A learning project demonstrating complete CI/CD pipeline with Trunk-Based Development, automated testing, and deployment strategies.
Learn practical CI/CD from code to production:
- ✅ Trunk-Based Development (direct push to main)
- ✅ Automated quality gates
- ✅ Unit, integration, and E2E testing
- ✅ Security scanning
- ✅ Automated deployments
- ✅ Production approval workflows
Tech Stack:
- Runtime: Node.js 22 + TypeScript
- Framework: Express.js
- Database: SQLite (file-based)
- Testing: Vitest (unit/integration), Playwright (E2E)
- CI/CD: GitHub Actions
- Hosting: Render.com
- Code Quality: ESLint + TypeScript strict mode
- Security: npm audit + Dependabot
Base URL: https://cicd-books-api.onrender.com
| Method | Endpoint | Description |
|---|---|---|
| GET | / |
API information |
| GET | /health |
Health check |
| GET | /api/books |
List all books |
| GET | /api/books/:id |
Get specific book |
| POST | /api/books |
Create new book |
| PUT | /api/books/:id |
Update book |
| DELETE | /api/books/:id |
Delete book |
Push to main
↓
CI Pipeline (GitHub Actions)
├── Install dependencies
├── Security audit (npm audit)
├── Linting (ESLint)
├── TypeScript compilation
├── Unit & Integration tests (Vitest)
└── Coverage report (GitHub Pages)
↓
Deploy to Test (Render)
↓
E2E Tests (Playwright)
↓
Manual Approval
↓
Deploy to Production
Unit & Integration Tests: 19 tests
- Health endpoint
- CRUD operations
- Validation
- Error handling
E2E Tests: 8 tests
- Real API testing against deployed environment
- Full request/response cycle
- Database persistence
Coverage: ~94%
- View at: https://ishfaqkhan80.github.io/cicd/
All pushes must pass:
- Security Audit - No high/critical vulnerabilities
- Linting - Code quality standards
- TypeScript - Type safety
- Tests - All tests passing
- Coverage - Tracked and reported
Prerequisites:
- Node.js 22+
- npm
Setup:
# Clone repository
git clone https://github.com/ishfaqkhan80/cicd.git
cd cicd
# Install dependencies
npm install
# Run in development mode
npm run dev
# Run tests
npm test
# Run tests with coverage
npm run test:coverage
# Run E2E tests (requires API running)
npm run test:e2e
# Lint code
npm run lintSee DEPLOYMENT.md for detailed deployment guide.
Quick Deploy to Production:
- Go to Actions → Deploy to Production
- Enter version tag (e.g.,
v1.0.0) - Wait for approval
- Approve and deploy
├── .github/
│ ├── workflows/
│ │ ├── ci.yml # Main CI pipeline
│ │ ├── e2e.yml # E2E tests
│ │ └── deploy-production.yml # Production deployment
│ └── dependabot.yml # Dependency updates
├── e2e/ # E2E tests
├── src/
│ ├── db/ # Database setup
│ ├── models/ # Data models & repositories
│ ├── routes/ # API routes
│ ├── app.ts # Express app
│ └── index.ts # Server entry point
├── coverage/ # Test coverage reports
├── playwright.config.ts # E2E test configuration
├── tsconfig.json # TypeScript configuration
├── eslint.config.js # Linting rules
└── render.yaml # Render deployment config
- Automated security scanning via npm audit
- Dependabot for automatic dependency updates
- No secrets in code - Environment variables used
- Input validation on all API endpoints
This project demonstrates:
- Trunk-Based Development - Small, frequent commits to main
- Quality Gates - Automated checks prevent bad code
- Test Pyramid - Unit → Integration → E2E
- Security First - Automated vulnerability scanning
- Deployment Strategies - Test → Production with approval
- Monitoring - Health checks and test reports
This is a learning project. To practice CI/CD:
- Fork the repository
- Make changes
- Watch CI/CD pipeline run
- Learn from any failures
ISC