· CI/CD  · 2 min read

Building a CI/CD Pipeline with GitHub Actions

Automate your build, test, and deploy workflow using GitHub Actions — lessons learned from real production pipelines.

Automate your build, test, and deploy workflow using GitHub Actions — lessons learned from real production pipelines.

My CI/CD Journey

Over the years I’ve worked with Jenkins, Bitbucket Pipelines, AWS CodePipeline, and GitHub Actions. Each has its place, but GitHub Actions has become my go-to for most projects due to its tight Git integration and massive ecosystem.

A Production-Ready Pipeline

name: CI/CD

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: maven

      - name: Build and test
        run: mvn clean verify

      - name: SonarCloud analysis
        run: mvn sonar:sonar
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: Build Docker image
        run: |
          docker build -t my-app:${{ github.sha }} .
          docker push my-registry/my-app:${{ github.sha }}

GitOps with ArgoCD

For Kubernetes deployments, I pair GitHub Actions with ArgoCD. The pipeline builds and pushes the image, then updates the Helm values — ArgoCD takes care of the rest:

  deploy:
    needs: build
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - name: Update Helm values
        run: |
          sed -i "s/tag:.*/tag: ${{ github.sha }}/" helm/values.yaml
          git config user.email "ci@jakops.dev"
          git config user.name "CI Bot"
          git commit -am "ci: update image tag to ${{ github.sha }}"
          git push

ArgoCD detects the change and syncs the cluster automatically. This is the GitOps pattern — your Git repo is the single source of truth.

Code Quality with SonarCloud

Every pipeline should include static analysis. SonarCloud integrates directly with GitHub and blocks merges on quality gate failures:

      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Best Practices I’ve Learned in Production

  • Use secrets — never hardcode credentials. Store them in Settings > Secrets.
  • Cache dependencies — use actions/cache to speed up builds significantly.
  • Keep jobs focused — separate build, test, and deploy into distinct jobs.
  • Gate on quality — SonarCloud quality gates prevent technical debt from accumulating.
  • Use reusable workflows — extract common steps into shared workflow files.
  • Tag images with commit SHA — never use latest in production.

Conclusion

A well-designed CI/CD pipeline is an investment that pays back every single day. The combination of GitHub Actions for automation, SonarCloud for quality, and ArgoCD for GitOps delivery is a powerful and maintainable stack for any team.


---
Share:
Back to Blog

Related Posts

View All Posts »
GitOps on Kubernetes with ArgoCD

GitOps on Kubernetes with ArgoCD

ArgoCD changed how I think about deployments. Here's how to set up GitOps for your Kubernetes workloads — and why you won't go back to manual kubectl applies.