CI/CD Patterns Playbook
Minimalistic, powerful GitHub Actions recipes you can copy and adapt.
The Patterns
| Pattern | Trigger | Why It Matters |
|---|---|---|
| Tag → Release | push: tags: ['v*'] |
Immutable, auditable releases |
| Label → Deploy | PR label added | Human-in-the-loop deploys |
| Comment → Action | .deploy, .approve |
ChatOps without external tools |
| Reusable Workflows | workflow_call |
DRY across repos |
| Environment Gates | environment: production |
Approval + secrets isolation |
| Matrix Testing | strategy: matrix |
Multi-version coverage |
| Path Filtering | paths: ['src/**'] |
Monorepo efficiency |
| Concurrency | concurrency: group |
Prevent race conditions |
| Security Scanning | Push, PR, weekly | Automated vulnerability detection |
| Docker Build | Push, tags | Multi-platform container images |
| Dependabot | Weekly schedule | Automated dependency updates |
| CODEOWNERS | PR opened | Auto-assign reviewers |
Quick Reference
Tag-Based Releases
git tag v1.0.0 && git push origin v1.0.0→ Creates GitHub Release with changelog
Label-Triggered Deploys
| Label | Effect |
|---|---|
deploy-staging |
Deploy PR branch to staging |
deploy-prod |
Deploy to production (with approval) |
IssueOps Commands
| Command | Action |
|---|---|
.help |
Show commands |
.deploy [env] |
Trigger deployment |
.approve / .deny |
Approve or reject request |
Core Snippets
Concurrency Control — Cancel redundant runs:
concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true
Environment Gate — Require approval:
jobs: deploy: environment: production # Configure reviewers in Settings → Environments
Label Trigger — React to labels:
on: pull_request: types: [labeled] jobs: deploy: if: github.event.label.name == 'deploy-staging'
Reusable Workflow — Call shared logic:
jobs: deploy: uses: ./.github/workflows/reusable-deploy.yml with: environment: staging
Matrix Strategy — Test across versions:
strategy: matrix: node: [18, 20, 22] os: [ubuntu-latest, macos-latest]
Setup
- Fork this repo
- Configure Environments → add
stagingandproduction - Set reviewers on
productionfor approval gates - Push to
main→ CI runs - Tag with
v1.0.0→ Release created - Add label to PR → Deploy triggered
See EXERCISE.md for a full walkthrough.
Live Examples
This repo includes intentional demo artifacts to show workflows in action:
| Item | Purpose |
|---|---|
| PR #1 | Demonstrates Auto Label, Deploy on Label, IssueOps commands |
| Issue #2 | Demonstrates IssueOps .approve workflow |
Learn More
License
Modules
| Module | Description |
|---|---|
src/index.js |
Main entry point |
src/math.js |
Core math operations |
src/utils.js |
Utility helpers |
src/config.js |
Configuration |
src/constants.js |
Constants |