CleanPro is a cloud-native web application for a cleaning service company based in Tel Aviv, Israel. This project demonstrates modern DevOps practices with infrastructure as code, containerization, CI/CD automation, and secure deployment practices.
- Architecture Overview
- Infrastructure Details
- Local Development Setup
- CI/CD Pipeline
- Development Workflow
- Production Deployment
- Security Practices
- Contributing
- Contact
CleanPro follows a modern cloud-native architecture designed for scalability, reliability, and security.
┌───────────────────────────────────────────────────────────────────────────┐
│ AWS Cloud │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Application│ │ ECS │ │ RDS DB │ │
│ │ Load Balancer│─────▶ Cluster │─────▶ (PostgreSQL)│ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ▲ │ │
│ │ │ │
│ │ ▼ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │CloudFront CDN│ │ CloudWatch│ │ S3 Bucket │ │
│ │ (optional) │ │ Monitoring │ │ (Storage) │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
└───────────────────────────────────────────────────────────────────────────┘
The architecture is designed for the Israeli market with the following considerations:
- Regional Proximity: Infrastructure deployed in eu-west-1 (Ireland) for lowest latency to Israel
- Hebrew Language Support: Application supports Hebrew RTL text rendering
- Compliance: Infrastructure designed with Israeli privacy regulations in mind
The entire infrastructure is defined as code using Terraform:
-
VPC & Networking:
- Custom VPC with public and private subnets across 3 availability zones
- Internet Gateway and NAT Gateways for secure outbound connections
- Security groups with principle of least privilege
-
Compute:
- ECS Fargate for containerized applications
- Auto-scaling based on CPU and memory utilization
- Serverless deployment for cost optimization
-
Database:
- RDS PostgreSQL for structured data
- Multi-AZ deployment for high availability (production only)
- Automated backups and point-in-time recovery
-
Security & Monitoring:
- AWS CloudWatch for logging and monitoring
- CloudTrail for audit logging
- VPC Flow Logs for network monitoring
The infrastructure supports multiple environments:
- Development: For active development and testing
- Staging: For pre-production validation
- Production: For live customer-facing services
- Docker and Docker Compose
- Python 3.11+
- AWS CLI (configured)
- Terraform (optional, for infrastructure work)
-
Clone the repository:
git clone https://github.com/senopaul/CleanPro.git cd CleanPro -
Create environment file:
cp .env.example .env # Edit .env with your local settings -
Start local development environment:
docker-compose up -d
-
Access the application:
- Web: http://localhost:5000
- Database admin: http://localhost:8080 (Adminer)
-
Run tests:
docker-compose exec web pytest -
Run linting:
docker-compose exec web flake8 docker-compose exec web black .
-
Database migrations:
docker-compose exec web flask db migrate -m "Migration message" docker-compose exec web flask db upgrade
Our CI/CD pipeline automates testing, security scanning, and deployment across environments.
┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐
│ Test │────▶│ Security │────▶│ Build │────▶│ Deploy │
│ & Lint │ │ Scan │ │ Container │ │ Dev │
└───────────┘ └───────────┘ └───────────┘ └─────┬─────┘
│
▼
┌───────────┐
│ Deploy │
│ Staging │
└─────┬─────┘
│
▼
┌───────────┐
│ Deploy │
│ Production│
└───────────┘
- Automated Testing: Unit and integration tests
- Code Quality: Linting with flake8 and black
- Security Scanning: Bandit for code security and Safety for dependency vulnerabilities
- Infrastructure Validation: Terraform validation and planning
- Container Building: Multi-stage Docker builds for minimal image size
- Progressive Deployment: Development → Staging → Production
- main: Production-ready code
- develop: Integration branch for feature work
- feature/*: Individual feature branches
-
Create a feature branch from develop
git checkout develop git pull git checkout -b feature/new-feature
-
Make changes and commit
git add . git commit -m "feat: add new feature"
-
Push and create a pull request to develop
git push -u origin feature/new-feature # Create PR through GitHub interface -
Automated checks run on the PR
- Tests must pass
- Code must be properly formatted
- Security scans must pass
- At least one approval required
-
After merge to develop, changes are automatically deployed to development environment
-
Releases to staging and production are managed through GitHub Releases
-
Create a release tag
git checkout develop git pull git checkout -b release/v1.0.0 # Make any release-specific changes git commit -m "chore: prepare v1.0.0 release" git tag v1.0.0 git push origin v1.0.0
-
Create a GitHub Release
- Go to GitHub Releases
- Create a new release using the tag
- Add release notes
- Publish release
-
Manual approval for production deployment
- CI/CD pipeline will deploy to staging automatically
- Production deployment requires manual approval in GitHub
In case of issues, rollback can be performed:
- Identify the previous stable version
- Trigger a deployment of that version via GitHub workflow dispatch
- Verify the rollback resolves the issue
- Least Privilege: IAM roles with minimal permissions
- Secrets Management: AWS Secrets Manager for credentials
- Dependency Scanning: Regular checks for vulnerable dependencies
- Container Scanning: Image scanning before deployment
- Infrastructure Security: Security groups limit access
- Compliance: GDPR-aligned data handling
We welcome contributions! Please follow these steps:
- Check the issues page for open tasks
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests and linting locally
- Submit a pull request
See CONTRIBUTING.md for detailed guidelines.
For questions or collaboration opportunities:
- Creator: Seno Paul
- GitHub: @senopaul
- Location: Israel
© 2025 CleanPro - Modern DevOps Showcase Project