Skip to content

Appendix A: Sample GitHub Actions Workflow YAML

This appendix provides annotated, ready-to-use GitHub Actions workflow files and composite actions implementing the pipeline architecture described throughout this whitepaper. The files reflect a production-ready modular design: each quality gate lives in its own reusable workflow under .github/workflows/, and repeated step sequences (authentication, environment setup, PR commenting, result parsing) are extracted into composite actions under .github/actions/.

All workflow files follow the conventions established in this whitepaper: Conventional Commits-compatible job naming, structured PR comment output via $GITHUB_STEP_SUMMARY and dedicated PR comment composite actions, and jq for JSON output processing.

Action version note: All uses: references in this appendix are pinned to the latest major version available at the time of writing. Newer major versions may introduce breaking changes: always review the release notes for a given action before upgrading, and validate in a non-production pipeline before promoting to protected branches. Dependabot and Renovate (Section 7) will open automated PRs when new major versions are published, providing a structured upgrade path.

The sfdx-git-delta plugin (https://github.com/scolladon/sfdx-git-delta) is used throughout for delta package generation, scoping analysis and test execution to changed files rather than the full workspace. The delta package is generated once per PR run by a dedicated reusable workflow and uploaded as a GitHub Actions artifact, then downloaded by every downstream job that needs it: code analysis, Apex tests, Jest tests, and deployment validation. This avoids the cost and inconsistency of regenerating the delta independently in each job.