Live App →
Developers

CI / CD

Jenkins + GitHub webhooks, dev to main flow, image promotion, and deployment gates.

CI / CD

Fully automated pipelines from commit to production with manual gates for critical changes.

Branch Strategy

feature/* ──► dev branch ──► PR ──► main branch ──► prod
  • feature/*: Developer branches
  • dev: Integration branch, auto-deploys to dev environment
  • main: Production branch, requires approval for prod deploy

Pipeline Stages

1. Lint & Format

  • ruff check / black --check (Python)
  • eslint / prettier (TypeScript)
  • terraform fmt -check (IaC)

2. Test

  • Unit tests (pytest, vitest)
  • Integration tests (pytest -m integration)
  • Coverage gate: > 70%

3. Security Scan

  • bandit (Python SAST)
  • npm audit (dependency vulnerabilities)
  • trivy (container image scan)

4. Build

  • Docker image build with multi-stage Dockerfile
  • Tag: git-sha + branch-name

5. Push

  • ECR repository push
  • Image promotion: dev → staging → prod

6. Deploy

  • ECS service update (blue/green)
  • CloudFront cache invalidation (frontend)
  • Health check verification

Deployment Gates

Gate Requirement
Staging All tests pass, security scan clean
Production QA sign-off, manual approval, maintenance window

Rollback

# Rollback to previous ECS task definition
aws ecs update-service --cluster sentinel-prod \
  --service nexus-backend --force-new-deployment

# Rollback frontend to previous S3 version
aws s3 cp s3://cwt-prod-assets/backup/ s3://cwt-prod-assets/current/ --recursive