Initial commit

2025-11-29 18:33:18 +08:00
commit e9f9751487
13 changed files with 3423 additions and 0 deletions
--- a/skills/github-actions-templates/SKILL.md
+++ b/skills/github-actions-templates/SKILL.md
@@ -0,0 +1,333 @@
+---
+name: github-actions-templates
+description: Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
+---
+
+# GitHub Actions Templates
+
+Production-ready GitHub Actions workflow patterns for testing, building, and deploying applications.
+
+## Purpose
+
+Create efficient, secure GitHub Actions workflows for continuous integration and deployment across various tech stacks.
+
+## When to Use
+
+- Automate testing and deployment
+- Build Docker images and push to registries
+- Deploy to Kubernetes clusters
+- Run security scans
+- Implement matrix builds for multiple environments
+
+## Common Workflow Patterns
+
+### Pattern 1: Test Workflow
+
+```yaml
+name: Test
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Run linter
+      run: npm run lint
+
+    - name: Run tests
+      run: npm test
+
+    - name: Upload coverage
+      uses: codecov/codecov-action@v3
+      with:
+        files: ./coverage/lcov.info
+```
+
+**Reference:** See `assets/test-workflow.yml`
+
+### Pattern 2: Build and Push Docker Image
+
+```yaml
+name: Build and Push
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+
+    - name: Build and push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+```
+
+**Reference:** See `assets/deploy-workflow.yml`
+
+### Pattern 3: Deploy to Kubernetes
+
+```yaml
+name: Deploy to Kubernetes
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-west-2
+
+    - name: Update kubeconfig
+      run: |
+        aws eks update-kubeconfig --name production-cluster --region us-west-2
+
+    - name: Deploy to Kubernetes
+      run: |
+        kubectl apply -f k8s/
+        kubectl rollout status deployment/my-app -n production
+        kubectl get services -n production
+
+    - name: Verify deployment
+      run: |
+        kubectl get pods -n production
+        kubectl describe deployment my-app -n production
+```
+
+### Pattern 4: Matrix Build
+
+```yaml
+name: Matrix Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Run tests
+      run: pytest
+```
+
+**Reference:** See `assets/matrix-build.yml`
+
+## Workflow Best Practices
+
+1. **Use specific action versions** (@v4, not @latest)
+2. **Cache dependencies** to speed up builds
+3. **Use secrets** for sensitive data
+4. **Implement status checks** on PRs
+5. **Use matrix builds** for multi-version testing
+6. **Set appropriate permissions**
+7. **Use reusable workflows** for common patterns
+8. **Implement approval gates** for production
+9. **Add notification steps** for failures
+10. **Use self-hosted runners** for sensitive workloads
+
+## Reusable Workflows
+
+```yaml
+# .github/workflows/reusable-test.yml
+name: Reusable Test Workflow
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        required: true
+        type: string
+    secrets:
+      NPM_TOKEN:
+        required: true
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+    - run: npm ci
+    - run: npm test
+```
+
+**Use reusable workflow:**
+```yaml
+jobs:
+  call-test:
+    uses: ./.github/workflows/reusable-test.yml
+    with:
+      node-version: '20.x'
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+```
+
+## Security Scanning
+
+```yaml
+name: Security Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy results to GitHub Security
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+    - name: Run Snyk Security Scan
+      uses: snyk/actions/node@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```
+
+## Deployment with Approvals
+
+```yaml
+name: Deploy to Production
+
+on:
+  push:
+    tags: [ 'v*' ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://app.example.com
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Deploy application
+      run: |
+        echo "Deploying to production..."
+        # Deployment commands here
+
+    - name: Notify Slack
+      if: success()
+      uses: slackapi/slack-github-action@v1
+      with:
+        webhook-url: ${{ secrets.SLACK_WEBHOOK }}
+        payload: |
+          {
+            "text": "Deployment to production completed successfully!"
+          }
+```
+
+## Reference Files
+
+- `assets/test-workflow.yml` - Testing workflow template
+- `assets/deploy-workflow.yml` - Deployment workflow template
+- `assets/matrix-build.yml` - Matrix build template
+- `references/common-workflows.md` - Common workflow patterns
+
+## Related Skills
+
+- `gitlab-ci-patterns` - For GitLab CI workflows
+- `deployment-pipeline-design` - For pipeline architecture
+- `secrets-management` - For secrets handling