A comprehensive, production-ready GitHub Actions project demonstrating modern CI/CD best practices, automated semantic versioning, Docker containerization, and AWS Lambda deployment workflows.
- Overview
- Features
- Project Structure
- Getting Started
- Workflows
- Custom Actions
- Example Applications
- Semantic Versioning
- Best Practices
- Contributing
- License
This project consolidates best practices from multiple GitHub Actions learning projects into a single, comprehensive reference implementation. It showcases:
- CI/CD Pipelines: Automated testing, building, and deployment
- Semantic Versioning: Automated version management based on conventional commits
- Docker Integration: Multi-stage builds, multi-platform support, and security scanning
- AWS Lambda Deployment: Serverless function packaging and deployment
- Custom Actions: Reusable action development with Node.js
- Code Quality: Linting, security scanning, and automated PR checks
- Continuous Integration: Matrix builds across multiple Node.js versions and OS platforms
- Code Quality Checks: ESLint, Prettier, and CodeQL analysis
- Security Scanning: Dependency audits, secret detection, and vulnerability scanning
- Automated Testing: Unit tests, integration tests, and coverage reporting
- Pull Request Validation: Automated PR labeling, size checking, and quality gates
- Multi-stage Builds: Optimized images with minimal attack surface
- Multi-platform Support: Builds for amd64 and arm64 architectures
- Container Security: Trivy scanning for vulnerabilities
- Registry Publishing: Automated pushes to Docker Hub and GitHub Container Registry
- Health Checks: Built-in container health monitoring
- Automated Versioning: Version bumps based on commit messages
- Changelog Generation: Auto-generated release notes
- Git Tagging: Automatic tag creation and management
- GitHub Releases: Release creation with assets
- Commit Convention: Enforced conventional commit format
- Automated Packaging: Lambda function ZIP creation with dependencies
- Environment Management: Deploy to dev, staging, or production
- Post-deployment Testing: Automated Lambda invocation tests
- CloudWatch Integration: Logging and monitoring support
- Reusable Component: Example action demonstrating best practices
- Input Validation: Proper parameter handling and validation
- Output Generation: Structured outputs for subsequent steps
- Error Handling: Comprehensive error management
- Documentation: Inline comments and usage examples
github-actions/
├── .github/
│ ├── actions/
│ │ └── hello-action/ # Custom GitHub Action
│ │ ├── action.yml # Action metadata
│ │ ├── index.js # Action implementation
│ │ └── package.json # Action dependencies
│ └── workflows/
│ ├── ci.yml # Continuous Integration
│ ├── docker.yml # Docker build and push
│ ├── release.yml # Semantic release
│ ├── deploy-lambda.yml # AWS Lambda deployment
│ └── pr-checks.yml # Pull request validation
├── examples/
│ ├── node-app/ # Node.js Express application
│ │ ├── server.js # Express server
│ │ ├── test.js # Test suite
│ │ ├── worker.js # Worker thread
│ │ ├── Dockerfile # Multi-stage Docker build
│ │ └── package.json # App dependencies
│ └── lambda-function/ # AWS Lambda function
│ ├── lambda_function.py # Lambda handler
│ └── requirements.txt # Python dependencies
├── package.json # Root package.json
├── release.config.js # Semantic release config
├── .commitlintrc.json # Commit message linting
├── .gitignore # Git ignore rules
└── README.md # This file
- Node.js: v18+ and npm v9+
- Docker: For building and running containers
- AWS CLI: For Lambda deployment (optional)
- Git: For version control
-
Clone the repository:
git clone https://github.com/yourusername/github-actions.git cd github-actions -
Install dependencies:
npm run install:all
-
Set up Git hooks (optional):
npm run prepare
cd examples/node-app
npm install
npm startVisit http://localhost:8000 to see the application.
cd examples/lambda-function
python3 lambda_function.pycd .github/actions/hello-action
npm install
node index.jsTriggers: Push to main/develop, Pull requests
Jobs:
- Code quality checks (linting, formatting)
- Security scanning (npm audit, CodeQL)
- Matrix builds (Node 18, 20, 21 × Ubuntu, Windows, macOS)
- Custom action testing
- Build summary generation
Usage:
# Automatically runs on push and PR
# Manual trigger from Actions tabTriggers: Push to main, Version tags
Jobs:
- Build Docker image with BuildKit caching
- Run container tests
- Vulnerability scanning with Trivy
- Multi-platform build (amd64, arm64)
- Push to Docker Hub and GHCR
Usage:
# Triggered automatically on push to main
# Or manually trigger from Actions tabTriggers: Push to main branch
Jobs:
- Validate commit messages
- Analyze commits for version bump
- Generate changelog
- Create GitHub release
- Update package.json versions
- Trigger downstream workflows
Commit Convention:
feat: add new feature # Minor version bump
fix: resolve bug # Patch version bump
feat!: breaking change # Major version bump
docs: update documentation # No release
chore: maintenance task # No releaseUsage:
# Make commits following conventional format
git commit -m "feat: add user authentication"
git push origin main
# Release is automatically createdTriggers: Push to main, Manual dispatch
Jobs:
- Validate Python code (linting)
- Create deployment package
- Deploy to AWS Lambda
- Run post-deployment tests
- Check CloudWatch logs
Usage:
# Manual deployment with environment selection
# Go to Actions → Deploy to AWS Lambda → Run workflow
# Select environment: development, staging, or productionPrerequisites:
- Set
AWS_ACCESS_KEY_IDsecret - Set
AWS_SECRET_ACCESS_KEYsecret - Lambda function must exist in AWS
Triggers: Pull request events
Jobs:
- Auto-label PRs by size and type
- Check PR title format
- Code quality checks
- Secret scanning
- Test execution
- Generate PR summary
Usage:
# Automatically runs on PR creation/update
# No manual intervention neededA demonstration action showing best practices for custom action development.
Inputs:
who-to-greet: Name of person to greet (default: "World")greeting-style: Style of greeting (formal/casual/enthusiastic)include-timestamp: Whether to include timestamp
Outputs:
message: Complete greeting messagetimestamp: ISO 8601 timestampgreeted-person: Name of greeted person
Usage:
- name: Use custom action
uses: ./.github/actions/hello-action
with:
who-to-greet: 'GitHub Actions Expert'
greeting-style: 'enthusiastic'
include-timestamp: 'true'A production-ready Express.js application featuring:
- Health check endpoints (
/health,/ready) - Metrics endpoint (
/metrics) - Worker thread support (
/heavy) - Graceful shutdown handling
- Request logging
- Error handling
Endpoints:
GET /- Application infoGET /health- Health checkGET /ready- Readiness checkGET /metrics- Application metricsGET /heavy- CPU-intensive task demo
A well-structured Lambda function demonstrating:
- Input validation
- Error handling
- Structured logging
- CloudWatch integration
- Type hints
- Local testing support
Handler: lambda_handler
Runtime: Python 3.11+
This project uses semantic-release for automated version management.
<type>(<scope>): <subject>
<body>
<footer>
| Type | Description | Version Bump |
|---|---|---|
feat |
New feature | Minor (0.x.0) |
fix |
Bug fix | Patch (0.0.x) |
feat! |
Breaking change | Major (x.0.0) |
perf |
Performance improvement | Patch |
refactor |
Code refactoring | Patch |
docs |
Documentation | None |
test |
Tests | None |
chore |
Maintenance | None |
ci |
CI/CD changes | None |
# Feature (minor bump)
git commit -m "feat: add user authentication"
# Bug fix (patch bump)
git commit -m "fix: resolve login error"
# Breaking change (major bump)
git commit -m "feat!: migrate to new API
BREAKING CHANGE: The API has been completely redesigned"
# Documentation (no release)
git commit -m "docs: update installation guide"✅ DO:
- Use matrix builds for multiple versions/platforms
- Cache dependencies for faster builds
- Use specific action versions (
@v4, not@main) - Set minimal required permissions
- Fail fast on critical errors
- Use environment-specific configurations
❌ DON'T:
- Hardcode secrets in workflows
- Use
@latestor@mainfor actions in production - Grant excessive permissions
- Skip security checks
- Ignore linter warnings
✅ DO:
- Use multi-stage builds
- Run as non-root user
- Use specific base image tags
- Implement health checks
- Scan for vulnerabilities
- Minimize layer count
❌ DON'T:
- Use
latesttag in production - Run as root user
- Include secrets in images
- Copy unnecessary files
- Ignore security warnings
✅ DO:
- Use GitHub secrets for sensitive data
- Enable Dependabot
- Run security scans (CodeQL, Trivy)
- Use OIDC for AWS authentication (when possible)
- Rotate credentials regularly
- Review and audit third-party actions
❌ DON'T:
- Commit secrets to repository
- Use personal access tokens unnecessarily
- Skip vulnerability scans
- Ignore security alerts
- Use untrusted third-party actions
We welcome contributions! Here's how to get started:
- Fork the repository
- Create a feature branch:
git checkout -b feat/amazing-feature - Make your changes
- Commit using conventional format:
git commit -m "feat: add amazing feature" - Push to your fork:
git push origin feat/amazing-feature - Open a Pull Request
Please follow the Conventional Commits specification. Use npm run commit to use the interactive commit tool.
This project is licensed under the MIT License - see the LICENSE file for details.
This project consolidates learning from multiple GitHub Actions experiments and incorporates best practices from:
- GitHub Actions documentation
- Docker best practices
- AWS Lambda development guidelines
- Semantic release community
- Open source CI/CD patterns
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: See workflow files for inline documentation
- GitHub Actions Documentation
- Semantic Release Documentation
- Docker Best Practices
- AWS Lambda Documentation
- Conventional Commits
Built with ❤️ for the DevOps community
If you find this project helpful, please consider giving it a ⭐ on GitHub!