2: Why GitHub Actions?
Comparison of GitHub Actions with competitors
3: Core Features
Deep dive into workflow syntax, triggers, and job configuration
4: Advanced Features
Explore matrices, reusable workflows, and composite actions
•Runner Types and Execution Environments
•Persisting Build Outputs with Artifacts
•Controlling GitHub Permissions
•Authenticating to Third-Party Systems
•Matrix Strategies, Conditionals, and Concurrency Controls
5: Marketplace Actions
Discover and integrate community actions from the GitHub Marketplace
6: Authoring Actions
Build custom JavaScript and Docker actions from scratch
•JavaScript and TypeScript Actions
8: Developer Experience
Optimize logs, secrets, environments, and permissions for teams
•Developer Experience (Actions)
9: Best Practices
Harden workflows with security, reliability, and cost-saving techniques
•Maintainable Workflow Patterns
10: Capstone Project
Apply course concepts by automating a real-world deployment pipeline
Building and Deploy Workflows
Building and Pushing Container images
The build-push workflow mirrors the structure of the test workflow:
- Perform the same filtering step to determine which services need new images.
- Use full-depth checkouts (
fetch-depth: 0) sogit describecan compute semantic versions. - Authenticate to Docker Hub (skipped when running locally) and configure Buildx/QEMU for multi-arch builds.
- Invoke
docker/build-push-actionwith cache directives and tags supplied by helper Task targets.
Version tags come from task utils:generate-version and task utils:generate-version-tag, which inspect release tags to
produce either compact (production) or extended (staging/dev) identifiers like 1.2.3+0047-<sha>. The workflow supports
three trigger modes:
- Push to
main: builds staging images for any changed services. - Semantic tags (
services/node/api-node@1.2.3): treated as production releases for a single service. - Manual dispatch: accepts
serviceandversioninputs to rebuild ad hoc images (e.g., hotfix tags).
Guard clauses ensure the job short-circuits when no services change, preventing “empty matrix” failures.
Updating GitOps manifests
After images are built, each matrix job triggers update-gitops-manifests.yaml via gh workflow run. That workflow:
- Accepts
service,version, andenvironmentinputs. - Installs Task through a reusable composite action.
- Runs
task utils:update-image-tagsto searchdeploy/kubernetes/for files containing# staging_services/node/api-node(or similar markers) and updates their image tags. - Generates descriptive commit messages (
chore: update staging services/node/api-node to 1.2.3 [skip ci]). - Uses a custom
task utils:git-commit-pushhelper that retries on conflicts, ensuring concurrent runs eventually merge back tomain. - Applies concurrency controls (
concurrency.group = <workflow>-<env>-<service>) so only one deployment per service runs at a time.
Because the workflow mutates the default branch, we skip Act during local testing for these steps and rely on remote runs for validation.