclusion
This DevSecOps implementation demonstrates how modern tooling and practices can create a robust, secure, and scalable deployment pipeline. By integrating security at every stage—from code analysis to container scanning—we ensure that security isn't an afterthought but a fundamental part of the development process.
The combination of GitHub Actions for CI, ArgoCD for CD, and Kubernetes for orchestration creates a powerful platform that can scale with organizational needs while maintaining security and reliability standards.
The project showcases that DevSecOps isn't just about tools—it's about creating a culture and process that prioritizes security, automation, and continuous improvement throughout the software delivery lifecycle.
- Technologies Used: React, Node.js, Docker, Kubernetes, GitHub Actions, ArgoCD, Minikube, Trivy, ESLint
Project Repository: https://github.com/shudhoo/devsecops-cicd-tictactoe.git
Subscribe to my newsletter
Read articles from Shudho directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Shudho
Shudho
Hi, I’m Shudhodhan 🎯 — A passionate Cloud ☁️ and DevOps ♾️ learner, focused on applying skills to build, scale, and automate modern software development and deployment workflows. With a Strong foundation in IaC, Containerization 🐋 & Orchestration ☸️ with Kubernetes and Terraform. Capable of building and maintaining Cloud Native Applications on AWS ☁️. Skilled in designing and automating CI/CD 🔧 pipelines using Jenkins and GitHub Actions, supporting scalable deployments for both microservices and monolithic applications.