CICD Pipeline 架構及最佳實踐方式 - paulip114/blog GitHub Wiki

✅ 完整 CI/CD Pipeline 結構（符合 Best Practice）

階段	功能
CI - Build & Test	確保程式可以編譯、通過測試、符合品質門檻
Test - QA Automation	自動化測試：單元、整合、端對端、靜態分析、安全性
CD - Deploy	自動部署到 Staging / Production
Release 管理	Tag、版本控制、通知、Rollback 支援
Monitoring & Feedback	成功通知、錯誤追蹤、監控整合

🧱 Pipeline 範例（以 GitHub Actions 為例）

以下是一份符合業界最佳實踐的 CI + QA + CD Pipeline

name: CI/CD Pipeline

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  # ===================
  # 1. Build & Lint
  # ===================
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'

      - name: Install dependencies
        run: npm ci

      - name: Lint code
        run: npm run lint

      - name: Run unit tests
        run: npm run test:unit

  # ===================
  # 2. QA: E2E & Security
  # ===================
  qa:
    needs: build
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: Install dependencies
        run: npm ci

      - name: Run integration tests
        run: npm run test:integration

      - name: Run E2E tests
        run: npm run test:e2e

      - name: Static code analysis (SonarCloud)
        uses: SonarSource/sonarcloud-github-action@master
        with:
          projectBaseDir: .
          args: >
            -Dsonar.organization=my-org
            -Dsonar.projectKey=my-project
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: Run security scan (Snyk)
        uses: snyk/actions/node@v1
        with:
          command: test
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

  # ===================
  # 3. Deploy
  # ===================
  deploy:
    needs: qa
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: Login to Container Registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

      - name: Set kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config

      - name: Deploy to Kubernetes
        run: |
          kubectl set image deployment/my-deployment my-container=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

      - name: Notify success
        uses: slackapi/[email protected]
        with:
          payload: |
            {
              "text": ":rocket: Deployment completed successfully to *Production*!",
              "channel": "#deployments"
            }
        env:
          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

📦 支援內容總覽

模組	工具 / 技術
Linting	ESLint, Pylint, etc
單元測試	Jest, Mocha, PyTest, xUnit
整合測試	Supertest, Postman CLI
E2E 測試	Cypress, Playwright, Selenium
靜態分析	SonarCloud
安全掃描	Snyk, Trivy, CodeQL
构建與推送 Image	Docker Buildx, GitHub Registry
部署	kubectl, Helm
通知	Slack, Discord, Email

🎯 為什麼這是 Best Practice？

測試被分階段處理（可平行執行）
確保部署前品質（QA gate）
支援快速回報錯誤（fail fast）
安全性檢查自動化
可延伸至 Canary 或 Blue-Green 部署