From zad-actions
Genereer een GitHub Actions workflow voor een repo die zad-actions deploy/cleanup gebruikt. Gebruik bij 'workflow genereren', 'hoe gebruik ik zad-actions', 'setup zad', 'integratie', 'voorbeeld workflow'.
npx claudepluginhub djimit/overheid-claude-plugins --plugin zad-actionsThis skill is limited to using the following tools:
Generate a complete GitHub Actions workflow for a repository that uses zad-actions for deployment.
Generates GitHub Actions workflows from plain English descriptions. Use for setting up CI/CD, PR checks, deployments, Docker builds, and scheduled jobs.
配置 GitHub Actions 工作流,包括 CI/CD 自动触发、构建、测试等。 当用户提到"配置 GitHub Actions"、"设置 CI/CD"、"添加 workflow"、"自动构建"、"自动测试"、 "github action 触发"、"workflow 配置"、"CI 流水线"、"持续集成"时使用此技能。 也适用于需要修改现有 workflow、排查 workflow 失败、或添加新的自动化流程的场景。
Writes and optimizes GitHub Actions workflows for CI/CD pipelines, triggers, jobs, steps, secrets, artifacts, and debugging runs.
Share bugs, ideas, or general feedback.
Generate a complete GitHub Actions workflow for a repository that uses zad-actions for deployment.
/generate-workflow
Or with arguments: /generate-workflow project-id=my-project component=web or /generate-workflow project-id=my-project multi-component
Gather project details. Ask the user for (or accept as arguments):
project-id (required): ZAD project identifier (e.g., regel-k4c)
component (required unless multi-component enabled): Component reference (e.g., web, api, editor)
container-registry (optional, default: ghcr.io): Container registry to use
image-name (optional, default: ${{ github.repository }}): Docker image name
Features to enable (ask the user):
wait-for-ready — wait for deployment health checkqr-code — QR code in PR comment for mobile testingcomment-on-pr — post deployment URL as PR commentclone-from — clone config from existing deployment (e.g., production)path-suffix — append a path to the deployment URL (e.g., /docs/)production-deploy — add production deploy job on push to mainmulti-component — deploy multiple components in a single atomic API call (uses components JSON input instead of component/image)scheduled-cleanup — add a weekly scheduled cleanup job for stale PR environments
Read current action inputs from deploy/action.yml, cleanup/action.yml, and scheduled-cleanup/action.yml to ensure generated workflow uses correct input names and defaults.
Generate the workflow file with the following structure:
name: Deploy
on:
pull_request:
types: [opened, synchronize, reopened, closed]
push:
branches: [main] # only if production-deploy enabled
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
if: github.event.action != 'closed'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v6
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.number }}
deploy-preview:
if: github.event_name == 'pull_request' && github.event.action != 'closed'
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write # if comment-on-pr
environment:
name: pr-${{ github.event.pull_request.number }}
url: ${{ steps.deploy.outputs.url }}
steps:
- name: Deploy to ZAD
id: deploy
uses: RijksICTGilde/zad-actions/deploy@v3
with:
api-key: ${{ secrets.ZAD_API_KEY }}
project-id: <project-id>
deployment-name: pr-${{ github.event.pull_request.number }}
component: <component>
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.number }}
If multi-component is enabled, replace the component/image inputs in the deploy step with components:
deploy-preview:
if: github.event_name == 'pull_request' && github.event.action != 'closed'
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write # if comment-on-pr
environment:
name: pr-${{ github.event.pull_request.number }}
url: ${{ steps.deploy.outputs.url }} # first component's URL
steps:
- name: Deploy to ZAD
id: deploy
uses: RijksICTGilde/zad-actions/deploy@v3
with:
api-key: ${{ secrets.ZAD_API_KEY }}
project-id: <project-id>
deployment-name: pr-${{ github.event.pull_request.number }}
components: |
[
{"name": "<component-1>", "image": "${{ env.REGISTRY }}/<image-1>:pr-${{ github.event.number }}"},
{"name": "<component-2>", "image": "${{ env.REGISTRY }}/<image-2>:pr-${{ github.event.number }}"}
]
If multi-component is enabled, use the containers JSON input in the cleanup step instead of container-org/container-name/container-tag:
cleanup-preview:
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
permissions:
deployments: write
packages: write
pull-requests: write
steps:
- name: Cleanup
uses: RijksICTGilde/zad-actions/cleanup@v3
with:
api-key: ${{ secrets.ZAD_API_KEY }}
project-id: <project-id>
deployment-name: pr-${{ github.event.pull_request.number }}
delete-github-env: 'true'
delete-github-deployments: 'true'
delete-container: 'true'
containers: |
[
{"org": "${{ github.repository_owner }}", "name": "<image-1>", "tag": "pr-${{ github.event.number }}"},
{"org": "${{ github.repository_owner }}", "name": "<image-2>", "tag": "pr-${{ github.event.number }}"}
]
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}
For single-component, use the individual container-org/container-name/container-tag inputs instead:
cleanup-preview:
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
permissions:
deployments: write
packages: write
pull-requests: write
steps:
- name: Cleanup
uses: RijksICTGilde/zad-actions/cleanup@v3
with:
api-key: ${{ secrets.ZAD_API_KEY }}
project-id: <project-id>
deployment-name: pr-${{ github.event.pull_request.number }}
delete-github-env: 'true'
delete-github-deployments: 'true'
delete-container: 'true'
container-org: ${{ github.repository_owner }}
container-name: ${{ github.event.repository.name }}
container-tag: pr-${{ github.event.number }}
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}
If scheduled-cleanup is enabled, add a separate workflow or job:
scheduled-cleanup:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
permissions:
deployments: write
packages: write
pull-requests: read
steps:
- uses: RijksICTGilde/zad-actions/scheduled-cleanup@v3
with:
api-key: ${{ secrets.ZAD_API_KEY }}
project-id: <project-id>
delete-container: true
container-org: ${{ github.repository_owner }}
container-name: ${{ github.event.repository.name }}
github-admin-token: ${{ secrets.GITHUB_ADMIN_TOKEN }}
Add concurrency: { group: scheduled-cleanup, cancel-in-progress: false } when scheduled-cleanup is included.
Add inline YAML comments explaining:
permissions: block is neededList required secrets the user must configure:
ZAD_API_KEY (always required) — ZAD Operations Manager API keyGITHUB_ADMIN_TOKEN (if delete-github-env is used) — PAT with repo admin permissionsOutput the workflow as a code block the user can copy, or write directly to .github/workflows/deploy.yml if the user confirms.
@v3 for zad-actions references (current major version)github-token input defaults to ${{ github.token }} so it doesn't need to be passed explicitlypull-requests: write permission is needed for comment-on-pr and delete-pr-commentpackages: delete permission is needed for container deletion (note: different from packages: write)https://{component}-{deployment}-{project}.rig.prd1.gn2.quattro.rijksapps.nlskip-bot-prs: 'false' to deploy/cleanup if the user wants bot PR deployments