A few weeks ago, I decided I didn’t just want another static portfolio site.
I wanted something that tells a story of my skills in action: automation, cloud, DevOps, and security all woven together.
Instead of just pushing some HTML to GitHub Pages, I asked myself:
👉 “What if my portfolio itself became a DevOps project?”
That’s how this whole journey began.
💡The Idea
I wanted a simple app — nothing fancy. Just:
Frontend: HTML + CSS + a bit of JavaScript
Containerized: Docker with NGINX serving my files
But the real magic wouldn’t be in the code.
The magic would be in how it’s built, tested, scanned, and deployed.
🛠️The Tech Stack I Chose
Here’s what I pulled together for the project:
- Version Control: GitHub
- CI/CD: GitHub Actions
- Image Registry: AWS Elastic Container Registry (ECR)
- Infrastructure: Terraform (state managed in Terraform Cloud)
- Deployment: Azure Container Apps
- Security & Quality:
- SonarCloud (code quality & coverage)
- TFSEC (Terraform security scanning)
- Trivy (container vulnerability scanning)
That stack might sound like a lot for a portfolio, but that was the point.
I wanted to treat my personal project as if it were production software.
🎯 The Goal
t the end of the day, here’s what I wanted:
- A fully automated pipeline where every git push would:
- Build my Docker image
- Push it to AWS ECR
- Run security scans
- Deploy the container to Azure using Terraform Cloud Run call.
All infrastructure managed as code with Terraform
Quality gates in place to enforce DevSecOps practices
Basically:
Commit → Build → Scan → Deploy → Done
⚡ The Challenges I Knew Were Coming
I wasn’t naive. I knew I’d hit roadblocks like:
- Failing pipelines when SonarCloud complained about coverage
- Docker images not updating in ECR when tagged latest
- Terraform secrets and tokens needing secure handling
- Security scanners flagging issues I’d have to fix
But that’s the beauty of it, this wasn’t just a coding exercise, it was a learning journey.
🗺️ The Big Picture
Here's the high-level architecture of what i set out to build- All automated:
GitHub Repo
|
v
GitHub Actions CI/CD
|
v
Docker Image Build
|
v
Push to AWS ECR
|
v
Security Scans (SonarCloud, Trivy, TFSEC)
|
v
Deploy via Terraform Cloud Run
|
v
Azure Container Apps
|
v
Live App Running
|
v
Manage Terraform State-file Securely on Terraform Cloud.
Every single step has its own story, which i'll break down in this series.
✨ Why This Matters
For me, this wasn’t about just having a portfolio.
It was about proving to myself (and to future employers) that I can:
- Build pipelines from scratch
- Integrate security into DevOps (a true DevSecOps mindset)
- Manage multi-cloud setups (AWS + Azure in one project)
- Solve real-world CI/CD issues
This is Part 1 of the series. In Part 2, I’ll dive into the pipeline itself: the YAML, the pain, the failures, and the fixes that brought it to life.
Stay tuned. 🚀
Click here to view Part 2 ➡️
Top comments (1)
Great kickoff—love treating a portfolio like prod. Small nit: using ECR while deploying to Azure adds avoidable complexity; GHCR or ACR could simplify auth and deployments, and digest pinning beats relying on latest. In Part 2, I'd love details on OIDC from Actions to Terraform Cloud/Azure and whether SonarCloud added real value for a mostly static frontend.