Trainer’s Handbook -> Devops

GitHub Actions CI/CD with AWS SAM (Docker) — a 20-hour, hands-on course to design, secure, emulate locally, and deploy modern pipelines.

Format: 5 weeks × 4 hrs/week × 1 hr/day Audience: Developers with basic Git/GitHub Goal: CI/CD mastery + AWS SAM local

Week 1 · Orientation & GitHub Basics

Set expectations, align on objectives, and refresh core Git/GitHub collaboration flows.

Outcome: repo access & first PR merged Artifacts: fork, branch, PR, quiz
Day 1 Title & Overview
  • Talking Points: welcomes, why CI/CD, how Actions + SAM fit, final project preview.
  • Exercise: guided tour of repo structure, branches, environments.
  • Checkpoint: everyone has GitHub access and a personal fork.
Day 2 GitHub Refresher
  • Talking Points: branching strategy, PR etiquette, required checks.
  • Exercise: clone starter repo, create feature branch, make a change.
  • Checkpoint: each learner pushes at least one commit.
Day 3 Fork, Branch, PR & Merge
  • Talking Points: forks vs. branches, peer reviews, approvals.
  • Exercise: open a PR, request & provide review, merge.
  • Checkpoint: one PR merged to main.
Day 4 Wrap‑Up & Readiness
  • Talking Points: where CI checks run in PRs, status badges.
  • Exercise: short concept quiz (no code).
  • Checkpoint: class ready to author a workflow next week.

Week 2 · Getting Started with GitHub Actions

Learn events, jobs, runners, and how multi‑stage pipelines fit together.

Outcome: first workflow runningArtifacts: minimal CI, staged pipeline plan
Day 5 Introduction to Actions
  • Talking Points: triggers, runners, permissions, artifacts, logs.
  • Demo: walk the Actions UI and a sample run (conceptual).
  • Checkpoint: learners can find runs and inspect logs.
Day 6 First Workflow
  • Exercise: create a minimal CI workflow that runs on push and PR.
  • Checkpoint: workflow triggers successfully and is green.
Day 7 Multi‑Stage Pipeline Concepts
  • Talking Points: build → test → package → deploy, job dependencies, when to split.
  • Demo: visualize staged jobs and their dependencies.
  • Checkpoint: learners map stages to their project.
Day 8 Multi‑Job & Matrix Builds
  • Exercise: add a matrix strategy to run parallel variants.
  • Checkpoint: parallel jobs are visible with clear pass/fail.

Week 3 · Secrets, Security & AWS SAM (Docker)

Protect credentials, enforce review gates, and emulate Lambda/API locally with Docker‑backed SAM.

Outcome: protected environments & SAM local planArtifacts: secrets configured, policies defined
Day 9 Managing Secrets & Security
  • Talking Points: GitHub Secrets, environment protection, branch protection, least privilege.
  • Exercise: add placeholder secrets; configure protected environments.
  • Checkpoint: secrets exist; protections enabled.
Day 10 Apply Secrets in Workflows
  • Exercise: reference a secret in a step; verify masking; require checks before merge.
  • Checkpoint: run shows masked values; PRs require approvals.
Day 11 Containers & SAM Local Overview
  • Talking Points: what SAM is, Docker use for local emulation, runner toolchain.
  • Demo: conceptual SAM local lifecycle: build → local invoke → inspect logs.
  • Checkpoint: learners can explain SAM’s Docker-backed flow.
Day 12 Hands‑On: SAM Local in CI
  • Exercise: prep runner for Docker + SAM; execute a local emulation step; collect logs/artifacts.
  • Checkpoint: a CI run demonstrates a successful SAM local step.

Week 4 · Deployment & Workflow Optimization

Deploy with OIDC, debug failures fast, and speed up builds with caching and artifact reuse.

Outcome: non‑prod deploy + faster pipelinesArtifacts: deployment job, cache policy
Day 13 Deploy with AWS SAM
  • Talking Points: package & deploy, environments (dev/stage/prod), approvals, OIDC roles.
  • Exercise: add a deployment job gated by protected environments.
  • Checkpoint: mock or real non‑prod deployment completes.
Day 14 Workflow Debugging
  • Talking Points: logs, annotations, reruns, verbosity, common failure modes.
  • Exercise: induce a failure, diagnose, document, and fix.
  • Checkpoint: root cause captured with resolution notes.
Day 15 Caching & Optimization
  • Talking Points: safe items to cache, cache keys, hit/miss analysis, timing.
  • Exercise: add dependency caching; compare run times.
  • Checkpoint: second run measurably faster.
Day 16 Final Project Kickoff
  • Activity: teams design full pipeline: CI (build/test) + SAM local + sandbox deploy + promotion.
  • Deliverable: written pipeline design (triggers, jobs, environments, approvals, rollback).

Week 5 · Capstone & Wrap‑up

Assemble the end‑to‑end pipeline, harden it, and present your solution.

Outcome: full CI/CD pipeline presentedArtifacts: design doc, run logs, approvals
Day 17 Project Build I
  • Focus: implement CI stages and SAM local emulation.
  • Checkpoint: CI green; SAM local reliable.
Day 18 Project Build II (Secrets & Deploy)
  • Focus: integrate secrets, assume role via OIDC, deploy to sandbox.
  • Checkpoint: non‑prod deployment with approvals succeeds.
Day 19 Hardening & Peer Review
  • Focus: protections, environment rules, caching tweaks; peer threat‑model review.
  • Checkpoint: documented improvements signed off by a peer team.
Day 20 Final Presentations
  • Challenge: present pipeline design; demo a run; show artifacts, logs, and promotion flow.
  • Summary & Next Steps: observability, cost control, drift detection.
  • Q&A & Resources: open floor.

Logistics & Prerequisites

  • GitHub org/repo access with permission to create workflows.
  • AWS sandbox account(s) with roles configured for OIDC (no long‑lived keys).
  • Runners with Docker and SAM CLI available (hosted or self‑hosted).
  • Agreed naming conventions for branches, environments, and artifacts.
Tip: Document IAM least‑privilege scopes for CI early; it prevents 80% of deploy blockers.

Assessment & Rubric

Pass Criteria

  • Uses GitHub Actions with multi‑stage jobs and a matrix.
  • Employs secrets safely; branch & environment protections enforced.
  • Runs AWS SAM local with Docker in CI for functional checks.
  • Deploys to AWS using short‑lived credentials via OIDC.
  • Implements caching with measurable build‑time improvement.
  • Documents rollback and approval strategy.

Stretch Goals

  • Separate dev/stage/prod with promotion gates.
  • Post‑deploy smoke checks & artifact uploads.
  • Automated tagging/versioning and release notes.

Resources

  • GitHub Actions docs: workflows, runners, security best practices.
  • AWS SAM docs: local testing with Docker, packaging & deployment.
  • OIDC to AWS guides: setting up role trust, permissions boundaries.
  • Internal playbooks and sample repos for CI/CD patterns.
Jump to Final Project