This project demonstrates a GitHub Actions workflow structure with two child workflows and one parent workflow, where the parent workflow executes after both child workflows complete.
.github/workflows/
├── child-workflow-1.yml # Child Workflow 1 - Tests
├── child-workflow-2.yml # Child Workflow 2 - Build & Security
└── parent-workflow.yml # Parent Workflow - Comprehensive CI/CD
- Purpose: Runs unit tests and generates test reports
- Jobs:
run-tests: Sets up Node.js, installs dependencies, runs tests
- Artifacts: Uploads test results to
test-results-child1 - Triggers: Can be called by other workflows or triggered on push/PR
- Purpose: Builds the application and performs security scans
- Jobs:
build: Builds the application and creates build artifactssecurity-scan: Runs security vulnerability scanning
- Artifacts:
- Uploads build artifacts to
build-artifacts-child2 - Uploads security results to
security-results-child2
- Uploads build artifacts to
- Triggers: Can be called by other workflows or triggered on push/PR
- Purpose: Orchestrates the entire CI/CD pipeline
- Execution Order:
- Parallel Execution: Runs both child workflows simultaneously
run-tests(calls child-workflow-1.yml)run-build-security(calls child-workflow-2.yml)
- Sequential Execution: After both children complete
collect-and-deploy: Collects results and performs deployment
- Parallel Execution: Runs both child workflows simultaneously
graph TD
A[Parent Workflow Triggered] --> B[Child Workflow 1: Tests]
A --> C[Child Workflow 2: Build & Security]
B --> D[Parent: Collect Results & Deploy]
C --> D
D --> E[Deployment Complete]
- Both child workflows run simultaneously for efficiency
- Each child workflow is independent and can be reused
- Parent workflow waits for both children using
needs: [run-tests, run-build-security] - Uses
if: always()to run collection job even if children fail
- Parent workflow downloads all artifacts from child workflows
- Combines and processes results from multiple sources
- Creates a final deployment package
- Checks the result status of each child workflow
- Fails the parent workflow if any required child fails
- Provides clear status reporting
The parent workflow (parent-workflow.yml) is the main entry point and will automatically trigger both child workflows when:
- Code is pushed to
mainordevelopbranches - A pull request is opened against
mainordevelopbranches
Each child workflow can also be triggered independently for testing:
- Push changes to trigger individual workflows
- Manually trigger workflows from the GitHub Actions tab
- Create a new workflow file in
.github/workflows/ - Add
workflow_calltrigger for reusability - Update the parent workflow to include the new child in the
needsarray
- To run children sequentially: Add
needsdependencies between child workflows - To add more parent jobs: Create additional jobs with appropriate
needsdependencies
- Modularity: Each workflow has a specific purpose and can be maintained independently
- Reusability: Child workflows can be called by multiple parent workflows
- Parallel Execution: Improves overall pipeline performance
- Clear Dependencies: Easy to understand execution order and dependencies
- Artifact Management: Centralized collection and processing of build artifacts
- Error Handling: Robust error checking and reporting
This pattern is useful for:
- Complex CI/CD Pipelines: Where different teams manage different parts
- Multi-Environment Deployments: Running tests in parallel before deployment
- Compliance Requirements: Separate security and quality checks
- Large Monorepos: Different workflows for different components