DEVOPS
PLATFORM
GitHub Actions builds, validates and secures every change. Helm packages Kubernetes releases. Argo CD continuously reconciles the desired state, while release, rollback and monitoring controls keep delivery production-grade.
One commit. Every gate.
Required checks block unsafe changes before packaging and GitOps promotion.
Build
Compile and create immutable artifacts.
RUNNERLint
Static quality and formatting gates.
QUALITYTest
Unit, integration and smoke tests.
VERIFYScan
Dependencies, code, image and SBOM.
SECURITYPackage
Container image and Helm chart.
RELEASEGitOps
Commit desired state and reconcile.
ARGO CDVerify
Health, metrics and rollback guard.
OBSERVEpull_request → build + lint + test + scan
main → image + chart + GitOps update
tag v* → release + provenance
manual → rollback + verification
- Least-privilege workflow permissions
- Dependency and CodeQL scanning
- Container vulnerability scan
- SBOM and artifact attestation blueprint
- Protected production environment
Runner activity, live.
Connect a repository token to display genuine workflow runs and releases.
| Run | Workflow | Branch | Event | Status | Duration | Updated |
|---|---|---|---|---|---|---|
| Waiting for GitHub configuration. | ||||||
Versioned Kubernetes delivery.
A complete chart contains workload, networking, autoscaling, resilience and monitoring resources.
- Linthelm lint
- Renderhelm template
- Packagehelm package
- PublishOCI registry
- PromoteGitOps values update
Desired state, continuously reconciled.
Sync, health, drift and revision data are fetched from Argo CD when its API is configured.
| Application | Project | Sync | Health | Revision | Destination |
|---|---|---|---|---|---|
| Waiting for Argo CD configuration. | |||||
Promote with evidence. Recover with control.
Release history comes from GitHub; rollback is performed through a protected manual workflow.
No release data connected.
Rollback uses workflow_dispatch, a target environment, revision and explicit confirmation. The workflow updates the GitOps repository, waits for reconciliation, and verifies application health.
Release health in context.
Optional health endpoints make the command center reflect real application, Argo CD and monitoring status.
One D1 binding. Zero SQL commands.
The platform creates and upgrades its audit tables automatically after a D1 database is bound as DB. Existing GitHub, Helm and Argo CD behavior stays unchanged.
- ServiceMonitor for application metrics
- PrometheusRule for availability and latency
- Deployment annotations for release metadata
- Post-deploy smoke and health verification
The uploaded GitHub Actions Runner, Helm and Argo CD source trees are preserved in a compressed, split source bundle with checksums and reassembly instructions.