This Jenkins pipeline is designed to support a Trunk-Based Development approach, where developers work with short-lived pull requests that merge frequently into the main branch. The process begins when a developer submits a pull request via Bitbucket, which automatically triggers the pipeline to run a series of checks, including code compilation, unit tests, new code coverage analysis, and static application security testing (SAST). Based on the results, the pull request is either auto-approved or rejected.

Once approved and merged by the tech lead, the pipeline continues with a full scan of the codebase, builds the application image, performs a vulnerability scan on the image, and generates a Software Bill of Materials (SBOM). The image is then deployed to the development environment for manual testing by the QA team. Upon successful QA approval, a release candidate (RC) version is generated and deployed to the UAT environment, where additional validation such as Dynamic Application Security Testing (DAST) is conducted before user acceptance testing begins.

Following UAT approval from the product owner or business owner, the platform engineer triggers the production deployment process. This includes a final round of API security scanning and version approval. Once finalized, the RC tag is removed, and the image is deployed to the production Kubernetes environment. Throughout the pipeline, MS Teams is integrated for ChatOps collaboration and notification, keeping all teams aligned during the release process.

Branching TBD