Skill

SkillsDevOps & Infrastructure › CI/CD pipelines

github-actions-templates

Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.

Freerisk: medium
actionstemplateswebhookpythondockerkubernetes

Tools: –upgrade,-r

The full skill

— name: github-actions-templates description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates. — # GitHub Actions Templates Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications. ## Purpose Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks. ## When to Use – Automate testing and deployment – Build Docker images and push to registries – Deploy to Kubernetes clusters – Run security scans – Implement matrix builds for multiple environments ## Common Workflow Patterns ### Pattern 1: Test Workflow “`yaml name: Test on: push: branches: [main, develop] pull_request: branches: [main] jobs: test: runs-on: ubuntu-latest strategy: matrix: node-version: [18.x, 20.x] steps: – uses: actions/checkout@v4 – name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: "npm" – name: Install dependencies run: npm ci – name: Run linter run: npm run lint – name: Run tests run: npm test – name: Upload coverage uses: codecov/codecov-action@v3 with: files: ./coverage/lcov.info “` **Reference:** See `assets/test-workflow.yml` ### Pattern 2: Build and Push Docker Image “`yaml name: Build and Push on: push: branches: [main] tags: ["v*"] env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write steps: – uses: actions/checkout@v4 – name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} – name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} – name: Build and push uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max “` **Reference:** See `assets/deploy-workflow.yml` ### Pattern 3: Deploy to Kubernetes “`yaml name: Deploy to Kubernetes on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: – uses: actions/checkout@v4 – name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-west-2 – name: Update kubeconfig run: | aws eks update-kubeconfig –name production-cluster –region us-west-2 – name: Deploy to Kubernetes run: | kubectl apply -f k8s/ kubectl rollout status deployment/my-app -n production kubectl get services -n production – name: Verify deployment run: | kubectl get pods -n production kubectl describe deployment my-app -n production “` ### Pattern 4: Matrix Build “`yaml name: Matrix Build on: [push, pull_request] jobs: build: runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] python-version: ["3.9", "3.10", "3.11", "3.12"] steps: – uses: actions/checkout@v4 – name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} – name: Install dependencies run: | python -m pip install –upgrade pip pip install -r requirements.txt – name: Run tests run: pytest “` **Reference:** See `assets/matrix-build.yml` ## Workflow Best Practices 1. **Use specific action versions** (@v4, not @latest) 2. **Cache dependencies** to speed up builds 3. **Use secrets** for sensitive data 4. **Implement status checks** on PRs 5. **Use matrix builds** for multi-version testing 6. **Set appropriate permissions** 7. **Use reusable workflows** for common patterns 8. **Implement approval gates** for production 9. **Add notification steps** for failures 10. **Use self-hosted runners** for sensitive workloads ## Reusable Workflows “`yaml # .github/workflows/reusable-test.yml name: Reusable Test Workflow on: workflow_call: inputs: node-version: required: true type: string secrets: NPM_TOKEN: required: true jobs: test: runs-on: ubuntu-latest steps: – uses: actions/checkout@v4 – uses: actions/setup-node@v4 with: node-version: ${{ inputs.node-version }} – run: npm ci – run: npm test “` **Use reusable workflow:** “`yaml jobs: call-test: uses: ./.github/workflows/reusable-test.yml with: node-version: "20.x" secrets: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} “` ## Security Scanning “`yaml name: Security Scan on: push: branches: [main] pull_request: branches: [main] jobs: security: runs-on: ubuntu-latest steps: – uses: actions/checkout@v4 – name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: "fs" scan-ref: "." format: "sarif" output: "trivy-results.sarif" – name: Upload Trivy results to GitHub Security uses: github/codeql-action/upload-sarif@v2 with: sarif_file: "trivy-results.sarif" – name: Run Snyk Security Scan uses: snyk/actions/node@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} “` ## Deployment with Approvals “`yaml name: Deploy to Production on: push: tags: ["v*"] jobs: deploy: runs-on: ubuntu-latest environment: name: production url: https://app.example.com steps: – uses: actions/checkout@v4 – name: Deploy application run: | echo "Deploying to production…" # Deployment commands here – name: Notify Slack if: success() uses: slackapi/slack-github-action@v1 with: webhook-url: ${{ secrets.SLACK_WEBHOOK }} payload: | { "text": "Deployment to production completed successfully!" } “` ## Related Skills – `gitlab-ci-patterns` – For GitLab CI workflows – `deployment-pipeline-design` – For pipeline architecture – `secrets-management` – For secrets handling