|
1 |
| -# GCP DevSecOps Pipelines |
| 1 | +# GCP DevSecOps Pipeline |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | + |
| 6 | + |
| 7 | + |
| 8 | + |
| 9 | + |
| 10 | + |
| 11 | +This project provides an opinionated DevSecOps pipeline for Google Cloud Platform (GCP), built with Terraform and GitHub Actions. It integrates security best practices into the software development lifecycle to ensure secure, automated infrastructure deployments. |
| 12 | + |
| 13 | +## π§± Project Structure |
| 14 | + |
| 15 | +```text |
| 16 | +gcp-devsecops-pipeline/ |
| 17 | +βββ .github/workflows/ # CI/CD pipelines using GitHub Actions |
| 18 | +β βββ default.yml # Default pipeline for miscellaneous jobs |
| 19 | +β βββ terraform-apply.yml # Runs Terraform apply operations |
| 20 | +β βββ terraform-linter.yml # Lints Terraform code for best practices |
| 21 | +βββ assets/ # Diagrams and visual assets |
| 22 | +β βββ infra_architecture.drawio.svg |
| 23 | +βββ terraform/ # Main Terraform configuration for GCP |
| 24 | +β βββ data.tf |
| 25 | +β βββ main.tf |
| 26 | +β βββ provider.tf |
| 27 | +β βββ variables.tf |
| 28 | +β βββ modules/ |
| 29 | +β βββ pipelines/ # Reusable Terraform modules |
| 30 | +β βββ main.tf |
| 31 | +β βββ variable.tf |
| 32 | +βββ LICENSE # Project license |
| 33 | +βββ .gitignore # Git ignored files |
| 34 | +βββ README.md # Project documentation |
| 35 | +``` |
| 36 | + |
| 37 | +## π Features |
| 38 | + |
| 39 | +- **Infrastructure as Code (IaC):** Uses Terraform to define and manage infrastructure in GCP. |
| 40 | +- **Modular Design:** Core infrastructure and pipeline logic are separated into reusable modules. |
| 41 | +- **Security-first Pipelines:** GitHub Actions workflows include a Terraform linter and secure deployment workflow. |
| 42 | +- **Visual Architecture Diagram:** A visual reference of the infrastructure is provided under `assets/`. |
| 43 | + |
| 44 | +## βοΈ Getting Started |
| 45 | + |
| 46 | +1. **Clone the repository** |
| 47 | + |
| 48 | + ```bash |
| 49 | + git clone https://github.com/<your-org>/gcp-devsecops-pipeline.git |
| 50 | + cd gcp-devsecops-pipeline |
| 51 | + ``` |
| 52 | + |
| 53 | +2. **Initialize and apply Terraform** |
| 54 | + |
| 55 | + ```bash |
| 56 | + cd terraform |
| 57 | + terraform init |
| 58 | + terraform plan |
| 59 | + terraform apply |
| 60 | + ``` |
| 61 | + |
| 62 | +3. **Review GitHub Workflows** |
| 63 | + |
| 64 | + - Customize `.github/workflows/terraform-apply.yml` and `.github/workflows/terraform-linter.yml` as needed for your environment. |
| 65 | + |
| 66 | +## π Prerequisites |
| 67 | + |
| 68 | +- [Terraform CLI](https://developer.hashicorp.com/terraform) |
| 69 | +- A configured [GCP Service Account](https://cloud.google.com/iam/docs/service-accounts) with the appropriate roles |
| 70 | +- [GitHub Actions](https://docs.github.com/en/actions) configured for secret management and automation |
| 71 | + |
| 72 | +## π‘οΈ Security Considerations |
| 73 | + |
| 74 | +- Secrets must be stored securely using GitHub repository secrets. |
| 75 | +- Terraform linting helps enforce security standards pre-deployment. |
| 76 | +- Diagrams and modularization promote clarity and maintainability in infrastructure design. |
| 77 | + |
| 78 | +## π License |
| 79 | + |
| 80 | +This project is licensed under the terms of the [LICENSE](./LICENSE) file. |
0 commit comments