SH
SHELL
AI Powered Learning Portal
Module 15 Lesson 4: Capstone: CI/CD Strategy
·DevOps

Module 15 Lesson 4: Capstone: CI/CD Strategy

The automation engine. Design the GitHub Actions pipeline that will build, scan, and deploy the GlobalHealth platform to a secure production server.

capstoneci-cdgithub-actionsdeployment

Module 15 Lesson 4: Capstone - CI/CD Strategy

Our GlobalHealth Connect platform is ready. Now we need to ensure that every time a developer makes a change, the system is updated Automatically and Safely.

1. The Secure Pipeline Architecture

  1. Code Check: Lint the Python and Javascript code.
  2. Container Build: Build the images using the Dockerfiles from Lesson 3.
  3. Security Gate: Run Trivy or Docker Scout (Module 7). If there are "Critical" bugs, FAIL THE BUILD.
  4. Integration Test: Start the whole stack using docker-compose up and run a "Login Test."
  5. Tag and Push: Push the images to AWS ECR (Module 11) using the Git SHA as the tag.
  6. Remote Deploy: Log in to the production server and run the "Refresh" script.

2. The "Remote Refresh" Script

On our production server, we have this simple Bash script:

#!/bin/bash
# deploy.sh

# 1. Pull the absolute latest images
docker-compose -f docker-compose.yml -f docker-compose.prod.yml pull

# 2. Update the stack (Docker will only restart changed containers)
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d

# 3. Clean up the "Mess" (Module 13)
docker image prune -f

3. Why this setup?

  • Zero Regressions: By running the full docker-compose integration test in the pipeline, we ensure that a change in the Backend doesn't accidentally break the Frontend.
  • Immutable History: Using SHA tags means we can "Roll back" to any day in the last year in 30 seconds if we find a bug.

Exercise: The Pipeline Audit

  1. Look at the deploy.sh script. Why is the -f docker-compose.prod.yml part important? (Review Module 6).
  2. Imagine your "Health Check" (Module 15, Lesson 3) fails during the deployment. What does Docker Compose do by default?
  3. How would you modify this pipeline to send a notification to a Slack channel only if the "Security Gate" fails?
  4. Why is docker image prune -f at the end of the script essential for a server running for 6 months?

Summary

Automation is the final piece of the puzzle. It takes the "Human" out of the stressful deployment process and replaces them with a repeatable, secure, and fast machine. You have now designed a professional-grade delivery system.

Next Lesson: The Final Review: Course Wrap-up and Certification.

Previous LessonModule 15 Lesson 3: Capstone: Protected Images
Next LessonModule 15 Lesson 5: Final Review & Conclusion

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn