github-actions-templates
wshobson/agents
Production-ready GitHub Actions workflow templates for CI/CD, testing, building, and deployment.
What is github-actions-templates?
A collection of battle-tested GitHub Actions workflow patterns for automated testing, Docker builds, Kubernetes deployments, and security scanning. Use this when setting up continuous integration and deployment pipelines, automating multi-environment builds, or implementing reusable workflow templates across your repositories.
- Create test workflows with matrix builds across multiple Node.js versions
- Build and push Docker images to container registries with metadata tagging
- Deploy applications to Kubernetes clusters with rollout verification
- Run security scans using Trivy and Snyk with SARIF reporting
- Implement reusable workflows for consistent CI/CD patterns across repositories
- Configure deployment approvals and notifications for production releases
How to install github-actions-templates
npx skills add https://github.com/wshobson/agents --skill github-actions-templates- GitHub repository with Actions enabled
- Docker installed (for Docker build patterns)
- kubectl and AWS credentials configured (for Kubernetes deployments)
- Appropriate secrets configured in GitHub (GITHUB_TOKEN, AWS credentials, SNYK_TOKEN, etc.)
How to use github-actions-templates
- 1.Copy the relevant workflow pattern (test, build, deploy, or matrix) into your `.github/workflows/` directory
- 2.Customize the workflow YAML with your repository name, branch names, and environment variables
- 3.Configure required secrets in GitHub repository settings (AWS_ACCESS_KEY_ID, SNYK_TOKEN, etc.)
- 4.Adjust matrix strategies (Node versions, Python versions, OS targets) to match your project needs
- 5.For Kubernetes deployments, update cluster name, region, and namespace to your infrastructure
- 6.Commit and push the workflow file to trigger the automation on your specified events
Use cases
- Setting up automated testing on pull requests and pushes to main branches
- Building and pushing Docker images to GitHub Container Registry on tag releases
- Deploying applications to AWS EKS with kubectl commands and status verification
- Running multi-OS and multi-version matrix builds for Python or Node.js projects
- Implementing security vulnerability scanning in your CI/CD pipeline
- DevOps engineers setting up CI/CD pipelines
- Backend and full-stack developers automating deployments
- Teams using GitHub Actions for continuous integration
- Organizations deploying to Kubernetes or Docker registries
- Security-focused teams implementing automated scanning
github-actions-templates FAQ
Use the `cache` parameter in setup actions like `actions/setup-node@v4` with `cache: 'npm'`, or use `actions/cache@v4` for custom caching. This stores dependencies between runs and significantly reduces build time.
Use GitHub environments with approval gates by specifying `environment: production` in your job. This requires manual approval before the job runs, preventing accidental deployments.
Yes, create a reusable workflow in `.github/workflows/reusable-*.yml` with `on: workflow_call`, then call it from other workflows using `uses: ./.github/workflows/reusable-*.yml` or reference it from a central repository.
Store sensitive data in GitHub repository secrets (Settings > Secrets and variables > Actions), then reference them as `${{ secrets.SECRET_NAME }}` in your workflow. Never commit secrets to version control.
Matrix builds use a single job definition with multiple configurations (OS, versions) that run in parallel, reducing duplication. Multiple jobs are separate job definitions. Matrix is cleaner for testing the same code across different environments.
Full instructions (SKILL.md)
Source of truth, from wshobson/agents.
name: github-actions-templates description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
GitHub Actions Templates
Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
Purpose
Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
When to Use
- Automate testing and deployment
- Build Docker images and push to registries
- Deploy to Kubernetes clusters
- Run security scans
- Implement matrix builds for multiple environments
Common Workflow Patterns
Pattern 1: Test Workflow
name: Test
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run tests
run: npm test
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
files: ./coverage/lcov.info
Reference: See assets/test-workflow.yml
Pattern 2: Build and Push Docker Image
name: Build and Push
on:
push:
branches: [main]
tags: ["v*"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
Reference: See assets/deploy-workflow.yml
Pattern 3: Deploy to Kubernetes
name: Deploy to Kubernetes
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Update kubeconfig
run: |
aws eks update-kubeconfig --name production-cluster --region us-west-2
- name: Deploy to Kubernetes
run: |
kubectl apply -f k8s/
kubectl rollout status deployment/my-app -n production
kubectl get services -n production
- name: Verify deployment
run: |
kubectl get pods -n production
kubectl describe deployment my-app -n production
Pattern 4: Matrix Build
name: Matrix Build
on: [push, pull_request]
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run tests
run: pytest
Reference: See assets/matrix-build.yml
Workflow Best Practices
- Use specific action versions (@v4, not @latest)
- Cache dependencies to speed up builds
- Use secrets for sensitive data
- Implement status checks on PRs
- Use matrix builds for multi-version testing
- Set appropriate permissions
- Use reusable workflows for common patterns
- Implement approval gates for production
- Add notification steps for failures
- Use self-hosted runners for sensitive workloads
Reusable Workflows
# .github/workflows/reusable-test.yml
name: Reusable Test Workflow
on:
workflow_call:
inputs:
node-version:
required: true
type: string
secrets:
NPM_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
- run: npm ci
- run: npm test
Use reusable workflow:
jobs:
call-test:
uses: ./.github/workflows/reusable-test.yml
with:
node-version: "20.x"
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
Security Scanning
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
- name: Run Snyk Security Scan
uses: snyk/actions/node@0.4.0
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
Deployment with Approvals
name: Deploy to Production
on:
push:
tags: ["v*"]
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://app.example.com
steps:
- uses: actions/checkout@v4
- name: Deploy application
run: |
echo "Deploying to production..."
# Deployment commands here
- name: Notify Slack
if: success()
uses: slackapi/slack-github-action@v1
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
payload: |
{
"text": "Deployment to production completed successfully!"
}
Related Skills
gitlab-ci-patterns- For GitLab CI workflowsdeployment-pipeline-design- For pipeline architecturesecrets-management- For secrets handling
Related skills
More from wshobson/agents and the wider catalog.
tailwind-design-system
Build production-ready design systems with Tailwind CSS v4, design tokens, and component libraries.
typescript-advanced-types
Master TypeScript's advanced type system: generics, conditional types, mapped types, and utility types for type-safe applications.
nodejs-backend-patterns
Build production-ready Node.js backends with Express/Fastify, middleware patterns, auth, and database integration.
python-performance-optimization
Profile and optimize Python code using cProfile, memory profilers, and performance best practices.
brand-landingpage
Brand-first landing page designer with guided interviews and Stitch-powered iteration.
python-testing-patterns
Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development.