Build a GitHub Actions CI/CD Pipeline

Overview

Every serious project needs automated quality gates. In this tutorial, you'll build a GitHub Actions CI/CD pipeline that enforces code quality on every pull request and automatically deploys to Vercel when code merges to main. By the end, you'll have branch protection rules, parallel CI jobs for lint/typecheck/test/build, deployment previews on PRs, and production deploys on merge.

You'll learn how GitHub Actions workflows are structured, how to optimize CI run times with caching and parallelism, and how to configure branch protection so broken code never reaches production.

What you'll build:

A multi-job CI workflow that runs lint, typecheck, test, and build in parallel
A deployment workflow that triggers on merge to main
Branch protection rules with required status checks
Caching strategies for node_modules and Next.js build artifacts
Slack/Discord notifications on deployment success or failure

Prerequisites: A Next.js project with TypeScript, ESLint configured, a Vercel account, and a GitHub repository.

Step 1: Project Structure and Scripts

Before writing any workflow files, make sure your package.json has the scripts your CI will call. Every command your pipeline runs should be executable locally first.

The key detail: --max-warnings 0 on lint means warnings fail CI. This prevents warning debt from accumulating. Install vitest if you haven't:

Create a minimal vitest.config.ts:

Step 2: The CI Workflow

Create .github/workflows/ci.yml. This workflow runs on every push and pull request, executing four jobs in parallel:

The concurrency block is critical — it cancels in-progress runs when you push again, saving minutes on your CI budget. Each job runs independently because they don't depend on each other.

Step 3: Caching Strategy

The workflow above uses two caching layers. The setup-node action caches ~/.npm (the download cache), and we explicitly cache .next/cache for incremental builds.

For monorepos or larger projects, you can share node_modules across jobs using a dedicated install job:

This trades the overhead of cache upload/download against npm ci time. For projects with many dependencies, the cache approach wins.

Step 4: The Deploy Workflow

Create .github/workflows/deploy.yml for production deployments. This uses the Vercel CLI directly instead of Vercel's GitHub integration, giving you full control:

You need three secrets in your repository settings: VERCEL_TOKEN, VERCEL_ORG_ID, and VERCEL_PROJECT_ID. Get the token from Vercel's dashboard under Settings > Tokens. The org and project IDs come from .vercel/project.json after running vercel link locally.

Step 5: Preview Deployments on PRs

Add preview deploys so reviewers can test changes before merging:

Step 6: Branch Protection Rules

Go to your repository Settings > Branches > Add rule. Configure for main:

Require a pull request before merging — no direct pushes to main
Require status checks to pass — select Lint, Type Check, Test, and Build
Require branches to be up to date — prevents merge conflicts from breaking main
Require conversation resolution — all review comments must be resolved

You can also configure these via the GitHub CLI:

Step 7: Notifications

Add a notification step at the end of your deploy workflow. Here's Discord via webhook:

For Slack, use the slackapi/slack-github-action@v1.26 action with an incoming webhook URL.

Step 8: Optimizations and Monitoring

Matrix builds for testing across Node versions:

Workflow run time budgets — add timeouts so stuck jobs don't burn minutes:

Path filters to skip CI when only docs change:

Monitoring: GitHub provides workflow run metrics in the Actions tab. Track your p50 and p95 run times. If CI takes more than 5 minutes, investigate. Common culprits: no caching, sequential jobs that could be parallel, tests that hit real APIs.

Your pipeline is now production-grade. Every PR gets lint, typecheck, test, and build gates. Every merge to main triggers an automatic deploy. Broken code cannot reach production. This is the foundation every professional project needs.