-
What is GitHub Actions?
-
Why use GitHub Actions for CI/CD?
-
Key concepts
- Workflows
- Events
- Jobs
- Steps
- Runners
-
YAML basics for GitHub Actions
-
GitHub-hosted vs self-hosted runners
- Creating the first workflow
- Triggering workflows (push, pull_request, schedule, workflow_dispatch)
- Using actions from the marketplace
- Environment variables & secrets
- Artifacts (upload/download)
- Caching basics (npm, pip, gradle, maven)
- Using matrices to test multiple versions (Node/Java/Python)
-
Setting up code checkout and environment
-
Installing dependencies
-
Running unit tests
-
Linting and formatting
-
Generating test reports
-
Matrix CI pipelines
- Multiple Node/Python/Java versions
- OS matrix (windows, ubuntu, macOS)
-
Using job dependencies (needs:)
-
Writing Dockerfiles
-
Building images using GitHub Actions
-
Caching Docker layers
-
Using Buildx & QEMU for multi-architecture builds
-
Tagging strategies (latest, commit SHA, semantic versioning)
-
Pushing images to registries:
- GitHub Container Registry (GHCR)
- Docker Hub
- Azure Container Registry (ACR)
-
Storing credentials securely using GitHub Secrets
-
OIDC authentication (passwordless login to Azure)
- Introduction to deployment workflows
- Environments & deployment rules
- Manual approvals
- Reusable workflows for deployments
- Branch-based deployments (dev/staging/prod)
- Versioned deployments (tags & releases)
-
Kubernetes basics for CI/CD
-
Deploying to AKS (Azure Kubernetes Service)
-
Using kubectl in GitHub Actions
-
Applying Kubernetes manifests
-
Rolling updates
-
Canary/Blue-Green deployment strategies
-
Using Helm for deployment:
- Writing a Helm chart
- Passing values dynamically
- Versioning Helm releases
-
Secrets and configmaps management
-
Azure setup required:
- ACR
- AKS
- Azure Service Principal or OIDC federation
-
Deploying Docker images to ACR
-
Connecting ACR → AKS
-
GitHub Actions authentication using OIDC
-
Full CI/CD flow:
- Build image
- Push to ACR
- Deploy to AKS
-
Monitoring & logging deployment
-
Workflow-level caching (dependencies, Docker layers)
-
Reusable workflows for DRY pipelines
-
Conditional jobs (if:)
-
Parallel jobs & matrix strategies
-
Speed optimization:
- Self-hosted runners
- Build artifact reuse
- Instance size selection
-
Cost optimization & runner efficiency
- Secrets management
- OIDC vs classic secrets authentication
- Permissions (read/write)
- Least-privilege principle
- Dependency scanning & SAST with GitHub Advanced Security
- Container security scanning (Trivy, Snyk)
A complete production-grade pipeline including:
- Lint
- Unit tests
- Integration tests
- Matrix versions
- Artifact upload
- Build image
- Cache layers
- Tag with SHA + version
- Push to registry (GHCR/ACR)
- Deploy to AKS using Helm
- Detect changes
- Roll out update
- Check status
- Notify Slack or Teams
Pipeline includes:
- Branch strategies (PR → dev → staging → prod)
- Manual approval gates
- Rollback workflow
- Automated version bump + release creation
- Reading logs
- Enabling runner debug mode
- Handling failed jobs
- Retrying jobs
- Validating YAML
- Testing workflows locally with
act
- Use secrets sparingly
- Prefer OIDC for cloud auth
- Use reusable workflows
- Keep CI fast (<10 mins)
- Use environments + approvals
- Automate everything: test → build → deploy → monitor