Skills › DevOps & Infrastructure › CI/CD pipelines
github-actions-templates
Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
Tools: –upgrade,-r
The full skill
—
name: github-actions-templates
description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
—
# GitHub Actions Templates
Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
## Purpose
Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
## When to Use
– Automate testing and deployment
– Build Docker images and push to registries
– Deploy to Kubernetes clusters
– Run security scans
– Implement matrix builds for multiple environments
## Common Workflow Patterns
### Pattern 1: Test Workflow
“`yaml
name: Test
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
steps:
– uses: actions/checkout@v4
– name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: "npm"
– name: Install dependencies
run: npm ci
– name: Run linter
run: npm run lint
– name: Run tests
run: npm test
– name: Upload coverage
uses: codecov/codecov-action@v3
with:
files: ./coverage/lcov.info
“`
**Reference:** See `assets/test-workflow.yml`
### Pattern 2: Build and Push Docker Image
“`yaml
name: Build and Push
on:
push:
branches: [main]
tags: ["v*"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
– uses: actions/checkout@v4
– name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
– name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
– name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
“`
**Reference:** See `assets/deploy-workflow.yml`
### Pattern 3: Deploy to Kubernetes
“`yaml
name: Deploy to Kubernetes
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
– uses: actions/checkout@v4
– name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
– name: Update kubeconfig
run: |
aws eks update-kubeconfig –name production-cluster –region us-west-2
– name: Deploy to Kubernetes
run: |
kubectl apply -f k8s/
kubectl rollout status deployment/my-app -n production
kubectl get services -n production
– name: Verify deployment
run: |
kubectl get pods -n production
kubectl describe deployment my-app -n production
“`
### Pattern 4: Matrix Build
“`yaml
name: Matrix Build
on: [push, pull_request]
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.9", "3.10", "3.11", "3.12"]
steps:
– uses: actions/checkout@v4
– name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
– name: Install dependencies
run: |
python -m pip install –upgrade pip
pip install -r requirements.txt
– name: Run tests
run: pytest
“`
**Reference:** See `assets/matrix-build.yml`
## Workflow Best Practices
1. **Use specific action versions** (@v4, not @latest)
2. **Cache dependencies** to speed up builds
3. **Use secrets** for sensitive data
4. **Implement status checks** on PRs
5. **Use matrix builds** for multi-version testing
6. **Set appropriate permissions**
7. **Use reusable workflows** for common patterns
8. **Implement approval gates** for production
9. **Add notification steps** for failures
10. **Use self-hosted runners** for sensitive workloads
## Reusable Workflows
“`yaml
# .github/workflows/reusable-test.yml
name: Reusable Test Workflow
on:
workflow_call:
inputs:
node-version:
required: true
type: string
secrets:
NPM_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
– uses: actions/checkout@v4
– uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
– run: npm ci
– run: npm test
“`
**Use reusable workflow:**
“`yaml
jobs:
call-test:
uses: ./.github/workflows/reusable-test.yml
with:
node-version: "20.x"
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
“`
## Security Scanning
“`yaml
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security:
runs-on: ubuntu-latest
steps:
– uses: actions/checkout@v4
– name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
– name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
– name: Run Snyk Security Scan
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
“`
## Deployment with Approvals
“`yaml
name: Deploy to Production
on:
push:
tags: ["v*"]
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://app.example.com
steps:
– uses: actions/checkout@v4
– name: Deploy application
run: |
echo "Deploying to production…"
# Deployment commands here
– name: Notify Slack
if: success()
uses: slackapi/slack-github-action@v1
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
payload: |
{
"text": "Deployment to production completed successfully!"
}
“`
## Related Skills
– `gitlab-ci-patterns` – For GitLab CI workflows
– `deployment-pipeline-design` – For pipeline architecture
– `secrets-management` – For secrets handling