This documentation provides a comprehensive overview of our GitHub Actions CI/CD pipeline, explaining how the different workflows interact and work together to build, test, and release our software.
- Overview
- Workflow Relationships
- Key Components
- Workflow Documentation
- Contributing
- Glossary of CI/CD Terms
Our CI/CD pipeline is designed to automate the process of building, testing, and releasing our software across multiple platforms and architectures. The pipeline consists of four main workflows:
- Binary Builder: Builds binary executables for multiple platforms (Linux, macOS, Windows) and architectures (x64, arm64)
- Binary Testing: Tests the built binaries to ensure they function correctly on each platform
- Release Creator: Creates GitHub releases with the built and tested binaries
- Workflow Validation: Ensures that all workflows follow our security and best practices guidelines
These workflows work together to provide a seamless and automated process from code commit to software release.
The following diagram illustrates how our workflows interact with each other:
graph TD
A[Code Push/PR] --> B[Workflow Validation]
A --> C[Binary Builder]
C --> D[Binary Testing]
C --> E[Release Creator]
D --> F[Update Release Notes]
subgraph "Build Pipeline"
C
end
subgraph "Quality Assurance"
B
D
end
subgraph "Release Management"
E
F
end
classDef trigger fill:#f9f,stroke:#333,stroke-width:2px;
classDef build fill:#bbf,stroke:#333,stroke-width:2px;
classDef test fill:#bfb,stroke:#333,stroke-width:2px;
classDef release fill:#fbb,stroke:#333,stroke-width:2px;
class A trigger;
class C build;
class B,D test;
class E,F release;
- Binary Builder: Triggered on push to main/development branches or manually
- Binary Testing: Triggered after successful completion of Binary Builder
- Release Creator: Triggered after successful completion of Binary Builder on the main branch
- Workflow Validation: Triggered on pull requests that modify workflow files or manually
- Binary Builder produces binary artifacts for each platform/architecture
- Binary Testing consumes these artifacts to perform tests
- Release Creator also consumes these artifacts to create GitHub releases
Our CI/CD pipeline includes several key components:
We use matrix builds in the Binary Builder workflow to build binaries for multiple platforms and architectures in parallel:
- Linux (x64, arm64)
- macOS (x64, arm64)
- Windows (x64)
Artifacts are passed between workflows using GitHub Actions artifacts:
- Binary artifacts are uploaded by the Binary Builder workflow
- These artifacts are downloaded by the Binary Testing and Release Creator workflows
The Release Creator workflow:
- Creates GitHub releases with appropriate version tags
- Attaches binary artifacts to the release
- Generates release notes
Quality is ensured through:
- Binary testing across all supported platforms
- Workflow validation to enforce security best practices
- Automated issue creation for test failures
Detailed documentation for each workflow:
- Binary Builder: Building cross-platform binaries
- Binary Testing: Testing binary functionality
- Release Creator: Creating GitHub releases
- Workflow Validation: Ensuring workflow quality and security
For information on how to modify existing workflows or add new ones, see the Contributing Guide.
| Term | Definition |
|---|---|
| Artifact | A file or collection of files produced during the build process that is stored for later use, such as compiled binaries or test reports. |
| CI (Continuous Integration) | The practice of frequently merging code changes into a shared repository, with automated builds and tests to detect problems early. |
| CD (Continuous Delivery/Deployment) | The practice of automatically deploying all code changes to a testing or production environment after the build stage. |
| GitHub Actions | GitHub's built-in CI/CD platform that allows automation of software workflows directly in a GitHub repository. |
| Workflow | A configurable automated process made up of one or more jobs, defined in YAML files in the .github/workflows directory. |
| Job | A set of steps in a workflow that execute on the same runner (virtual machine). |
| Step | An individual task that can run commands or actions within a job. |
| Runner | A server that runs GitHub Actions workflows, either GitHub-hosted or self-hosted. |
| Action | A reusable unit of code that can be used in workflows, either from the GitHub Marketplace or custom-built. |
| Matrix Build | A strategy that allows running multiple jobs with different configurations in parallel. |
| Environment Variables | Variables that are set in the workflow environment and can be used by steps in the workflow. |
| Secrets | Encrypted environment variables that are only exposed to selected actions. |
| Trigger | An event that causes a workflow to run, such as a push, pull request, or manual dispatch. |
| Concurrency | A feature that ensures only one workflow run with the same concurrency group runs at a time. |
| Permissions | Controls what actions a workflow can perform, following the principle of least privilege. |
| Pinned Action | An action that is referenced by its specific commit SHA rather than a tag, for security purposes. |
| Timeout | A limit on how long a job or workflow can run before it is automatically cancelled. |
| Artifact Retention | The period of time that artifacts are stored before being automatically deleted. |
| Self-hosted Runner | A runner that you host yourself, as opposed to the GitHub-hosted runners. |
| Workflow Dispatch | A manual trigger for a workflow. |