📝 Todo API — CI/CD Quality Gates Portfolio Project

End-to-End CI/CD Demonstration — QA & DevOps Engineering
A production-style Todo API showcasing automated testing, performance validation, security gates, and container deployment. Built to demonstrate my ability to design, implement, and maintain modern CI/CD pipelines with industry best practices.

---

🚦 About This Project

This repository demonstrates real-world QA and DevOps practices through a full-stack Flask Todo API, featuring:

• Multi-step CI/CD Pipeline: Built with GitHub Actions — each stage enforces quality, security, and reliability.
• Automated Testing: Unit, integration, API, and performance tests.
• Security at Every Step: Source code and container vulnerability scanning.
• Containerization: Docker & Docker Compose for reproducible environments.
• Quality Reporting: Code coverage, performance reports, and pipeline summaries.

Use this repo as a reference for professional quality engineering & DevOps automation.

---

📋 Prerequisites

• Docker & Docker Compose
• Python 3.8+ (for local development)
• k6 (for performance testing)

---

🛡️ CI/CD Quality Gates

The pipeline enforces the following gates (see .github/workflows/ci-cd.yml):

Gate #	Stage	Tool	Description
1	Code Linting	flake8	Static style & error checks
2	Security Scan (SAST)	Trivy	Source vulnerability analysis
3	Unit Testing + Coverage	pytest+cov	Model/routes logic & coverage
4	Docker Image Build	Dockerfile	Containerization validation
5	Container Security Scan	docker scan	Vulnerabilities in image
6	API Integration Tests	curl/pytest	Endpoint smoke tests
7	Performance Tests	k6	Load & reliability checks
8*	Deployment	Docker Hub	Publish image (on master)

*Deployment gate runs only on the master branch, pushing images to Docker Hub.

---

🔬 Automated Testing Strategy

• Unit Tests: Flask models and routes
• API/Integration: Real API tests (CRUD, edge cases, performance)
• Performance: k6 simulates concurrent users, checks latency & success rates
• Coverage: Reports uploaded to Codecov

See tests/unit/ and tests/api/ for test cases.
Performance scripts: tests/performance/k6_test.js.

---

🧑‍💻 Tech Stack & Tools

• Python: Flask, SQLAlchemy
• Testing: pytest, requests, k6
• Linting: flake8
• Security: Trivy, docker scan
• CI/CD: GitHub Actions
• Containerization: Docker, Docker Compose
• Reporting: Codecov, workflow summaries

---

⚖️ Design Decisions & Demo Considerations

This project is tailored for portfolio demonstration, so a few trade-offs were made intentionally:

• Performance thresholds in k6 are tuned to pass consistently in CI/CD for demo purposes.
  In production, stricter SLAs (e.g., p(95)<300ms, <0.01 error rate) would be enforced and could block deployment.
  Here, thresholds are more lenient to ensure reliable demo runs on GitHub-hosted runners.

• Security scans (Trivy, docker scan) are integrated as quality gates.
  For demo continuity, high-severity vulnerabilities are not blocked.
  In real DevSecOps pipelines, failing scans would stop deployment until resolved.

• Ephemeral environments are spun up in Docker inside GitHub Actions instead of cloud environments.
  This keeps the project lightweight, portable, and review-friendly.

• Reports & artifacts (coverage, performance, summaries) are stored as workflow artifacts.
  In production, these would typically feed into monitoring dashboards (Grafana, Allure, SonarQube).

👉 These choices balance real-world awareness with practical demo execution, making the project both reliable and illustrative for recruiters and interviewers.

---

🏃 Getting Started

1. Clone & Build

git clone https://github.com/Sahar-dev/todo-api-ci-cd.git
cd todo-api-ci-cd
docker-compose up --build

API available at http://localhost:5000.

2. Run Tests

• Unit tests:
  pytest tests/unit/
• API tests:
  pytest tests/api/
• Performance:
  Requires k6:
  k6 run tests/performance/k6_test.js

---

🌐 API Reference

Base URL: http://localhost:5000/api/todos

Method	Endpoint	Description
GET	/api/todos	List all todos
POST	/api/todos	Create new todo
GET	/api/todos/<id>	Get todo by ID
PUT	/api/todos/<id>	Update todo
DELETE	/api/todos/<id>	Delete todo
GET	/health	Health check

---

📂 Project Structure

app/                # Flask application code
tests/unit/         # Unit tests
tests/api/          # Integration/API tests
tests/performance/  # k6 load tests
Dockerfile          # Container build
docker-compose.yml  # Dev environment
.github/workflows/  # CI/CD pipeline

---

📊 Reporting & Artifacts

• Coverage: Codecov
• Performance: k6 HTML/JSON reports (workflow artifacts)
• Pipeline Summaries: See GitHub Actions run for details

---

🏅 Why This Project?

This project is designed as a showcase for:

• QA Engineering: Test automation, coverage, reliability
• DevOps: End-to-end CI/CD, security gates, containerization, reporting
• Portfolio: Demonstrates real-world practices for professional engineering roles

---

👤 Author

Sahar-dev
GitHub | LinkedIn | Portfolio

---

📄 License

MIT License

---

🤝 Contributing

Issues and PRs are welcome!
Use this project to learn, improve, and showcase your DevOps & QA skills.

---

🌟 Acknowledgements

• Flask
• GitHub Actions
• k6
• Trivy