CI/CD with GitHub Actions for Next.js and .NET - Complete Guide
Published on:
·5 min read·Author: MDS Software Solutions GroupDEVOPSMDS
CI/CD with GitHub Actions
CI/CD with GitHub Actions for Next.js and .NET#
Automating the process of building, testing, and deploying applications is the cornerstone of modern software development. GitHub Actions, built directly into the GitHub platform, enables you to create sophisticated CI/CD pipelines without configuring external tools. In this guide, we will walk through setting up complete workflows for Next.js and .NET projects - from the first commit to production deployment.
What is CI/CD?#
Continuous Integration (CI) is the practice of frequently merging code changes into the main branch of a repository. Each change is automatically verified through automated tests and build processes, enabling early detection of bugs and integration issues.
Continuous Delivery / Continuous Deployment (CD) extends CI with automated application deployment. Continuous Delivery means every change that passes tests is ready for deployment (but requires manual approval). Continuous Deployment takes it a step further - automatically deploying every change that passes the pipeline.
Benefits of implementing CI/CD:
- Faster bug detection - issues are identified immediately after each commit
- Shorter delivery times - from commit to production in minutes
- Higher code quality - automated tests and linting on every change
- Reproducibility - every deployment follows the exact same process
- Lower risk - small, frequent changes instead of large, risky deployments
GitHub Actions - Platform Overview#
GitHub Actions is a CI/CD platform integrated directly into GitHub. It offers:
- Free minutes for public repositories (unlimited) and private repositories (2,000 min/month on the Free plan)
- Hosted runners - virtual machines running Linux, Windows, and macOS
- Self-hosted runners - the ability to run workflows on your own infrastructure
- Marketplace - thousands of pre-built actions created by the community
- GitHub integration - native support for pull requests, issues, and deployments
Workflow Syntax - Anatomy of a YAML File#
Every GitHub Actions workflow is a YAML file placed in the .github/workflows/ directory. Here are the key elements of the syntax:
# .github/workflows/ci.yml
name: CI Pipeline # Workflow name
on: # Triggers
push:
branches: [main, develop] # Run on push to main/develop
pull_request:
branches: [main] # Run on PR to main
workflow_dispatch: # Allow manual triggering
env: # Environment variables (global)
NODE_VERSION: "20"
DOTNET_VERSION: "8.0.x"
jobs: # Job definitions
build: # Job name
runs-on: ubuntu-latest # Runner
timeout-minutes: 15 # Timeout
steps: # Job steps
- name: Checkout code
uses: actions/checkout@v4 # Use a pre-built action
- name: Run custom script
run: echo "Hello CI/CD!" # Run a shell command
Triggers#
GitHub Actions supports many types of triggers:
on:
push:
branches: [main, develop]
paths:
- "src/**" # Only when files in src/ change
- "!docs/**" # Ignore changes in docs/
tags:
- "v*" # Run on tags like v1.0, v2.1 etc.
pull_request:
types: [opened, synchronize, reopened]
branches: [main]
schedule:
- cron: "0 6 * * 1" # Every Monday at 6:00 AM UTC
workflow_dispatch: # Manual triggering
inputs:
environment:
description: "Target environment"
required: true
default: "staging"
type: choice
options:
- staging
- production
Jobs and Steps#
Jobs run in parallel by default. You can define dependencies between them:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm run lint
test:
runs-on: ubuntu-latest
needs: lint # Run after lint completes
steps:
- uses: actions/checkout@v4
- run: npm test
deploy:
runs-on: ubuntu-latest
needs: [lint, test] # Run after lint AND test
if: github.ref == 'refs/heads/main' # Only on main branch
steps:
- run: echo "Deploying..."
Next.js CI/CD Workflow#
The following workflow covers a complete pipeline for a Next.js application - from linting to Vercel deployment:
# .github/workflows/nextjs-ci-cd.yml
name: Next.js CI/CD
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
jobs:
# ─── Stage 1: Lint ──────────────────────────
lint:
name: Lint & Format Check
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Run ESLint
run: npm run lint
- name: Check Prettier formatting
run: npx prettier --check "src/**/*.{ts,tsx,js,jsx}"
- name: TypeScript type check
run: npx tsc --noEmit
# ─── Stage 2: Tests ─────────────────────────
test:
name: Unit & Integration Tests
runs-on: ubuntu-latest
needs: lint
timeout-minutes: 15
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Run tests with coverage
run: npm run test -- --coverage --ci
env:
CI: true
- name: Upload coverage report
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage/
retention-days: 7
# ─── Stage 3: Build ─────────────────────────
build:
name: Build Application
runs-on: ubuntu-latest
needs: test
timeout-minutes: 15
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: "npm"
- name: Install dependencies
run: npm ci
- name: Build Next.js application
run: npm run build
env:
NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_SITE_URL: ${{ secrets.NEXT_PUBLIC_SITE_URL }}
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: nextjs-build
path: .next/
retention-days: 1
# ─── Stage 4: Deploy to Vercel ──────────────
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/develop'
environment:
name: staging
url: ${{ steps.deploy.outputs.url }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Deploy to Vercel (Preview)
id: deploy
uses: amondnet/vercel-action@v25
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
scope: ${{ secrets.VERCEL_ORG_ID }}
deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main'
environment:
name: production
url: ${{ steps.deploy.outputs.url }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Deploy to Vercel (Production)
id: deploy
uses: amondnet/vercel-action@v25
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
vercel-args: "--prod"
scope: ${{ secrets.VERCEL_ORG_ID }}
.NET CI/CD Workflow#
Here is a complete pipeline for a .NET application, covering building, testing, and publishing:
# .github/workflows/dotnet-ci-cd.yml
name: .NET CI/CD
on:
push:
branches: [main, develop]
paths:
- "src/**"
- "tests/**"
- "*.sln"
- "*.csproj"
pull_request:
branches: [main]
env:
DOTNET_VERSION: "8.0.x"
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
SOLUTION_PATH: "./MyApp.sln"
jobs:
# ─── Stage 1: Build & Test ──────────────────
build-and-test:
name: Build & Test
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Restore NuGet packages
run: dotnet restore ${{ env.SOLUTION_PATH }}
- name: Build solution
run: dotnet build ${{ env.SOLUTION_PATH }} --configuration Release --no-restore
- name: Run unit tests
run: |
dotnet test ${{ env.SOLUTION_PATH }} \
--configuration Release \
--no-build \
--verbosity normal \
--collect:"XPlat Code Coverage" \
--results-directory ./test-results
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: ./test-results/
retention-days: 7
# ─── Stage 2: Code Analysis ─────────────────
code-analysis:
name: Code Analysis
runs-on: ubuntu-latest
needs: build-and-test
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Run dotnet format check
run: dotnet format ${{ env.SOLUTION_PATH }} --verify-no-changes --verbosity diagnostic
# ─── Stage 3: Publish ───────────────────────
publish:
name: Publish Application
runs-on: ubuntu-latest
needs: [build-and-test, code-analysis]
if: github.ref == 'refs/heads/main'
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Publish application
run: |
dotnet publish src/MyApp.Api/MyApp.Api.csproj \
--configuration Release \
--output ./publish \
--self-contained false \
--runtime linux-x64
- name: Upload published artifacts
uses: actions/upload-artifact@v4
with:
name: dotnet-publish
path: ./publish/
retention-days: 5
Docker Build and Push#
Building and publishing Docker images is a key element of any CD pipeline. Here is a workflow that builds an image and pushes it to GitHub Container Registry (GHCR):
# .github/workflows/docker-build.yml
name: Docker Build & Push
on:
push:
branches: [main]
tags: ["v*.*.*"]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
docker:
name: Build & Push Docker Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,prefix=
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILD_VERSION=${{ github.sha }}
Caching Dependencies#
Proper caching can reduce pipeline execution time by up to 70%. Here are strategies for different technologies:
Node.js / Next.js Cache#
- name: Setup Node.js with cache
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm" # Automatic node_modules cache
# Or manual caching for greater control:
- name: Cache Node modules
uses: actions/cache@v4
id: npm-cache
with:
path: |
~/.npm
.next/cache
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.ts', '**/*.tsx') }}
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
${{ runner.os }}-nextjs-
.NET Cache#
- name: Cache NuGet packages
uses: actions/cache@v4
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
restore-keys: |
${{ runner.os }}-nuget-
Docker Cache#
- name: Build with GitHub Actions cache
uses: docker/build-push-action@v5
with:
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
Environment Variables and Secrets#
GitHub Actions offers several levels for managing variables and secrets:
Configuration Levels#
# Workflow level (available in all jobs)
env:
APP_NAME: "my-application"
jobs:
deploy:
# Job level
env:
DEPLOY_ENV: "staging"
steps:
- name: Build
# Step level
env:
API_KEY: ${{ secrets.API_KEY }}
run: echo "Building for $APP_NAME in $DEPLOY_ENV"
Environments#
GitHub Environments allow you to define secrets and protection rules per environment:
jobs:
deploy-staging:
runs-on: ubuntu-latest
environment:
name: staging
url: https://staging.example.com
steps:
- name: Deploy
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }} # Secret from staging environment
API_KEY: ${{ secrets.API_KEY }}
run: ./deploy.sh
deploy-production:
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
needs: deploy-staging
steps:
- name: Deploy
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }} # Secret from production environment
run: ./deploy.sh
Deployment Strategies - Staging and Production#
A well-designed pipeline should support multiple environments with appropriate security gates:
# .github/workflows/deploy.yml
name: Deploy Pipeline
on:
push:
branches: [main, develop]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci && npm run build
deploy-staging:
name: Deploy to Staging
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
environment:
name: staging
url: https://staging.myapp.com
steps:
- uses: actions/checkout@v4
- name: Deploy to staging server
run: |
echo "Deploying to staging..."
# Staging deployment command
env:
DEPLOY_TOKEN: ${{ secrets.STAGING_DEPLOY_TOKEN }}
deploy-production:
name: Deploy to Production
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: production # Requires manual approval (configured in repo settings)
url: https://myapp.com
steps:
- uses: actions/checkout@v4
- name: Deploy to production
run: |
echo "Deploying to production..."
# Production deployment command
env:
DEPLOY_TOKEN: ${{ secrets.PROD_DEPLOY_TOKEN }}
- name: Notify on success
if: success()
run: |
curl -X POST "${{ secrets.SLACK_WEBHOOK }}" \
-H "Content-Type: application/json" \
-d '{"text":"Deployment to production successful! Commit: ${{ github.sha }}"}'
Branch Protection Rules and Status Checks#
Branch protection is a critical element of pipeline security. Configure it in repository settings (Settings > Branches):
Recommended rules for the main branch:
- Require pull request reviews - require at least 1-2 reviewers
- Require status checks to pass - mark the CI workflow as required
- Require branches to be up to date - enforce rebase/merge with main before merging
- Require signed commits - optional, for additional security
- Do not allow bypassing - even admins must follow the rules
Status checks integrate directly with pull requests:
# This job will appear as a required status check
jobs:
ci:
name: "CI / Build & Test" # This name will appear in PRs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm run lint
- run: npm test
- run: npm run build
Reusable Workflows#
Instead of copying configuration between repositories, create reusable workflows:
# .github/workflows/reusable-nextjs-ci.yml
name: Reusable Next.js CI
on:
workflow_call: # Allow calling from other workflows
inputs:
node-version:
description: "Node.js version"
required: false
default: "20"
type: string
run-e2e:
description: "Run E2E tests"
required: false
default: false
type: boolean
secrets:
VERCEL_TOKEN:
required: false
SONAR_TOKEN:
required: false
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: "npm"
- run: npm ci
- run: npm run lint
- run: npm test -- --ci
- name: E2E Tests
if: inputs.run-e2e
run: npx playwright test
Calling a reusable workflow:
# .github/workflows/ci.yml
name: CI
on:
pull_request:
branches: [main]
jobs:
nextjs-ci:
uses: ./.github/workflows/reusable-nextjs-ci.yml
with:
node-version: "20"
run-e2e: true
secrets:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
Matrix Builds - Testing Across Multiple Configurations#
The matrix strategy allows you to run the same job across multiple configurations simultaneously:
jobs:
test:
name: Test on Node ${{ matrix.node-version }} / ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # Don't cancel other jobs on failure
matrix:
node-version: [18, 20, 22]
os: [ubuntu-latest, windows-latest]
exclude:
- os: windows-latest
node-version: 18 # Skip this combination
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm test
test-dotnet:
name: .NET Test on ${{ matrix.dotnet-version }}
runs-on: ubuntu-latest
strategy:
matrix:
dotnet-version: ["7.0.x", "8.0.x"]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ matrix.dotnet-version }}
- run: dotnet test --configuration Release
Complete Pipeline - Next.js + .NET in a Single Repository#
If your project is a fullstack application with Next.js (frontend) and .NET (backend API), here is a combined workflow:
# .github/workflows/fullstack-ci-cd.yml
name: Fullstack CI/CD
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
# ─── Frontend (Next.js) ─────────────────────
frontend-ci:
name: Frontend CI
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- run: npm ci
- run: npm run lint
- run: npm test -- --ci
- run: npm run build
# ─── Backend (.NET) ─────────────────────────
backend-ci:
name: Backend CI
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: "8.0.x"
- run: dotnet restore
- run: dotnet build --configuration Release --no-restore
- run: dotnet test --configuration Release --no-build
# ─── Docker Build ───────────────────────────
docker-build:
name: Docker Build
needs: [frontend-ci, backend-ci]
runs-on: ubuntu-latest
if: github.event_name == 'push'
strategy:
matrix:
include:
- context: ./frontend
image: frontend
dockerfile: ./frontend/Dockerfile
- context: ./backend
image: backend
dockerfile: ./backend/Dockerfile
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: true
tags: ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ github.sha }}
cache-from: type=gha,scope=${{ matrix.image }}
cache-to: type=gha,scope=${{ matrix.image }},mode=max
# ─── Deploy ─────────────────────────────────
deploy:
name: Deploy
needs: docker-build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment: production
steps:
- name: Deploy to production
run: |
echo "Deploying frontend and backend..."
# kubectl set image deployment/frontend ...
# kubectl set image deployment/backend ...
Best Practices#
- Pin action versions - use
actions/checkout@v4instead ofactions/checkout@main - Limit permissions - set
permissionsto the minimum required level - Cache dependencies - use
actions/cacheor built-in caching insetup-node/setup-dotnet - Set timeouts -
timeout-minutesprevents hung jobs from consuming resources - Filter paths - trigger workflows only when relevant files change
- Use environments - separate secrets for staging and production
- Monitor execution time - optimize pipelines that exceed 10 minutes
- Version your workflows - treat YAML files like production code
Conclusion#
GitHub Actions is a powerful CI/CD platform that, combined with Next.js and .NET, enables you to create a complete, automated pipeline from commit to production deployment. The key elements are proper caching, deployment strategies with environment separation, branch protection, and reusable workflows.
Implementing a well-designed CI/CD pipeline is an investment that pays for itself many times over - through faster deployments, higher code quality, and a more peaceful sleep for the development team.
Need professional CI/CD configuration for your project? At MDS Software Solutions Group, we design and implement advanced CI/CD pipelines for Next.js, .NET, and beyond. From simple configurations to complex, multi-environment deployments with Docker and Kubernetes - we will help you automate your entire software delivery process. Contact us to discuss your DevOps needs.
Author
MDS Software Solutions GroupTeam of programming experts specializing in modern web technologies.