A curated collection of production-ready GitHub Actions workflows for different languages and goals.
This repository provides copy-and-paste GitHub Actions workflows organized by language and purpose. Each workflow is designed to be:
- Production-ready - Used in real-world projects
- Well-documented - Clear comments and configuration guidance
- Customizable - Easy to adapt for your needs
- Modern - Following current best practices
- Browse workflows by language or goal
- Copy the workflow file to your project's
.github/workflows/directory - Customize variables (name, repository URLs, etc.)
- Commit and push!
| Language | CI | Release | Security | Docs |
|---|---|---|---|---|
| Rust | β | β | β | README |
| TypeScript/Node.js | β | β | β | README |
| Python | β | β | β | README |
| Go | β | β | β | README |
| Java/Kotlin | β | β | β | - |
| Goal | Description | Workflows |
|---|---|---|
| CI | Run tests, linting, formatting on every push/PR | CI by language |
| Release | Build and publish releases, packages, Docker images | Release by language |
| Security | Dependency updates, vulnerability scanning, CodeQL | Security workflows |
| Container | Docker builds, security scans, multi-arch images | Container workflows |
| Infrastructure | Terraform, CloudFormation, Kubernetes deployments | Infrastructure workflows |
| Database | Flyway, Liquibase database migrations | Database workflows |
| E2E Testing | Playwright, Cypress, Selenium browser tests | E2E workflows |
| Code Quality | Bundle size, APK size, maintainability tracking | Code Quality workflows |
| Documentation | Build and deploy documentation | Documentation workflows |
| Monitoring | Health checks, uptime monitoring | Monitoring workflows |
| Notifications | Issue creation, email alerts | Notification workflows |
| Maintenance | Auto-close conflicted PRs, stale issues, lockfile updates | Maintenance workflows |
| Performance | Benchmark tracking and regression detection | Performance workflows |
Beyond language-specific package managers, we also support:
| Package Manager | Platform | Workflow |
|---|---|---|
| Homebrew | macOS/Linux | Formula updates for Homebrew taps |
| paru | Arch Linux AUR | AUR package publishing |
| mise | Cross-platform | mise tool definitions |
| nix | Linux/macOS | Nixpkgs derivations and flakes |
| CocoaPods | iOS/macOS | iOS library distribution |
| Scoop | Windows | Windows package manager |
| Chocolatey | Windows | Windows chocolatey packages |
| JSR | JavaScript | JSR (JavaScript Registry) |
| Maven Central | Java/Kotlin | Sonatype OSSRH publishing |
| Gradle Plugin Portal | Gradle | Gradle plugin distribution |
| Conda Forge | Python/Conda | Conda package publishing |
| PyPI Trusted Publishing | Python | OIDC PyPI publishing |
| Buildroot | Embedded Linux | Buildroot package integration |
| Yocto | Embedded Linux | OpenEmbedded recipes |
| Platform | CI | Release |
|---|---|---|
| Android | β | β (Google Play, Firebase, APK) |
| iOS | π§ | π§ (CocoaPods above) |
The Android collection includes:
- APK Release: Build and release APK/AAB files to GitHub releases
- Google Play: Publish directly to Google Play Store
- Firebase: Distribute to testers via Firebase App Distribution
- CI: Lint, unit tests, instrumented tests, security scans
The Java collection includes:
- Maven Central: Publish to Maven Central via Sonatype OSSRH
- Gradle Plugin Portal: Publish Gradle plugins to the official portal
- CI: Tests, linting, code quality checks
Pre-configured templates for each language:
| Language | Formatter | Linter | Type Checker | Security |
|---|---|---|---|---|
| Rust | rustfmt.toml | clippy.toml | - | deny.toml |
| TypeScript | .prettierrc | .eslintrc.json | tsconfig.json | .npmrc |
| Python | Ruff | Ruff | mypy | Bandit |
| Go | gofmt | .golangci.yml | - | gosec |
- Getting Started - Detailed setup guide
- Structure - How workflows are organized
- Customization - Adapting workflows to your needs
The Rust collection includes:
- CI:
cargo test,cargo clippy,cargo fmt, security audit - Release: Multi-platform binaries (Linux, macOS, Windows), crates.io, Docker, Homebrew
- Packages:
.deb,.rpm,.apkwith proper signing
The TypeScript collection includes:
- CI: Tests, type checking, ESLint, Prettier, coverage
- Release: npm publishing, GitHub releases, Docker images
- Security: npm audit, Snyk, dependency review
The Python collection includes:
- CI: Tests, Ruff, mypy, coverage
- Release: PyPI publishing, TestPyPI, GitHub releases, Docker images
- Security: pip-audit, Safety, Bandit, Semgrep
The Go collection includes:
- CI: Tests, gofmt, go vet, golangci-lint, coverage
- Release: Multi-platform binaries, GitHub releases, Docker images, Homebrew
- Security: govulncheck, gosec, Staticcheck
Language-agnostic workflows useful for any project:
- Semgrep - Static analysis for bugs and security vulnerabilities
- SonarQube - Code quality and security analysis
- Code Climate - Maintainability and test coverage tracking
- Trivy - Container image vulnerability scanning
- Syft - Software Bill of Materials (SBOM) generation
- OSV Scanner - OSV database vulnerability detection
- Docker Build & Publish - Single and multi-architecture Docker builds
- Container Scan - Security scanning of container images
- Container Structure - Validate container structure and content
- Docker Metadata - Generate version tags and labels
- Terraform - Linting, planning, and applying Terraform changes
- CloudFormation - Template validation and stack management
- Kubernetes - Manifest validation and cluster deployments
- Flyway - Version-controlled database migrations
- Liquibase - Database schema changes and rollbacks
- Playwright - Cross-browser end-to-end testing
- Cypress - Frontend browser testing
- Selenium - WebDriver-based browser automation
- Bundle Size - Track JavaScript/TypeScript bundle sizes over time
- APK Size - Monitor Android APK size and content breakdown
- ReadTheDocs - Sphinx and MkDocs documentation builds
- Docusaurus - React-based documentation deployment
- VuePress - Vue-powered static site generator
- Health Check - Endpoint availability and health monitoring
- Uptime Kuma - Integration with Uptime Kuma for status pages
- Create Issue on Failure - Auto-create GitHub issues on workflow failures
- Send Email - Email notifications for workflow events
- Slack - Workflow failure/release notifications
- Discord - Rich embed notifications
- Telegram - Bot-based notifications
- Signal - Secure notifications
- Release notifications - Multi-platform release alerts
Configuration templates for quick setup:
rustfmt.toml- Code formatting configurationclippy.toml- Lint configurationdeny.toml- Cargo-deny security configuration
tsconfig.json- TypeScript compiler options.eslintrc.json- ESLint rules.prettierrc- Code formatting.npmrc- npm configuration
pyproject.toml- Modern Python project config.ruff.toml- Ruff linter configurationpytest.ini- Test configuration
.golangci.yml- Comprehensive linter configurationgo-build-cache.yml- Build cache reference
gradle.properties- Gradle build configurationsettings.gradle.kts- Gradle settingsbuild.gradle.kts- Kotlin DSL build script
See CONTRIBUTING.md for guidelines on adding new workflows or improving existing ones.
MIT License - see LICENSE for details.
Legend: β Complete | π§ In Progress | π Planned