Node CI/CD to EKS with GitHub Actions
make test
The full learning guide is on this page. Open the repository files only when a step asks you to inspect code, fork the project, or download raw assets.
Project Guide
Section titled βProject Guideβ
π‘οΈ 2026 DevSecOps Enhancements (What You Will Learn)
Section titled βπ‘οΈ 2026 DevSecOps Enhancements (What You Will Learn)βThis repository demonstrates advanced DevSecOps CI/CD patterns using GitHub Actions and Kustomize:
- OIDC AWS Authentication: The workflow utilizes OpenID Connect (OIDC) to authenticate with AWS. This eliminates the necessity of storing long-lived, static IAM access keys in GitHub Secrets, significantly reducing the risk of credential compromise.
- Environment Isolation via Kustomize: By leveraging Kustomize overlays (
dev,staging,prod), the infrastructure configuration is strictly isolated. This guarantees separation of duties, allowing precise RBAC controls over who can deploy to each specific environment slice.
Table of Contents
Section titled βTable of Contentsβ- End-to-End CI/CD Pipeline for Simple Node App Deployment on EKS using GitHub Actions
- Hit the Star! β - Author by DevCloud Ninjas
Repository Structure
Section titled βRepository StructureβThe repository is organized into several key directories:
βββ appβ βββ app.pyβ βββ calculator.jsβ βββ calculator.test.jsβ βββ Dockerfileβ βββ Dockerfile-pythonβ βββ index.jsβ βββ package.jsonβββ kustomizeβ βββ baseβ β βββ deploy.yamlβ β βββ ingress.yamlβ β βββ kustomization.yamlβ β βββ svc.yamlβ βββ overlaysβ βββ devβ β βββ deploy-dev.yamlβ β βββ ingress-dev.yamlβ β βββ kustomization.yamlβ β βββ svc-dev.yamlβ βββ prodβ β βββ deploy-prod.yamlβ β βββ ingress-prod.yamlβ β βββ kustomization.yamlβ β βββ svc-prod.yamlβ βββ stagingβ βββ deploy-staging.yamlβ βββ ingress-staging.yamlβ βββ kustomization.yamlβ βββ svc-staging.yamlβββ README.mdβββ terraformβ βββ ingress-nginx.tfβ βββ main.tfβ βββ outputs.tfβ βββ terraform.tfβ βββ variables.tfβββ VERSIONCI/CD Workflow
Section titled βCI/CD WorkflowβBuild Job
Section titled βBuild JobβThe build job performs several key tasks:
- Environment Setup: Node.js environment is set up and dependencies are installed.
- Run Tests: Executes unit tests for the application.
- Determine Version Increment: Checks the commit message to determine if the version needs to be incremented using Semantic Versioning scheme.
- Docker Build and Push: Builds a Docker image and pushes it to a registry.
Deployment Job
Section titled βDeployment JobβThe deployment job handles the following:
- Terraform Setup: Initializes Terraform and sets up the backend with different state files.
- Terraform Plan and Apply: Executes
terraform planandterraform applyto provision environment specific infrastructure. - Kubernetes Configuration: Configures
kubectlto interact with the Kubernetes cluster. - Ingress Controller Setup: Uses Helm to install the ingress controller.
- Application Deployment: Uses
kubectlto deploy theKustomizedapplication manifests.
Infrastructure Details
Section titled βInfrastructure Detailsβ- Dev Environment: Uses
t3.smallEC2 instances and deploys a single replica. - Staging Environment: Uses
t3.mediumEC2 instances and deploys three replicas. - Prod Environment: Uses
t3.largeEC2 instances and deploys three replicas.
DNS for all environments is automatically managed via Cloudflare and environment-specific subdomains are assigned and pointed to their respective LB hostname (using CNAME) ie., dev.afraz.dev, staging.afraz.dev and prod.afraz.dev.
Notifications
Section titled βNotificationsβSlack notifications are configured to send updates at the end of each job. This provides immediate feedback on the success or failure of the pipeline and also updates on the DNS changes if applicable.
GitOps Principles
Section titled βGitOps PrinciplesβThe pipeline adheres to GitOps principles, where Git serves as the single source of truth. Any change to the application or infrastructure is expected to be made through a Git commit.
Hit the Star! β
Section titled βHit the Star! ββIf you are planning to use this repo for learning, please hit the star. Thanks!