CI/CD Pipeline with GitHub Actions
Continuous Integration and Continuous Deployment (CI/CD) form the backbone of modern software delivery pipelines. Rather than manual builds and ftp uploads, pipelines automate validation, code quality checks, containerization, and staging deployments immediately upon code push.
GitHub Actions is an incredibly powerful platform integrated directly into your GitHub repository to orchestrate these workflows.
Workflow Lifecycle Architecture
The pipeline triggers automatically on events (such as git push or pull_request). It coordinates tasks across various runner environments, utilizing Docker containers to provision virtual hosts on-demand.
Creating a GitHub Actions Workflow File
GitHub Actions workflows are written in YAML and placed under the .github/workflows/ directory of your project.
Here is a comprehensive pipeline template that installs dependencies, runs tests, runs linter checks, compiles a Docker image, and uploads it to GitHub Container Registry (GHCR):
name: Continuous Integration & Delivery
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
test-and-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 18
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run Linter
run: npm run lint
- name: Execute Tests
run: npm test
build-and-release:
needs: test-and-lint
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Log in to Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: |
ghcr.io/${{ github.repository }}/web-app:latest
ghcr.io/${{ github.repository }}/web-app:${{ github.sha }}
Key Best Practices
- Use Specific Versions: Lock down Action dependencies (e.g.
actions/checkout@v3instead of@master) to prevent pipeline failure when third-party actions release breaking updates. - Secrets Management: Never commit credentials. Store SSH keys, AWS access secrets, and server passwords securely in GitHub Settings -> Secrets -> Actions, and refer to them via the
${{ secrets.KEY }}context. - Caching: Use caching for dependencies (e.g., node_modules or pip downloads) to reduce runner durations, speed up execution times, and save build billing minutes.
Written by Swapnil
DevOps & Infrastructure Engineer, focusing on container scaling, secure automated deployment pipelines, and cloud state architecture.