NextJob Platform — End-to-End DevOps Project Diagram

A portfolio-ready DevOps project that automates infrastructure provisioning, code quality analysis, Docker image delivery, and application deployment for a Next.js app using Jenkins, SonarQube, Terraform, Ansible, Docker, AWS ECR, and AWS EC2.

Next.js App Jenkins CI/CD SonarQube Quality Gate Docker + ECR Terraform IaC Ansible Deployment AWS EC2

1) Source Layer

Developer pushes code to GitHub
Repository contains app, Terraform, Ansible, Jenkinsfile
Jenkins polls or builds on commit

The Git repository is the single source of truth for application code, infrastructure as code, deployment automation, and CI/CD orchestration.

2) Jenkins Pipeline Stages

Checkout

Jenkins clones the GitHub repository and prepares the workspace with app, Terraform, and Ansible files.

Install Dependencies + Build

Node packages are installed, then the Next.js application is built to validate the project before packaging.

SonarQube Analysis

Static code analysis runs against the app source to inspect maintainability, smells, and quality gate conditions.

Docker Build

A Docker image is created from the production-ready Dockerfile, packaging the Next.js app for consistent deployment.

Push to Amazon ECR

Jenkins authenticates to ECR, creates the repository if needed, and pushes the tagged image version.

Terraform Apply

Infrastructure is provisioned on AWS, including EC2, Security Group, IAM Role, and Instance Profile.

Ansible Deploy

Ansible configures the target server, logs in to ECR using the EC2 IAM role, pulls the image, and runs the container.

3) AWS Runtime Environment

CI/CD and app delivery
Quality and automation
AWS infrastructure

Amazon ECR

Container image registry for versioned NextJob Platform images.

  • Stores built Docker images
  • Receives pushed tags from Jenkins
  • Provides deployment artifact to EC2

EC2 App Server

Amazon Linux instance that runs the application container.

  • Docker installed by Ansible
  • AWS CLI installed by Ansible
  • Exposes app on port 3000

IAM Role + Instance Profile

Attached to the EC2 instance so it can authenticate to ECR without hardcoding AWS keys.

  • Assumed by EC2
  • Read-only access to ECR
  • Secure pull of deployment image

Security Group

Network rules provisioned by Terraform for secure access.

  • Port 22 for SSH and Ansible
  • Port 3000 for NextJob Platform
  • Outbound access for package and registry communication

Deployment Flow

GitHub Commit Jenkins Build SonarQube Scan Docker Image Push to ECR Terraform EC2 Ansible Deploy Users Access App

4) What Ansible Does

  • Updates the package manager metadata
  • Installs Docker and AWS CLI on the app server
  • Starts and enables the Docker service
  • Adds ec2-user to the Docker group
  • Uses the EC2 IAM role to verify AWS identity
  • Logs in to Amazon ECR
  • Pulls the latest application image
  • Stops and removes any old container
  • Runs the new NextJob Platform container on port 3000

5) Why This Project Is Strong for a Portfolio

  • Shows full CI/CD automation instead of only app deployment
  • Demonstrates Infrastructure as Code with Terraform
  • Uses Configuration Management with Ansible
  • Applies containerization through Docker
  • Introduces code quality control with SonarQube
  • Uses AWS-native registry and compute services
  • Separates build environment from runtime environment
  • Follows a production-style deployment workflow

Project Structure

app/ contains the Next.js application and Dockerfile.
terraform/ provisions AWS resources like EC2, Security Group, IAM Role, and outputs the public IP.
ansible/ contains inventory and playbook logic to configure and deploy the app.
jenkins/ contains the pipeline script that ties all stages together.

Operational Sequence

The project starts when code is pushed to GitHub. Jenkins clones the repo, runs quality checks, builds the app, packages it as a Docker image, and pushes that image to Amazon ECR. Terraform then ensures the AWS infrastructure exists. Finally, Ansible connects to the EC2 instance over SSH and deploys the latest image from ECR.

Security Model

Jenkins uses its own AWS credentials to manage infrastructure and push images. The application EC2 instance does not need embedded AWS access keys. Instead, it receives temporary credentials through an IAM Role, which is safer and closer to real production practice.

Future Improvements

You can extend this project by adding a domain name, HTTPS with Nginx and Certbot, blue-green deployment, automated tests, CloudWatch monitoring, Slack notifications, or migration from EC2 to ECS or Kubernetes.