Back to DevOps & CI/CD
github-actions-templates
GitHub ActionsCI/CDDevOpsAutomationWorkflowsDeploymentTestingDocker
Install this skill
npx skills add wshobson/agentsWorks across Claude Code, Cursor, Codex, Copilot & Antigravity
The github-actions-templates skill provides a collection of standardized workflow configurations for GitHub Actions. It assists developers in establishing consistent CI/CD pipelines by supplying battle-tested YAML structures for testing, container packaging, Kubernetes orchestration, and multi-environment matrix builds. By incorporating these pre-configured templates, teams avoid repetitive boilerplate setup while maintaining security and performance standards across their repositories. The repository includes configurations for caching dependencies, managing secrets for cloud deployments, and handling cross-platform testing scenarios. These templates focus on modern best practices, such as using tagged action versions and granular permission definitions, ensuring that automation remains reliable and observable. It is a utility for developers wanting to standardize their software delivery lifecycle without writing complex workflow syntax from scratch or troubleshooting individual runner configuration issues.
When to Use This Skill
- •Setting up CI for a new repository to ensure code quality on every push
- •Publishing container images to GitHub Packages or external registries
- •Deploying application updates to production Kubernetes environments automatically
- •Validating project compatibility across multiple programming language versions
How to Invoke This Skill
Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:
- “Create a GitHub Actions workflow for testing my application
- “Generate a template to build and push a Docker image to GHCR
- “Help me deploy my code to Kubernetes using a GitHub Action
- “Set up a matrix build for my Python project on multiple OS
- “Show me the standard pattern for a Node.js CI pipeline
Pro Tips
- 💡Utilize GitHub Actions 'secrets' to securely manage sensitive credentials, API keys, and deployment tokens, preventing their exposure in public repositories.
- 💡Parameterize your workflows with inputs or environment variables to make them more reusable and adaptable across different projects or environments.
- 💡Integrate security scanning actions (e.g., SAST, DAST, dependency scanning) directly into your CI pipeline to identify vulnerabilities early in the development cycle.
What this skill does
- •Generates standardized test suites for Node.js and Python projects
- •Automates Docker image construction and registry authentication
- •Configures secure Kubernetes deployment pipelines for EKS clusters
- •Executes cross-platform matrix testing across OS and language versions
- •Integrates dependency caching to optimize workflow execution times
When not to use it
- ✕When workflows require integration with non-standard proprietary CI platforms
- ✕For projects that rely entirely on local, non-cloud infrastructure without Git-based triggers
Example workflow
- Define workflow triggers based on pull requests and branch merges
- Configure environment secrets for cloud and registry access
- Implement dependency caching steps to reduce pipeline runtime
- Execute automated linting, unit tests, and coverage reporting
- Deploy application artifacts to the target environment upon successful validation
Prerequisites
- –Active GitHub repository
- –Access to GitHub Secrets for API keys or credentials
- –Docker Hub or GitHub Container Registry account for image storage
- –Configured Kubernetes cluster for deployment targets
Pitfalls & limitations
- !Hardcoding secrets directly into YAML files instead of using GitHub Secrets
- !Using @latest or unstable action tags which can cause unexpected breakage
- !Failing to define granular workflow permissions, creating potential security vulnerabilities
FAQ
Why should I use specific versions like @v4 instead of @latest?
Specifying versions prevents your workflow from breaking unexpectedly when maintainers push breaking updates to their actions.
Can these templates be customized for private registries?
Yes, you can modify the docker/login-action configuration to point to any registry by updating the server URL and credentials.
How do I ensure secrets remain secure?
Always store sensitive data in your repository's settings under Secrets and reference them using the ${{ secrets.NAME }} syntax.
Are these templates compatible with self-hosted runners?
Yes, you can swap the runs-on: ubuntu-latest label with your self-hosted runner label within any job definition.
How it compares
Unlike generic AI code generation which may produce outdated syntax, these templates reflect current industry standards and validated configurations that are ready for immediate repository integration.
📄 Full skill instructions — original source: wshobson/agents
# GitHub Actions Templates
Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
## Purpose
Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
## When to Use
- Automate testing and deployment
- Build Docker images and push to registries
- Deploy to Kubernetes clusters
- Run security scans
- Implement matrix builds for multiple environments
## Common Workflow Patterns
### Pattern 1: Test Workflow
**Reference:** See
### Pattern 2: Build and Push Docker Image
**Reference:** See
### Pattern 3: Deploy to Kubernetes
### Pattern 4: Matrix Build
**Reference:** See
## Workflow Best Practices
1. **Use specific action versions** (@v4, not @latest)
2. **Cache dependencies** to speed up builds
3. **Use secrets** for sensitive data
4. **Implement status checks** on PRs
5. **Use matrix builds** for multi-version testing
6. **Set appropriate permissions**
7. **Use reusable workflows** for common patterns
8. **Implement approval gates** for production
9. **Add notification steps** for failures
10. **Use self-hosted runners** for sensitive workloads
## Reusable Workflows
**Use reusable workflow:**
## Security Scanning
## Deployment with Approvals
## Reference Files
-
-
-
-
## Related Skills
-
-
-
Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
## Purpose
Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
## When to Use
- Automate testing and deployment
- Build Docker images and push to registries
- Deploy to Kubernetes clusters
- Run security scans
- Implement matrix builds for multiple environments
## Common Workflow Patterns
### Pattern 1: Test Workflow
name: Test
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run tests
run: npm test
- name: Upload coverage
uses: codecov/codecov-action@v3
with:
files: ./coverage/lcov.info**Reference:** See
assets/test-workflow.yml### Pattern 2: Build and Push Docker Image
name: Build and Push
on:
push:
branches: [main]
tags: ["v*"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max**Reference:** See
assets/deploy-workflow.yml### Pattern 3: Deploy to Kubernetes
name: Deploy to Kubernetes
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Update kubeconfig
run: |
aws eks update-kubeconfig --name production-cluster --region us-west-2
- name: Deploy to Kubernetes
run: |
kubectl apply -f k8s/
kubectl rollout status deployment/my-app -n production
kubectl get services -n production
- name: Verify deployment
run: |
kubectl get pods -n production
kubectl describe deployment my-app -n production### Pattern 4: Matrix Build
name: Matrix Build
on: [push, pull_request]
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run tests
run: pytest**Reference:** See
assets/matrix-build.yml## Workflow Best Practices
1. **Use specific action versions** (@v4, not @latest)
2. **Cache dependencies** to speed up builds
3. **Use secrets** for sensitive data
4. **Implement status checks** on PRs
5. **Use matrix builds** for multi-version testing
6. **Set appropriate permissions**
7. **Use reusable workflows** for common patterns
8. **Implement approval gates** for production
9. **Add notification steps** for failures
10. **Use self-hosted runners** for sensitive workloads
## Reusable Workflows
# .github/workflows/reusable-test.yml
name: Reusable Test Workflow
on:
workflow_call:
inputs:
node-version:
required: true
type: string
secrets:
NPM_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
- run: npm ci
- run: npm test**Use reusable workflow:**
jobs:
call-test:
uses: ./.github/workflows/reusable-test.yml
with:
node-version: "20.x"
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}## Security Scanning
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
- name: Run Snyk Security Scan
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}## Deployment with Approvals
name: Deploy to Production
on:
push:
tags: ["v*"]
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://app.example.com
steps:
- uses: actions/checkout@v4
- name: Deploy application
run: |
echo "Deploying to production..."
# Deployment commands here
- name: Notify Slack
if: success()
uses: slackapi/slack-github-action@v1
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
payload: |
{
"text": "Deployment to production completed successfully!"
}## Reference Files
-
assets/test-workflow.yml - Testing workflow template-
assets/deploy-workflow.yml - Deployment workflow template-
assets/matrix-build.yml - Matrix build template-
references/common-workflows.md - Common workflow patterns## Related Skills
-
gitlab-ci-patterns - For GitLab CI workflows-
deployment-pipeline-design - For pipeline architecture-
secrets-management - For secrets handlingBy W. Shobson
How to Use This Skill Unit
Option A: Project-Specific (Recommended)
- Click "Download" above
- In your project, create the directory:
.agent/skills/github-actions-templates/ - Save the file as
SKILL.md - The agent will automatically discover the skill based on its description.
Option B: Global Installation (All Agents)
Save the file to these locations to make it available across all projects:
- Claude Code:
~/.claude/skills/wshobson/agents/github-actions-templates/SKILL.md - Cursor:
~/.cursor/skills/wshobson/agents/github-actions-templates/SKILL.md - Antigravity:
~/.gemini/antigravity/skills/wshobson/agents/github-actions-templates/SKILL.md
🚀 Install with CLI:npx skills add wshobson/agents
Recommended Rules
View more rules →CI/CD Pipelines (GitHub Actions, GitLab CI)
CI/CDGitHub ActionsGitLab CI
You are an expert in CI/CD pipelines, specifically GitHub Actions and GitLab CI. Key Principles: - Fail fast and provide feedback - Automate everythi...
🚀 DevOps & CI/CD Agent - Pipeline Expert
Agentic AIDevOpsCI/CD
You are an expert DevOps and CI/CD agent specialized in designing and implementing robust deployment pipelines and infrastructure. Apply systematic re...
Python DevOps & Infrastructure Automation
PythonDevOpsInfrastructure
You are an expert in Python for DevOps, infrastructure automation, and CI/CD. Key Principles: - Automate repetitive tasks - Use infrastructure as cod...
Recommended Workflows
View more workflows →Setup Preview Deployments
CI/CDGitHub ActionsDeployment
--- description: Auto-deploy PRs --- 1. **Create GitHub Action**: ```yaml name: Preview on: pull_request: types: [opened, synchr...
Implement Blue-Green Deployment
DeploymentDevOpsZero-Downtime
--- description: Zero-downtime deploys --- 1. **Setup Two Environments**: - Blue: Current (v1.0) - Green: New (v1.1) 2. **Route Traffic Gradua...
Deploy to Vercel Preview
VercelDeploymentCI/CD
--- description: Push current branch to a Vercel preview URL --- 1. **Install Vercel CLI**: - Ensure you have the CLI. // turbo - Run `npm i...
