A CI/CD pipeline that takes 20 minutes to set up will save you hours every week. Here's the complete setup for a Node.js app.
The Basic Pipeline
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: test
POSTGRES_DB: testdb
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run type check
run: npm run typecheck
- name: Run tests
run: npm test -- --coverage
env:
DATABASE_URL: postgresql://postgres:test@localhost/testdb
- name: Upload coverage
uses: codecov/codecov-action@v4
Caching for Speed
- name: Cache node_modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci --prefer-offline
With caching, npm ci goes from 60s to under 5s on cache hit.
Docker Build and Push
build:
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
myorg/myapp:latest
myorg/myapp:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
Deploy to Production
deploy:
needs: build
runs-on: ubuntu-latest
environment: production
if: github.ref == 'refs/heads/main'
steps:
- name: Deploy to server
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
cd /app
docker compose pull
docker compose up -d --no-deps app
docker system prune -f
Environment Secrets
Go to Settings > Secrets and variables > Actions in your repo, and add:
DOCKER_USERNAMEandDOCKER_TOKENSERVER_HOST,SERVER_USER,SSH_PRIVATE_KEY- Any API keys your tests need
Never hardcode secrets in workflows.
Branch Strategy
on:
push:
branches: [main, 'release/*']
pull_request:
types: [opened, synchronize, reopened]
jobs:
test:
runs-on: ubuntu-latest
steps:
- run: npm test
deploy-staging:
needs: test
if: github.ref == 'refs/heads/develop'
# deploy to staging
deploy-prod:
needs: test
if: startsWith(github.ref, 'refs/heads/release/')
environment: production
# deploy to production
Matrix Testing
Test against multiple Node versions and OSes:
test:
strategy:
matrix:
node: ['18', '20', '22']
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
Notifications
- name: Notify Slack on failure
if: failure()
uses: slackapi/slack-github-action@v1
with:
payload: |
{
"text": "Build failed: ${{ github.repository }} on ${{ github.ref }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
A solid CI/CD pipeline typically reduces deploy-related incidents by 60-80%. The upfront 20-minute investment pays for itself in the first month.