DevSecOps CI/CD Pipeline for Angular PWA with Automated Testing, Security Scanning, and Zero-Downtime Rollback
This project is a Progressive Web Application (PWA) built using Angular. It includes a fully automated DevSecOps pipeline implemented using GitHub Actions, integrating key stages such as build, test, code analysis, deployment, and rollback.
sample-pwa/
├── src/ # Angular source code
├── dist/ # Compiled output
├── .github/workflows/ # GitHub Actions workflows
│ └── deploy.yml # Main CI/CD pipeline
├── angular.json
├── package.json
├── README.md
└── ...
| Layer | Technology |
|---|---|
| Frontend | Angular |
| CI/CD | GitHub Actions |
| Code Quality | SonarQube |
| Deployment | AWS EC2 (Apache server) |
| Scripting | Bash, SSH |
The pipeline (defined in .github/workflows/deploy.yml) performs the following steps:
- Trigger: On every push to the
mainbranch. - Checkout: Pulls the latest code from GitHub.
- Setup:
- Node.js 16 for Angular
- Java 17 for SonarQube
- Install Dependencies: Runs
npm install - Unit Testing: Uses headless Chrome to run Angular tests
- Static Code Analysis: Integrates with SonarQube
- Build: Executes
ng build --prodto generate production-ready code - Backup & Deploy:
- SSHs into the EC2 instance
- Backs up current app
- Uploads and extracts new build
- Restarts Apache
- Rollback: Reverts to backup if deployment fails
- Server: AWS EC2 (Linux)
- Web Server: Apache
- Path:
/var/www/html/
Ensure the following GitHub Secrets are configured:
| Secret Name | Purpose |
|---|---|
EC2_HOST |
Public DNS of the EC2 instance |
EC2_USERNAME |
SSH user (e.g., ec2-user) |
EC2_SSH_KEY |
SSH private key for EC2 access |
SONAR_TOKEN |
SonarQube authentication token |
SONAR_HOST_URL |
URL of your SonarQube server |
SONAR_PROJECT_KEY |
Unique project key for analysis |
# Install dependencies
npm install
# Run tests
npm test
# Build project
ng build --prod
# Serve locally
npx http-server ./dist/sample-pwaIf the deployment fails at any stage:
- The pipeline automatically restores the last working backup on the EC2 instance.
- This ensures zero downtime and high availability.
Feel free to fork this repository and submit a PR for any enhancements or issues.
This project is licensed under the MIT License.
