Deployment & DevOps - Automated Excellence

Create a comprehensive CI/CD pipeline for: [PROJECT_TYPE]

Technology stack: [TECH_STACK]
Deployment target: [CLOUD_PROVIDER/ENVIRONMENT]
Team size: [TEAM_SIZE]

Generate pipeline configuration including:
1. Source code management triggers
2. Build and test automation
3. Security scanning integration
4. Quality gates and approvals
5. Multi-environment deployment strategy
6. Rollback mechanisms
7. Monitoring and alerting setup

Use [CI_CD_PLATFORM] and include:
- Pipeline as code (YAML/JSON)
- Environment-specific configurations
- Secret management
- Artifact handling
- Deployment strategies (blue-green, canary, rolling)

Design infrastructure for: [APPLICATION_DESCRIPTION]

Requirements:
- Expected traffic: [TRAFFIC_ESTIMATES]
- Availability requirements: [SLA_REQUIREMENTS]
- Security compliance: [COMPLIANCE_STANDARDS]
- Budget constraints: [BUDGET_RANGE]

Create Infrastructure as Code using [IaC_TOOL] including:
1. Compute resources (containers, VMs, serverless)
2. Networking configuration (VPC, subnets, load balancers)
3. Database and storage setup
4. Security groups and IAM policies
5. Monitoring and logging infrastructure
6. Backup and disaster recovery
7. Auto-scaling configurations
8. Cost optimization strategies

Provide modular, reusable templates with documentation.

Create Docker configuration for: [APPLICATION_TYPE]

Application details:
- Runtime: [RUNTIME_ENVIRONMENT]
- Dependencies: [DEPENDENCY_LIST]
- Build requirements: [BUILD_TOOLS]
- Security requirements: [SECURITY_NEEDS]

Generate:
1. Optimized Dockerfile with multi-stage builds
2. Docker Compose for local development
3. Production-ready container configuration
4. Health check implementations
5. Security hardening measures
6. Resource limits and constraints
7. Environment variable management
8. Volume and network configurations

Include best practices for image size optimization and security.

name: Node.js CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  NODE_VERSION: '18.x'
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  test:
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:14
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: test_db
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432

    steps:
    - uses: actions/checkout@v4

    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
        node-version: ${{ env.NODE_VERSION }}
        cache: 'npm'

    - name: Install dependencies
      run: npm ci

    - name: Run linting
      run: npm run lint

    - name: Run type checking
      run: npm run type-check

    - name: Run unit tests
      run: npm run test:unit
      env:
        DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test_db

    - name: Run integration tests
      run: npm run test:integration
      env:
        DATABASE_URL: postgresql://postgres:postgres@localhost:5432/test_db

    - name: Generate coverage report
      run: npm run test:coverage

    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./coverage/lcov.info

  security:
    runs-on: ubuntu-latest
    needs: test

    steps:
    - uses: actions/checkout@v4

    - name: Run security audit
      run: npm audit --audit-level high

    - name: Run Snyk security scan
      uses: snyk/actions/node@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        args: --severity-threshold=high

  build:
    runs-on: ubuntu-latest
    needs: [test, security]
    if: github.ref == 'refs/heads/main'

    permissions:
      contents: read
      packages: write

    steps:
    - uses: actions/checkout@v4

    - name: Log in to Container Registry
      uses: docker/login-action@v3
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Extract metadata
      id: meta
      uses: docker/metadata-action@v5
      with:
        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
        tags: |
          type=ref,event=branch
          type=sha,prefix={{branch}}-
          type=raw,value=latest,enable={{is_default_branch}}

    - name: Build and push Docker image
      uses: docker/build-push-action@v5
      with:
        context: .
        push: true
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max

  deploy-staging:
    runs-on: ubuntu-latest
    needs: build
    environment: staging

    steps:
    - name: Deploy to staging
      run: |
        echo "Deploying to staging environment"
        # Add deployment commands here

  deploy-production:
    runs-on: ubuntu-latest
    needs: [build, deploy-staging]
    environment: production
    if: github.ref == 'refs/heads/main'

    steps:
    - name: Deploy to production
      run: |
        echo "Deploying to production environment"
        # Add production deployment commands here

# Build stage
FROM node:18-alpine AS builder

# Set working directory
WORKDIR /app

# Copy package files
COPY package*.json ./

# Install dependencies (including dev dependencies for build)
RUN npm ci --only=production && npm cache clean --force

# Copy source code
COPY . .

# Build the application
RUN npm run build

# Production stage
FROM node:18-alpine AS production

# Create non-root user
RUN addgroup -g 1001 -S nodejs && \
    adduser -S nextjs -u 1001

# Set working directory
WORKDIR /app

# Copy package files
COPY package*.json ./

# Install only production dependencies
RUN npm ci --only=production && npm cache clean --force

# Copy built application from builder stage
COPY --from=builder --chown=nextjs:nodejs /app/dist ./dist
COPY --from=builder --chown=nextjs:nodejs /app/public ./public

# Security hardening
RUN apk --no-cache add dumb-init && \
    rm -rf /var/cache/apk/*

# Switch to non-root user
USER nextjs

# Expose port
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1

# Use dumb-init to handle signals properly
ENTRYPOINT ["dumb-init", "--"]

# Start the application
CMD ["node", "dist/server.js"]

Create Kubernetes manifests for: [APPLICATION_NAME]

Application requirements:
- Replicas: [REPLICA_COUNT]
- Resource limits: [CPU/MEMORY_LIMITS]
- Storage needs: [STORAGE_REQUIREMENTS]
- External dependencies: [DEPENDENCY_LIST]

Generate complete K8s configuration including:
1. Deployment manifest with rolling update strategy
2. Service configuration (ClusterIP, LoadBalancer)
3. ConfigMap and Secret management
4. Ingress configuration with TLS
5. HorizontalPodAutoscaler (HPA)
6. NetworkPolicy for security
7. ServiceMonitor for Prometheus
8. PersistentVolumeClaim if needed

Include namespace organization and resource quotas.

Design monitoring solution for: [SYSTEM_DESCRIPTION]

Key metrics to track:
- Application performance: [PERFORMANCE_METRICS]
- Infrastructure health: [INFRASTRUCTURE_METRICS]
- Business metrics: [BUSINESS_METRICS]

Create monitoring stack including:
1. Prometheus configuration with scrape targets
2. Grafana dashboards for visualization
3. AlertManager rules and routing
4. Log aggregation with ELK/Loki
5. APM integration (Jaeger/Zipkin)
6. Synthetic monitoring setup
7. SLA/SLO definitions
8. Incident response playbooks

Include alerting thresholds and escalation procedures.

Implement DevSecOps for: [PROJECT_TYPE]

Security requirements:
- Compliance standards: [COMPLIANCE_LIST]
- Threat model: [SECURITY_CONCERNS]
- Risk tolerance: [RISK_LEVEL]

Create security automation including:
1. SAST/DAST integration in CI/CD
2. Container image vulnerability scanning
3. Infrastructure security scanning
4. Secret management automation
5. Compliance checking and reporting
6. Security policy as code
7. Incident response automation
8. Security metrics and dashboards

Include security gates and approval workflows.

# Terraform AWS Infrastructure
resource "aws_ecs_cluster" "main" {
  name = "${var.project_name}-cluster"

  setting {
    name  = "containerInsights"
    value = "enabled"
  }
}

resource "aws_ecs_service" "app" {
  name            = "${var.project_name}-service"
  cluster         = aws_ecs_cluster.main.id
  task_definition = aws_ecs_task_definition.app.arn
  desired_count   = var.desired_count

  deployment_configuration {
    maximum_percent         = 200
    minimum_healthy_percent = 100
  }

  load_balancer {
    target_group_arn = aws_lb_target_group.app.arn
    container_name   = "app"
    container_port   = 3000
  }
}

# Kubernetes HPA
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: app-deployment
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

#!/bin/bash
# Blue-Green deployment script

CURRENT_ENV=$(kubectl get service app-service -o jsonpath='{.spec.selector.version}')
NEW_ENV=$([ "$CURRENT_ENV" = "blue" ] && echo "green" || echo "blue")

echo "Current environment: $CURRENT_ENV"
echo "Deploying to: $NEW_ENV"

# Deploy new version
kubectl set image deployment/app-$NEW_ENV app=myapp:$NEW_VERSION

# Wait for rollout
kubectl rollout status deployment/app-$NEW_ENV

# Run health checks
if ./health-check.sh $NEW_ENV; then
  echo "Health checks passed, switching traffic"
  kubectl patch service app-service -p '{"spec":{"selector":{"version":"'$NEW_ENV'"}}}'
  echo "Traffic switched to $NEW_ENV"
else
  echo "Health checks failed, rolling back"
  exit 1
fi

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: app-vs
spec:
  http:
  - match:
    - headers:
        canary:
          exact: "true"
    route:
    - destination:
        host: app-service
        subset: v2
  - route:
    - destination:
        host: app-service
        subset: v1
      weight: 90
    - destination:
        host: app-service
        subset: v2
      weight: 10

global:
  scrape_interval: 15s
  evaluation_interval: 15s

rule_files:
  - "alert_rules.yml"

scrape_configs:
  - job_name: 'app'
    static_configs:
      - targets: ['app:3000']
    metrics_path: /metrics
    scrape_interval: 5s

  - job_name: 'node-exporter'
    static_configs:
      - targets: ['node-exporter:9100']

alerting:
  alertmanagers:
    - static_configs:
        - targets: ['alertmanager:9093']

{
  "dashboard": {
    "title": "Application Metrics",
    "panels": [
      {
        "title": "Request Rate",
        "type": "graph",
        "targets": [
          {
            "expr": "rate(http_requests_total[5m])",
            "legendFormat": "{{method}} {{status}}"
          }
        ]
      },
      {
        "title": "Response Time",
        "type": "graph",
        "targets": [
          {
            "expr": "histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))",
            "legendFormat": "95th percentile"
          }
        ]
      }
    ]
  }
}