Week 9: Advanced CI/CD — GitHub Actions
Theme: Build production-grade CI/CD pipelines for containerized applications.
Learning Objectives
- Write multi-job GitHub Actions workflows with matrix builds
- Implement CI pipeline: lint → test → build → scan → push
- Implement CD pipeline: deploy to kind cluster
- Manage secrets securely with GitHub Environments and Actions Secrets
Reading Materials
- GitHub Actions Documentation
- GitHub Actions Workflow Syntax
- GitHub Actions Security Hardening
- Docker Build Push Action
- Kind GitHub Action
- GitHub Environments
- Trivy Container Scanner
Finger Exercises (choose 2)
- Create a GitHub Actions workflow that runs
go test ./...on push to main. Add linting withgolangci-lint. - Add a container scan step with Trivy to the workflow. Fail on HIGH or CRITICAL vulnerabilities.
- Create a GitHub Environment called "staging" with required reviewers. Configure a deployment protection rule.
Project
Create a GitHub Actions CI/CD pipeline for the Phase 1 Go + Python app:
- CI (on PR):
- Checkout + cache Go modules
- Run unit tests
- Run
golangci-lint - Build container images
- Scan images with Trivy
- Push to Docker Hub or GHCR (only on merge to main)
- CD (on push to main):
- Deploy to a kind cluster running in the action
- Run smoke tests (
curleach endpoint) - Post deployment status to a Slack webhook
Add README badges: build status, test coverage (optional), Trivy scan result.
Time Budget
| Activity | Time |
|---|---|
| Reading | 1.5 hrs |
| Finger exercises | 1.5 hrs |
| Project | 3 hrs |
| Total | 6 hrs |