Learnixo
All Projects
DevOpsintermediate View on GitHub

DeployForge

CI/CD pipeline from scratch — GitHub Actions, Docker, Azure Container Apps

2–3 hours to set up9 technologies5 guided steps

About This Project

Build a complete CI/CD pipeline for a .NET API: automated tests, Docker image build and push, container security scanning, staging deployment on pull request, and production deployment on merge to main. Includes environment promotion, rollback strategy, and structured deployment notifications.

What You'll Learn

Write a multi-stage Dockerfile that produces a minimal production image
Build CI/CD workflows in GitHub Actions from first principles
Scan container images for vulnerabilities with Trivy
Deploy to Azure Container Apps with zero-downtime rolling updates
Define Azure infrastructure as code with Bicep

Key Features

Multi-stage Docker build: SDK layer → runtime layer (final image ~80 MB)
GitHub Actions: separate workflows for CI (test) and CD (deploy)
Automated unit + integration tests as a required CI gate
Trivy container vulnerability scan — blocks deploy on HIGH/CRITICAL CVEs
PR environment: staging deployment auto-created on every pull request
Production deploy on merge to main with zero-downtime rolling update
Bicep IaC: all Azure resources defined as code, repeatable provisioning
Deployment notifications to Slack with commit SHA and diff URL
Rollback: GitHub Actions manual trigger to redeploy a previous image tag
Azure Monitor alerts for memory > 80% and HTTP 5xx spike

Project Structure

directory tree
DeployForge/
├── src/
│   └── DeployForge.Api/          # Sample .NET 9 API (the deploy target)
├── tests/
│   └── DeployForge.Tests/         # Unit + integration tests (CI gate)
├── .github/
│   └── workflows/
│       ├── ci.yml                 # Test + security scan on every push
│       └── cd.yml                 # Deploy on merge to main
├── infra/
│   ├── main.bicep                 # Container Apps + ACR + Log Analytics
│   └── container-app.bicep        # Container App definition
├── Dockerfile                     # Multi-stage build
└── docker-compose.yml             # Local development

Setup Guide

1

Fork the repository

Fork DeployForge — the workflows run in your own GitHub Actions.

bash
# Fork via GitHub UI, then clone your fork
git clone https://github.com/<your-username>/DeployForge.git
cd DeployForge
2

Provision Azure resources with Bicep

Create the Container Registry, Container Apps environment, and Log Analytics workspace.

bash
az login
az group create --name deployforge-rg --location uksouth
az deployment group create \
  --resource-group deployforge-rg \
  --template-file infra/main.bicep
3

Add GitHub Actions secrets

Store Azure credentials and registry details as repository secrets.

bash
# In GitHub repo Settings → Secrets:
# AZURE_CREDENTIALS  (output of: az ad sp create-for-rbac)
# ACR_NAME           (your Azure Container Registry name)
# AZURE_RG           (deployforge-rg)
# SLACK_WEBHOOK_URL  (optional — Slack incoming webhook)

Running the Project

1

Trigger the CI pipeline

Push a commit — GitHub Actions runs tests and security scan automatically.

bash
git checkout -b feature/test-pipeline
git commit --allow-empty -m "trigger: test CI pipeline"
git push origin feature/test-pipeline
# Open a PR — staging deploy kicks off automatically
2

Merge to deploy to production

Merging to main triggers the CD workflow — rolling update with health check.

bash
# Merge PR via GitHub UI
# CD workflow runs: build → scan → push → deploy
# Check deployment
az containerapp revision list \
  --name deployforge-api \
  --resource-group deployforge-rg

Project Info

CategoryDevOps
Difficultyintermediate
Setup time2–3 hours to set up
Technologies9 tools

Tech Stack

.NET 9 (target app)GitHub ActionsDockerAzure Container RegistryAzure Container AppsTrivy (security scan)Bicep (IaC)Azure MonitorSlack (notifications)

Prerequisites

  • GitHub account with Actions access
  • Azure subscription (free tier works)
  • Docker Desktop installed
  • .NET 9 SDK installed
View Source on GitHub
L

Learnixo

Project Author

Most DevOps tutorials show you how to deploy once. This shows you the full loop: PR → staging → review → production → rollback — with security scanning, IaC, and monitoring baked in from the start.

Related Courses

AI for Developers Python & FastAPI Docker & Kubernetes