github-actions-templates

• The task is unrelated to github actions templates
• You need a different domain or tool outside this scope

• Clarify goals, constraints, and required inputs.
• Apply relevant best practices and validate outcomes.
• Provide actionable steps and verification.
• If detailed examples are required, open resources/implementation-playbook.md.

Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.

• Automate testing and deployment
• Build Docker images and push to registries
• Deploy to Kubernetes clusters
• Run security scans
• Implement matrix builds for multiple environments

Pattern 1: Test Workflow

```yaml

name: Test

on:

push:

branches: [ main, develop ]

pull_request:

branches: [ main ]

jobs:

test:

runs-on: ubuntu-latest

strategy:

matrix:

node-version: [18.x, 20.x]

steps:

- uses: actions/checkout@v4

- name: Use Node.js ${{ matrix.node-version }}

uses: actions/setup-node@v4

with:

node-version: ${{ matrix.node-version }}

cache: 'npm'

- name: Install dependencies

run: npm ci

- name: Run linter

run: npm run lint

- name: Run tests

run: npm test

- name: Upload coverage

uses: codecov/codecov-action@v3

with:

files: ./coverage/lcov.info

```

Reference: See assets/test-workflow.yml

Pattern 2: Build and Push Docker Image

```yaml

name: Build and Push

on:

push:

branches: [ main ]

tags: [ 'v*' ]

env:

REGISTRY: ghcr.io

IMAGE_NAME: ${{ github.repository }}

jobs:

build:

runs-on: ubuntu-latest

permissions:

contents: read

packages: write

steps:

- uses: actions/checkout@v4

- name: Log in to Container Registry

uses: docker/login-action@v3

with:

registry: ${{ env.REGISTRY }}

username: ${{ github.actor }}

password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata

id: meta

uses: docker/metadata-action@v5

with:

images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

tags: |

type=ref,event=branch

type=ref,event=pr

type=semver,pattern={{version}}

type=semver,pattern={{major}}.{{minor}}

- name: Build and push

uses: docker/build-push-action@v5

with:

context: .

push: true

tags: ${{ steps.meta.outputs.tags }}

labels: ${{ steps.meta.outputs.labels }}

cache-from: type=gha

cache-to: type=gha,mode=max

```

Reference: See assets/deploy-workflow.yml

Pattern 3: Deploy to Kubernetes

```yaml

name: Deploy to Kubernetes

on:

push:

branches: [ main ]

jobs:

deploy:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v4

- name: Configure AWS credentials

uses: aws-actions/configure-aws-credentials@v4

with:

aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

aws-region: us-west-2

- name: Update kubeconfig

run: |

aws eks update-kubeconfig --name production-cluster --region us-west-2

- name: Deploy to Kubernetes

run: |

kubectl apply -f k8s/

kubectl rollout status deployment/my-app -n production

kubectl get services -n production

- name: Verify deployment

run: |

kubectl get pods -n production

kubectl describe deployment my-app -n production

```

Pattern 4: Matrix Build

```yaml

name: Matrix Build

on: [push, pull_request]

jobs:

build:

runs-on: ${{ matrix.os }}

strategy:

matrix:

os: [ubuntu-latest, macos-latest, windows-latest]

python-version: ['3.9', '3.10', '3.11', '3.12']

steps:

- uses: actions/checkout@v4

- name: Set up Python

uses: actions/setup-python@v5

with:

python-version: ${{ matrix.python-version }}

- name: Install dependencies

run: |

python -m pip install --upgrade pip

pip install -r requirements.txt

- name: Run tests

run: pytest

```

Reference: See assets/matrix-build.yml

1. Use specific action versions (@v4, not @latest)
2. Cache dependencies to speed up builds
3. Use secrets for sensitive data
4. Implement status checks on PRs
5. Use matrix builds for multi-version testing
6. Set appropriate permissions
7. Use reusable workflows for common patterns
8. Implement approval gates for production
9. Add notification steps for failures
10. Use self-hosted runners for sensitive workloads

```yaml

# .github/workflows/reusable-test.yml

name: Reusable Test Workflow

on:

workflow_call:

inputs:

node-version:

required: true

type: string

secrets:

NPM_TOKEN:

required: true

jobs:

test:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v4

- uses: actions/setup-node@v4

with:

node-version: ${{ inputs.node-version }}

- run: npm ci

- run: npm test

```

Use reusable workflow:

```yaml

jobs:

call-test:

uses: ./.github/workflows/reusable-test.yml

with:

node-version: '20.x'

secrets:

NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

```

```yaml

name: Security Scan

on:

push:

branches: [ main ]

pull_request:

branches: [ main ]

jobs:

security:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner

uses: aquasecurity/trivy-action@master

with:

scan-type: 'fs'

scan-ref: '.'

format: 'sarif'

output: 'trivy-results.sarif'

- name: Upload Trivy results to GitHub Security

uses: github/codeql-action/upload-sarif@v2

with:

sarif_file: 'trivy-results.sarif'

- name: Run Snyk Security Scan

uses: snyk/actions/node@master

env:

SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

```

```yaml

name: Deploy to Production

on:

push:

tags: [ 'v*' ]

jobs:

deploy:

runs-on: ubuntu-latest

environment:

name: production

url: https://app.example.com

steps:

- uses: actions/checkout@v4

- name: Deploy application

run: |

echo "Deploying to production..."

# Deployment commands here

- name: Notify Slack

if: success()

uses: slackapi/slack-github-action@v1

with:

webhook-url: ${{ secrets.SLACK_WEBHOOK }}

payload: |

{

"text": "Deployment to production completed successfully!"

}

```

• assets/test-workflow.yml - Testing workflow template
• assets/deploy-workflow.yml - Deployment workflow template
• assets/matrix-build.yml - Matrix build template
• references/common-workflows.md - Common workflow patterns

• gitlab-ci-patterns - For GitLab CI workflows
• deployment-pipeline-design - For pipeline architecture
• secrets-management - For secrets handling