GitHub Actions CI/CD Pipeline for Zero-Downtime Next.js Deployments
How to build a production CI/CD pipeline with GitHub Actions that runs tests, builds Docker images, pushes to a registry, and deploys to Kubernetes with zero downtime on every merge to main.
By POINTNEXIS Team
Manual deployments are a liability. Every manual deploy is a context switch, a potential human error, and a bottleneck that limits how frequently your team can ship. A well-configured GitHub Actions pipeline removes all three.
This guide builds a complete CI/CD pipeline: lint and test on every PR, build and deploy on merge to main, with zero-downtime rolling updates to a Kubernetes cluster.
PR Workflow: Lint, Test, Type Check
The PR workflow runs on `push` events to non-main branches and `pull_request` events targeting main. It installs dependencies with `npm ci` (faster and reproducible versus `npm install`), runs `tsc --noEmit` for type checking, ESLint for linting, and your test suite in parallel using job-level parallelism.
Cache node_modules between runs using `actions/cache` keyed on `package-lock.json` hash. This cuts cold-start install time from 60-90 seconds to under 10 seconds for most projects.
Build and Push Docker Image
The deployment workflow triggers on push to main. It logs into your container registry (ECR, Docker Hub, or GitHub Container Registry), builds the Docker image tagged with the git SHA, and pushes it. Using the git SHA as the image tag gives immutable, traceable builds.
Use `docker/build-push-action` with `cache-from` pointing to the previous image for layer caching. Docker layer caching in GitHub Actions can cut build times from 3-4 minutes to under 60 seconds for stable dependency layers.
Kubernetes Rolling Deployment
After pushing the image, update the Kubernetes Deployment's image tag using `kubectl set image deployment/nextjs-app app=registry/nextjs-app:$GITHUB_SHA`. Kubernetes performs a rolling update: it spins up new pods before terminating old ones, ensuring zero downtime if pod health checks pass.
Configure `kubectl rollout status deployment/nextjs-app --timeout=5m` to wait for the rollout to complete and fail the workflow if pods do not become healthy within five minutes. This ensures failed deployments block the CI check rather than silently leaving a broken version running.
Secrets, Environments, and Rollback
Store registry credentials, kubeconfig, and app secrets as GitHub Actions secrets. Use GitHub Environments with required reviewers for production deployments — this adds a manual approval gate before the workflow runs against production infrastructure.
To rollback: `kubectl rollout undo deployment/nextjs-app` returns the previous replica set instantly. POINTNEXIS pipelines add a manual rollback workflow trigger in GitHub for one-click rollback from the Actions UI without touching the command line.