Skip to content

13. DevOps, CI/CD & Tooling

13.1 CI/CD Pipeline

graph LR
  CODE["💻 CODE\nGitLab"] -->|push| BUILD["🔨 BUILD\nDocker Build"]
  BUILD -->|image| TEST["✅ TEST\nPHPUnit · Pest · Jest"]
  TEST -->|pass| SCAN["🔍 SCAN\nTrivy · OWASP · SonarQube"]
  SCAN -->|clean| DEPLOY["🚀 DEPLOY\nArgoCD · Helm"]

13.2 DevOps Toolchain

Category Tool Purpose
VCS GitLab CE (self-hosted) Source code, merge requests, wiki
CI/CD GitLab CI/CD Pipeline automation
Container Registry GitLab Container Registry or Harbor Docker image storage
GitOps ArgoCD Kubernetes declarative deployments
IaC Terraform + Ansible Infrastructure provisioning & config management
Helm Charts Helm 3 Kubernetes package management
Secret Management HashiCorp Vault + External Secrets Operator K8s secrets injection
Code Quality SonarQube (self-hosted) Static analysis, code smell detection
Security Scanning Trivy (containers), OWASP ZAP (DAST), Semgrep (SAST) DevSecOps
Artifact Storage Nexus Repository PHP packages, npm, Maven
Documentation GitLab Wiki + MkDocs Material Technical docs, API guides

13.3 Environment Strategy

Environment Purpose Infrastructure
Development Active development, feature branches Shared K8s namespace, small DBs
Staging Pre-production testing, UAT Mirrors production (smaller scale)
Production Live services Full HA cluster, Sulaymaniyah DC (primary)
DR Disaster recovery Erbil DC (warm standby → future active-active)