This directory contains universal GitHub Actions reusable workflows for CI/CD pipeline orchestration.
| Document | Purpose |
|---|---|
| QUICKSTART.md | 5-minute setup guide |
| WORKFLOWS_README.md | Complete reference documentation |
| USAGE_EXAMPLE.md | Real-world usage examples |
All workflows are reusable (via uses: statement) and support secrets via secrets: inherit.
workflows/
├── prepare.yml # Extract build info & environment
├── build.yml # Build Docker image
├── update-vault.yml # Update vault secrets
├── deploy.yml # Deploy to ArgoCD/Spinnaker
├── notify-success.yml # Send success notification
├── notify-failure.yml # Send failure notification
├── clean-up-tag.yml # Delete staging tags
└── cicd-pipeline.yml # Main orchestrator (template)
1. Copy orchestrator to your repository:
# .github/workflows/cicd-pipeline.yml
uses: kumparan/cicd-template/.github/workflows/prepare.yml@main2. Configure secrets in GitHub (9 secrets)
3. Push a tag:
git tag v1.0.0
git push origin v1.0.0For detailed setup, see QUICKSTART.md
- ✅ BACKEND (comment-service, imagor, discovery-service, etc)
- ✅ FRONTEND (kumparan-mobile-app, web-text-editor, etc)
- ✅ DATA (search-service-data, mage-service, etc)
- ✅ QA (karate-graphql, remote-robo, etc)
- ✅ SRE (custom services)
v1.0.0 → Production (kept)
production-* → Production (kept)
staging-* → Staging (auto-deleted)
sre-* → Staging (auto-deleted)
AWS_ACCESS_KEY_ID # AWS access key
AWS_SECRET_ACCESS_KEY # AWS secret key
AWS_ACCOUNT_ID # AWS account number
AWS_DEFAULT_REGION # AWS region (us-east-1)
ARGOCD_USERNAME # ArgoCD user
ARGOCD_PASSWORD # ArgoCD password
VAULT_UPDATE_TOKEN # Vault API token
SLACK_BOT_TOKEN # Slack bot token
SLACK_WEBHOOK_URL # Slack webhook
┌─────────────────────────────────────────────────────────────┐
│ Git Tag Push │
│ (v1.0.0 | production-* | staging-* | sre-*) │
└──────────────┬──────────────────────────────────────────────┘
│
▼
┌──────────────┐
│ prepare.yml │ ◄─ Extract info, determine environment
│ │
└──────┬───────┘
│ outputs: build_tag, environment, service_name
│
┌─────────┴────────────┐
▼ ▼
┌──────────┐ ┌─────────────┐
│build.yml │ │update-vault │ ◄─ Parallel
└──────┬───┘ └──────┬──────┘
│ │
└─────────┬───────────┘
▼
┌─────────────┐
│ deploy.yml │ ◄─ Deploy to ArgoCD/Spinnaker
└──────┬──────┘
│
┌──────────────┴──────────────┐
▼ ▼
┌──────────────────┐ ┌────────────────┐
│notify-success.yml│ OR │notify-failure │
└─────────┬────────┘ └────────┬──────┘
│ │
▼ ▼
[Slack] [Slack]
│
▼
┌──────────────┐
│clean-up-tag │ ◄─ Delete tag if staging
└──────────────┘
Each reusable workflow is called with uses: and can pass inputs/secrets:
jobs:
my-job:
uses: kumparan/cicd-template/.github/workflows/prepare.yml@main
with:
project: BACKEND
secrets:
VAULT_UPDATE_TOKEN: ${{ secrets.VAULT_UPDATE_TOKEN }}- New to GitHub Actions? Start with QUICKSTART.md
- Need detailed docs? Read WORKFLOWS_README.md
- Want real examples? Check USAGE_EXAMPLE.md
To update these workflows:
- Create a new branch
- Edit workflows in
.github/workflows/ - Test in your repository
- Create Pull Request to
main - Merge (all repos will pick up changes on next deployment)
Questions or issues?
- 💬 Ask in #sre-internal Slack
- 📧 Email SRE team
- 🐛 Create GitHub issue in cicd-template repo
Latest Update: April 2026
Status: Production Ready ✅