PluginBench
Skill
Pass
Audit score 90

github-actions-templates

wshobson/agents

Production-ready GitHub Actions workflow templates for CI/CD, testing, building, and deployment.

What is github-actions-templates?

A collection of battle-tested GitHub Actions workflow patterns for automated testing, Docker builds, Kubernetes deployments, and security scanning. Use this when setting up continuous integration and deployment pipelines, automating multi-environment builds, or implementing reusable workflow templates across your repositories.

  • Create test workflows with matrix builds across multiple Node.js versions
  • Build and push Docker images to container registries with metadata tagging
  • Deploy applications to Kubernetes clusters with rollout verification
  • Run security scans using Trivy and Snyk with SARIF reporting
  • Implement reusable workflows for consistent CI/CD patterns across repositories
  • Configure deployment approvals and notifications for production releases

How to install github-actions-templates

npx skills add https://github.com/wshobson/agents --skill github-actions-templates
Prerequisites
  • GitHub repository with Actions enabled
  • Docker installed (for Docker build patterns)
  • kubectl and AWS credentials configured (for Kubernetes deployments)
  • Appropriate secrets configured in GitHub (GITHUB_TOKEN, AWS credentials, SNYK_TOKEN, etc.)
Claude Code
Cursor
Windsurf
Cline

How to use github-actions-templates

  1. 1.Copy the relevant workflow pattern (test, build, deploy, or matrix) into your `.github/workflows/` directory
  2. 2.Customize the workflow YAML with your repository name, branch names, and environment variables
  3. 3.Configure required secrets in GitHub repository settings (AWS_ACCESS_KEY_ID, SNYK_TOKEN, etc.)
  4. 4.Adjust matrix strategies (Node versions, Python versions, OS targets) to match your project needs
  5. 5.For Kubernetes deployments, update cluster name, region, and namespace to your infrastructure
  6. 6.Commit and push the workflow file to trigger the automation on your specified events

Use cases

Good for
  • Setting up automated testing on pull requests and pushes to main branches
  • Building and pushing Docker images to GitHub Container Registry on tag releases
  • Deploying applications to AWS EKS with kubectl commands and status verification
  • Running multi-OS and multi-version matrix builds for Python or Node.js projects
  • Implementing security vulnerability scanning in your CI/CD pipeline
Who it's for
  • DevOps engineers setting up CI/CD pipelines
  • Backend and full-stack developers automating deployments
  • Teams using GitHub Actions for continuous integration
  • Organizations deploying to Kubernetes or Docker registries
  • Security-focused teams implementing automated scanning

github-actions-templates FAQ

How do I cache dependencies to speed up builds?

Use the `cache` parameter in setup actions like `actions/setup-node@v4` with `cache: 'npm'`, or use `actions/cache@v4` for custom caching. This stores dependencies between runs and significantly reduces build time.

How do I deploy to production safely?

Use GitHub environments with approval gates by specifying `environment: production` in your job. This requires manual approval before the job runs, preventing accidental deployments.

Can I reuse workflows across multiple repositories?

Yes, create a reusable workflow in `.github/workflows/reusable-*.yml` with `on: workflow_call`, then call it from other workflows using `uses: ./.github/workflows/reusable-*.yml` or reference it from a central repository.

How do I handle secrets securely?

Store sensitive data in GitHub repository secrets (Settings > Secrets and variables > Actions), then reference them as `${{ secrets.SECRET_NAME }}` in your workflow. Never commit secrets to version control.

What's the difference between matrix builds and multiple jobs?

Matrix builds use a single job definition with multiple configurations (OS, versions) that run in parallel, reducing duplication. Multiple jobs are separate job definitions. Matrix is cleaner for testing the same code across different environments.

Full instructions (SKILL.md)

Source of truth, from wshobson/agents.


name: github-actions-templates description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.

GitHub Actions Templates

Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.

Purpose

Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.

When to Use

  • Automate testing and deployment
  • Build Docker images and push to registries
  • Deploy to Kubernetes clusters
  • Run security scans
  • Implement matrix builds for multiple environments

Common Workflow Patterns

Pattern 1: Test Workflow

name: Test

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [18.x, 20.x]

    steps:
      - uses: actions/checkout@v4

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: "npm"

      - name: Install dependencies
        run: npm ci

      - name: Run linter
        run: npm run lint

      - name: Run tests
        run: npm test

      - name: Upload coverage
        uses: codecov/codecov-action@v4
        with:
          files: ./coverage/lcov.info

Reference: See assets/test-workflow.yml

Pattern 2: Build and Push Docker Image

name: Build and Push

on:
  push:
    branches: [main]
    tags: ["v*"]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v4

      - name: Log in to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

Reference: See assets/deploy-workflow.yml

Pattern 3: Deploy to Kubernetes

name: Deploy to Kubernetes

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2

      - name: Update kubeconfig
        run: |
          aws eks update-kubeconfig --name production-cluster --region us-west-2

      - name: Deploy to Kubernetes
        run: |
          kubectl apply -f k8s/
          kubectl rollout status deployment/my-app -n production
          kubectl get services -n production

      - name: Verify deployment
        run: |
          kubectl get pods -n production
          kubectl describe deployment my-app -n production

Pattern 4: Matrix Build

name: Matrix Build

on: [push, pull_request]

jobs:
  build:
    runs-on: ${{ matrix.os }}

    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt

      - name: Run tests
        run: pytest

Reference: See assets/matrix-build.yml

Workflow Best Practices

  1. Use specific action versions (@v4, not @latest)
  2. Cache dependencies to speed up builds
  3. Use secrets for sensitive data
  4. Implement status checks on PRs
  5. Use matrix builds for multi-version testing
  6. Set appropriate permissions
  7. Use reusable workflows for common patterns
  8. Implement approval gates for production
  9. Add notification steps for failures
  10. Use self-hosted runners for sensitive workloads

Reusable Workflows

# .github/workflows/reusable-test.yml
name: Reusable Test Workflow

on:
  workflow_call:
    inputs:
      node-version:
        required: true
        type: string
    secrets:
      NPM_TOKEN:
        required: true

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node-version }}
      - run: npm ci
      - run: npm test

Use reusable workflow:

jobs:
  call-test:
    uses: ./.github/workflows/reusable-test.yml
    with:
      node-version: "20.x"
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

Security Scanning

name: Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  security:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.28.0
        with:
          scan-type: "fs"
          scan-ref: "."
          format: "sarif"
          output: "trivy-results.sarif"

      - name: Upload Trivy results to GitHub Security
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: "trivy-results.sarif"

      - name: Run Snyk Security Scan
        uses: snyk/actions/node@0.4.0
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Deployment with Approvals

name: Deploy to Production

on:
  push:
    tags: ["v*"]

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://app.example.com

    steps:
      - uses: actions/checkout@v4

      - name: Deploy application
        run: |
          echo "Deploying to production..."
          # Deployment commands here

      - name: Notify Slack
        if: success()
        uses: slackapi/slack-github-action@v1
        with:
          webhook-url: ${{ secrets.SLACK_WEBHOOK }}
          payload: |
            {
              "text": "Deployment to production completed successfully!"
            }

Related Skills

  • gitlab-ci-patterns - For GitLab CI workflows
  • deployment-pipeline-design - For pipeline architecture
  • secrets-management - For secrets handling