What is GitHub Actions templates skill?

A collection of production-ready workflow patterns to automate testing, building, and deploying across common stacks.

Which patterns are included?

Patterns for testing, building and pushing Docker images, deploying to Kubernetes, and matrix builds, plus security scanning integration.

How do I customize templates for my project?

Copy a template into .github/workflows, adjust triggers, environment variables, steps, and secrets, or convert to a reusable workflow for broader reuse.

github-actions-templates

npx machina-cli add skill wshobson/agents/github-actions-templates --openclaw

Files (1)

SKILL.md

7.3 KB

GitHub Actions Templates

Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.

Purpose

Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.

When to Use

Automate testing and deployment
Build Docker images and push to registries
Deploy to Kubernetes clusters
Run security scans
Implement matrix builds for multiple environments

Common Workflow Patterns

Pattern 1: Test Workflow

name: Test

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [18.x, 20.x]

    steps:
      - uses: actions/checkout@v4

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: "npm"

      - name: Install dependencies
        run: npm ci

      - name: Run linter
        run: npm run lint

      - name: Run tests
        run: npm test

      - name: Upload coverage
        uses: codecov/codecov-action@v3
        with:
          files: ./coverage/lcov.info

Reference: See assets/test-workflow.yml

Pattern 2: Build and Push Docker Image

name: Build and Push

on:
  push:
    branches: [main]
    tags: ["v*"]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v4

      - name: Log in to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

Reference: See assets/deploy-workflow.yml

Pattern 3: Deploy to Kubernetes

name: Deploy to Kubernetes

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2

      - name: Update kubeconfig
        run: |
          aws eks update-kubeconfig --name production-cluster --region us-west-2

      - name: Deploy to Kubernetes
        run: |
          kubectl apply -f k8s/
          kubectl rollout status deployment/my-app -n production
          kubectl get services -n production

      - name: Verify deployment
        run: |
          kubectl get pods -n production
          kubectl describe deployment my-app -n production

Pattern 4: Matrix Build

name: Matrix Build

on: [push, pull_request]

jobs:
  build:
    runs-on: ${{ matrix.os }}

    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt

      - name: Run tests
        run: pytest

Reference: See assets/matrix-build.yml

Workflow Best Practices

Use specific action versions (@v4, not @latest)
Cache dependencies to speed up builds
Use secrets for sensitive data
Implement status checks on PRs
Use matrix builds for multi-version testing
Set appropriate permissions
Use reusable workflows for common patterns
Implement approval gates for production
Add notification steps for failures
Use self-hosted runners for sensitive workloads

Reusable Workflows

# .github/workflows/reusable-test.yml
name: Reusable Test Workflow

on:
  workflow_call:
    inputs:
      node-version:
        required: true
        type: string
    secrets:
      NPM_TOKEN:
        required: true

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node-version }}
      - run: npm ci
      - run: npm test

Use reusable workflow:

jobs:
  call-test:
    uses: ./.github/workflows/reusable-test.yml
    with:
      node-version: "20.x"
    secrets:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

Security Scanning

name: Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  security:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: "fs"
          scan-ref: "."
          format: "sarif"
          output: "trivy-results.sarif"

      - name: Upload Trivy results to GitHub Security
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: "trivy-results.sarif"

      - name: Run Snyk Security Scan
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Deployment with Approvals

name: Deploy to Production

on:
  push:
    tags: ["v*"]

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://app.example.com

    steps:
      - uses: actions/checkout@v4

      - name: Deploy application
        run: |
          echo "Deploying to production..."
          # Deployment commands here

      - name: Notify Slack
        if: success()
        uses: slackapi/slack-github-action@v1
        with:
          webhook-url: ${{ secrets.SLACK_WEBHOOK }}
          payload: |
            {
              "text": "Deployment to production completed successfully!"
            }

Reference Files

assets/test-workflow.yml - Testing workflow template
assets/deploy-workflow.yml - Deployment workflow template
assets/matrix-build.yml - Matrix build template
references/common-workflows.md - Common workflow patterns

Related Skills

gitlab-ci-patterns - For GitLab CI workflows
deployment-pipeline-design - For pipeline architecture
secrets-management - For secrets handling

Source

git clone https://github.com/wshobson/agents/blob/main/plugins/cicd-automation/skills/github-actions-templates/SKILL.mdView on GitHub

Overview

GitHub Actions Templates provide production-ready workflow patterns for testing, building, and deploying applications. They help teams standardize automated pipelines across projects, speeding up setup and ensuring secure, repeatable CI/CD. Use these templates to implement common patterns with minimal boilerplate.

How This Skill Works

The skill offers reusable workflow patterns (e.g., test, build, deploy) that leverage common Actions like checkout, setup-node, docker actions, and Kubernetes commands. These patterns can be dropped into a repository as YAML workflows and customized with project-specific steps, environments, and secrets. This enables consistent automation across tech stacks and deployment targets.

When to Use It

Automate testing and deployment across branches and pull requests
Build Docker images and push to registries like ghcr.io
Deploy to Kubernetes clusters (e.g., EKS, GKE)
Incorporate security scans and code quality checks into CI
Implement matrix builds to test multiple environments (OS, language versions)

Quick Start

Step 1: Choose a pattern (Test, Build and Push, Deploy to Kubernetes, or Matrix Build) that fits your project
Step 2: Create a workflow file under .github/workflows, configure triggers (push, pull_request) and environment variables
Step 3: Commit, push, and monitor the workflow Run; iterate by adjusting steps, caches, and secrets

Best Practices

Pin actions to specific, approved versions and monitor for updates
Use reusable workflows to reduce duplication and enforce consistency
Enable caching for dependencies and build steps to speed up runs
Employ least-privilege permissions and manage secrets securely
Organize workflows by purpose (test, build, deploy) and document inputs

Example Use Cases

Test Workflow pattern running on push and PRs with Node.js versions 18.x and 20.x
Build and Push Docker Image workflow targeting ghcr.io with metadata tagging
Deploy to Kubernetes workflow using AWS credentials and eks update-kubeconfig
Matrix Build workflow evaluating multiple OSes (ubuntu, macos, windows) and runtimes
Security scan integration within CI to catch vulnerabilities early

Frequently Asked Questions

Add this skill to your agents