edit_document// BLOG_POST.md

GitHub Actions CI/CD: Build, Test, and Deploy Directly from Your Repository

//

, ,

GitHub Actions brings CI/CD directly into your repository. Every push, PR, or scheduled event can trigger automated build/test/deploy workflows. Its marketplace of 20,000+ pre-built actions means you rarely write complex scripts from scratch.

Complete CI/CD Pipeline

name: CI/CD Pipeline
on:
  push: { branches: [main, develop] }
  pull_request: { branches: [main] }
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix: { node-version: [18, 20, 22] }
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: "${{ matrix.node-version }}", cache: 'npm' }
      - run: npm ci
      - run: npm run lint
      - run: npm test -- --coverage --ci
      - name: Upload coverage
        if: matrix.node-version == 20
        uses: codecov/codecov-action@v4

  build:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: 'npm' }
      - run: npm ci && npm run build
      - uses: actions/upload-artifact@v4
        with: { name: build-output, path: dist/, retention-days: 7 }

  deploy:
    needs: build
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    environment: production
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        with: { name: build-output, path: dist/ }
      - name: Deploy
        env: { DEPLOY_KEY: "${{ secrets.DEPLOY_KEY }}" }
        run: echo "Deploying to production..."

Key Features

Matrix builds: Test across Node versions, OSes, database versions in parallel. Caching: Reuse node_modules between runs — 90s builds drop to 20s. Environments & secrets: Gate deployments with approvals, inject encrypted credentials. Reusable workflows: Define CI patterns once, reference across repos. Composite actions: Package multiple steps into one reusable action.

Security Best Practices

Pin action versions to prevent supply chain attacks (use @v4 or commit SHA, never @main). Use fail-fast: true on matrices. Use concurrency groups to cancel redundant runs. Minimize secret exposure — least-privilege permissions, never echo secrets. GitHub Actions is powerful enough for enterprise CI/CD while simple enough for side projects.

Further reading: GitHub Actions Docs | Actions Marketplace

> TAGS: , , , , , ,

arrow_circle_right// POST_NAVIGATION

forum// COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *