| Directive | Purpose | Example |
|---|---|---|
on: |
Triggers workflow on Git repository events | on: push: branches: [main] |
jobs: |
Defines virtual machine jobs. Run concurrently by default. | jobs: build: runs-on: ubuntu-latest |
needs: |
Defines dependency order for jobs. Gates subsequent jobs. | deploy: needs: [test, build] |
strategy.matrix |
Executes a step across multiple versions of environments | node-version: [18, 20, 22] |
secrets |
Accesses encrypted repository environment variables | ${{ secrets.AWS_ACCESS_KEY_ID }} |
concurrency |
Controls parallel runs to avoid race conditions | cancel-in-progress: true |
name: Deploy App
on:
push:
branches: [main]
jobs:
test-and-build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
image-tag: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta tags
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: type=sha,prefix=,format=short
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
needs: test-and-build
runs-on: ubuntu-latest
environment: production # Gates production deploys with approval rules
steps:
- name: Deploy on Server via SSH
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
username: ubuntu
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
docker pull ${{ needs.test-and-build.outputs.image-tag }}
docker compose up -d --no-deps api
docker system prune -f