Setting up CI/CD for website via GitHub Actions
GitHub Actions is built directly into the repo—no external servers, no separate accounts. Workflows are described in YAML and stored in .github/workflows/. For most projects, this is enough: tests, build, deploy.
Workflow structure
Minimal workflow for Node.js site with SSH deploy:
name: Deploy
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm test
build:
needs: test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
deploy:
needs: build
runs-on: ubuntu-22.04
environment: production
steps:
- uses: actions/download-artifact@v4
with:
name: dist
- name: Deploy via rsync
uses: burnett01/[email protected]
with:
switches: -avzr --delete
path: dist/
remote_path: /var/www/mysite
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_user: deploy
remote_key: ${{ secrets.DEPLOY_KEY }}
Three jobs: test → build → deploy. If tests fail, build won't run.
Secrets management
All sensitive data goes in Settings → Secrets and variables. No keys in code.
- name: Configure .env
run: |
echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env
Laravel project
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
extensions: pdo_pgsql, redis
- run: composer install --no-dev --optimize-autoloader
- run: php artisan config:cache
Docker build and push
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
cache-from: type=gha
Notifications
- name: Notify Telegram on failure
if: failure()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_CHAT_ID }}
token: ${{ secrets.TELEGRAM_TOKEN }}
message: "Deployment failed"
Setup time: 1-2 days for basic test + deploy workflow.