Standardized CI/CD for Node.js + Vite Apps on EKS

A fast-growing B2B SaaS company ran multiple Node.js microservices and React/Vite frontends with frequent releases. The goal was to standardize CI/CD for new applications without retrofitting existing services. Teams faced:

• Inconsistent pipelines and duplicated effort across services
• Manual image builds and kubectl-based deploys that slowed delivery
• No shared standards for ingress, health checks, or environment propagation
• High onboarding time for both new services and engineers
• Limited visibility and tedious cleanup for preview environments

Delivered a reusable boilerplate repository (convention‑driven CI/CD template) that standardizes build, publish, and deploy steps for any new Node.js + Vite app. Scope: applied to new repositories/services; existing services continued on their current pipelines. Developers create a repo from the boilerplate, place code in server/ and client/, and use the included workflows to deploy.

1) Container Build & Publish (GHCR)

• GitHub Actions workflow builds backend and frontend images
• Pushes to GitHub Container Registry with versioned tags

2) Single Helm Chart for Backend + Optional Frontend

• Deploys backend Service/Deployment and, when enabled, a frontend served via Nginx
• Nginx proxies /api/* to the backend service inside the namespace

3) Standardized Health, Ingress, and Secrets

• Health checks: default backend path /api/agent/health (configurable)
• Ingress paths: /api for backend, / for frontend
• Environment variables injected via a single ENV_SECRET_JSON → Kubernetes Secret

4) Convention over Configuration

• Namespace, application, and domains derived from the repository and applicationType (external/internal)
• Ingress class selection and domain mapping handled by workflow inputs

5) Safe Teardown

• Cleanup workflow reliably uninstalls the Helm release and deletes residual resources

• GitHub Actions (OIDC → AWS IAM Role)
• GitHub Container Registry (GHCR)
• Helm
• Amazon EKS + Kubernetes
• Nginx Ingress
• Node.js (Express + TypeScript) and React (Vite)

• Time-to-deploy per service reduced from hours to minutes
• 80–90% boilerplate reduction for new services (pipelines, charts, docs)
• Fewer incidents from misconfigured ingress and probes
• Consistent security posture (GHCR pull secrets, OIDC-based AWS auth)
• Predictable, auditable deployments via GitHub Actions history

• Time to Deploy: Minutes (from hours)
• Boilerplate Reduction: 80–90%
• Ingress/Probe Misconfigs: Reduced
• Security Posture: Standard

• Enforce conventions early (paths, health checks, domain scheme) to simplify automation
• Keep workflows composable: build and deploy are decoupled but chainable
• Use relative /api in the SPA to work across local proxy (Vite) and in-cluster proxy (Nginx)
• Secrets as a single JSON improves ergonomics and reduces misconfigurations
• Dynamic namespace = repo name eases discovery and isolation