This guide will help you set up the complete CI/CD pipeline for the Traktor operator in under 10 minutes.
- GitHub repository with admin access
- Docker Hub account
- Git installed locally
- Go to your GitHub repository
- Navigate to: Settings → Secrets and variables → Actions
- Click New repository secret
Add the following secrets:
| Secret Name | Value | How to Get |
|---|---|---|
DOCKER_USERNAME |
Your Docker Hub username | Your Docker Hub login username |
DOCKER_PASSWORD |
Docker Hub access token | Create at hub.docker.com → Account Settings → Security → New Access Token |
- Go to https://hub.docker.com
- Log in to your account
- Click your username → Account Settings
- Go to Security tab
- Click New Access Token
- Give it a description (e.g., "GitHub Actions")
- Set permissions: Read & Write
- Copy the token (you won't see it again!)
- Add to GitHub secrets as
DOCKER_PASSWORD
Check that these files exist in .github/workflows/:
ls -la .github/workflows/You should see:
- ✅
test.yml- Unit tests - ✅
lint.yml- Code linting - ✅
test-e2e.yml- E2E tests - ✅
build.yml- Build and push images - ✅
release.yml- Automated releases
Push any change to trigger tests:
git add .
git commit -m "test: trigger CI pipeline"
git push origin mainGo to Actions tab in GitHub and verify:
- ✅ Tests workflow runs
- ✅ Lint workflow runs
- ✅ All checks pass
Create a pull request or push to main or develop:
git checkout -b feature/test-ci
git push origin feature/test-ci
# Create PR in GitHub UIThis will trigger:
- ✅ Test workflow
- ✅ Lint workflow
- ✅ Build workflow (images NOT pushed for PRs)
Push to main branch:
git checkout main
git merge feature/test-ci
git push origin mainThis will:
- ✅ Run all tests
- ✅ Build Docker images
- ✅ Push to Docker Hub
- ✅ Generate manifests
Check Docker Hub: https://hub.docker.com/r/gdxbsv/traktor
You should see new tags:
latestmainmain-<commit-sha>
# Run tests locally
make test
# Build locally
make docker-build# Make sure you're on main branch
git checkout main
git pull origin main
# Create and push tag
git tag -a v0.0.1 -m "Release v0.0.1 - Initial release"
git push origin v0.0.1- Go to Actions tab
- Watch the Release workflow run
- It will:
- ✅ Run all tests
- ✅ Build multi-arch images (amd64, arm64)
- ✅ Generate Kubernetes manifests
- ✅ Scan for vulnerabilities
- ✅ Create GitHub Release
-
Go to Releases tab
-
You should see "Release v0.0.1"
-
It includes:
- 📄
install.yaml- Installation manifest - 📦
traktor-v0.0.1-manifests.tar.gz- All manifests - 🔒
sbom-v0.0.1.spdx.json- Software Bill of Materials - 📝 Changelog
- 🐳 Docker image info
- 📄
-
Check Docker Hub tags:
v0.0.1v0.0v0latest
# Install from release
kubectl apply -f https://github.com/GDXbsv/traktor/releases/download/v0.0.1/install.yaml
# Or using Docker image
kubectl set image deployment/traktor-controller-manager \
manager=docker.io/gdxbsv/traktor:v0.0.1 \
-n traktor-system| Workflow | Trigger | What Happens |
|---|---|---|
| Test | Push to main/develop, PRs | Run unit tests, upload coverage |
| Lint | Any push, PRs | Code quality checks |
| E2E | Any push, PRs | End-to-end tests with Kind |
| Build | Push to main/develop, PRs, tags | Build images, push if not PR |
| Release | Tag push (v*..) | Full release process |
Edit workflows and Makefile:
# In .github/workflows/*.yml
env:
REGISTRY: ghcr.io # or quay.io, gcr.io, etc.
IMAGE_NAME: your-org/traktor# In Makefile
IMG ?= ghcr.io/your-org/traktor:latestCreate new workflow file:
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run security scan
run: make security-scanEdit .github/workflows/test.yml:
- name: Run unit tests
run: make test
timeout-minutes: 10 # Add timeoutFixed! Tests now use unique namespace names.
If you still see this, run:
make test- Check secrets are set correctly
- Verify Docker Hub token hasn't expired
- Ensure token has Read & Write permissions
- Try creating a new token
- Check tag format:
v1.2.3(starts with v) - Ensure all tests passed
- Check workflow logs for errors
- Verify GitHub token permissions
Wait a few minutes - it can take time to process multi-arch builds.
Check workflow logs:
Actions → Build and Push → build-docker job → View logs
Repository → Actions tab
- View all workflow runs
- Filter by status, workflow, branch
- Download artifacts
- Re-run failed jobs
https://hub.docker.com/r/gdxbsv/traktor
- View all tags
- Check vulnerability scan
- See pull statistics
- Manage tags
https://codecov.io/gh/GDXbsv/traktor
- View coverage trends
- Compare branches
- See coverage diff on PRs
-
✅ Add Status Badges to README.md
[](https://github.com/GDXbsv/traktor/actions/workflows/test.yml)
-
✅ Set up Branch Protection
- Settings → Branches → Add rule
- Require status checks to pass
- Require tests + lint before merging
-
✅ Enable Dependabot
- Settings → Security → Dependabot
- Enable version updates
- Auto-update dependencies
-
✅ Configure Codecov
- Sign up at codecov.io
- Add repository
- Get token and add to secrets (optional)
- GitHub secrets configured (DOCKER_USERNAME, DOCKER_PASSWORD)
- Pushed code to trigger tests
- Tests workflow passed
- Build workflow pushed image to Docker Hub
- Created first release tag (v0.0.1)
- Release workflow completed
- GitHub Release created with artifacts
- Docker images available with multiple tags
- Tested installation from release
- Added status badges to README
- Set up branch protection rules
If you encounter issues:
- Check workflow logs in Actions tab
- Review
.github/workflows/README.mdfor detailed docs - Open an issue with:
- Workflow run link
- Error message
- Steps to reproduce
Congratulations! Your CI/CD pipeline is now fully configured! 🎉
Every push will be tested, linted, and built automatically. Creating a new release is as simple as pushing a tag.