kjanat/github-service-containers
skills/github-service-containers/SKILL.md
Configure Docker service containers (Redis, PostgreSQL, etc.) as sidecar services in GitHub Actions workflows for integration testing. Use when adding databases, caches, or message queues to CI workflows, or debugging service container networking and health checks.
development
Updated Jun 10, 2026
$ install --global
skillsauthnpx skillsauth add kjanat/skills github-service-containersInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 10, 2026, 7:52 AM421.5s3 files scanned
SKILL.md
- name:
- github-service-containers
- description:
- Configure Docker service containers (Redis, PostgreSQL, etc.) as sidecar services in GitHub Actions workflows for integration testing. Use when adding databases, caches, or message queues to CI workflows, or debugging service container networking and health checks.
- license:
- MIT
- author:
- kjanat
- version:
- 1.0
GitHub Actions Service Containers
Run Docker containers (Redis, PostgreSQL, etc.) alongside workflow jobs for integration testing.
Not what you need? For building Docker container actions (Dockerfile + action.yml), see the
github-docker-actionskill.
Prerequisites
- Linux runners only (
ubuntu-latestor self-hosted Linux with Docker) - Service containers cannot be used inside composite actions
- Each service is created fresh per job and destroyed when the job completes
Job Type Decision Tree
Networking depends on whether your job runs in a container or on the runner:
Where does your job run?
├─ In a container (`container:` key set)
│ ├─ Hostname: service label name (e.g., `redis`, `postgres`)
│ ├─ Port mapping: NOT needed (Docker bridge network)
│ └─ See reference files → "Container Job" sections
│
└─ Directly on runner (no `container:` key)
├─ Hostname: `localhost`
├─ Port mapping: REQUIRED (e.g., `ports: ['6379:6379']`)
└─ See reference files → "Runner Job" sections
Quick Reference
| Setting | Container Job | Runner Job |
| ---------------- | ----------------------------------- | --------------------------------------------- |
| container: | Set (e.g., node:20-bookworm-slim) | Omitted |
| Service hostname | Label name (redis) | localhost |
| ports: | Not needed | Required ('6379:6379') |
| Dynamic port | N/A | ${{ job.services.<label>.ports['<port>'] }} |
| Network | Docker bridge (automatic) | Host network via mapped ports |
Minimal Service Definition
services:
redis:
image: redis
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
Service fields
| Field | Purpose |
| -------------- | ------------------------------------------------ |
| image: | Docker Hub image (or ghcr.io/... for private) |
| ports: | Host:container port mapping (runner jobs only) |
| options: | Docker --health-* flags for readiness checks |
| env: | Environment variables passed to the container |
| credentials: | username: / password: for private registries |
Port mapping syntax
| Value | Description |
| ------------- | ------------------------------------------------ |
| 8080:80 | Maps container TCP port 80 to host port 8080 |
| 8080:80/udp | Maps container UDP port 80 to host port 8080 |
| 8080/udp | Maps random host port to container UDP port 8080 |
Private Registry Authentication
services:
db:
image: ghcr.io/org/private-image:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
cache:
image: redis
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
Health Checks
Always define health checks — without them, job steps start before the service is ready.
| Service | Health command | Reference |
| ---------- | -------------------- | ----------------------------------------------------- |
| Redis | redis-cli ping | redis-service.md |
| PostgreSQL | pg_isready | postgres-service.md |
| Generic | curl -f http://... | Adapt per service |
Common health check options:
options: >-
--health-cmd "<command>"
--health-interval 10s
--health-timeout 5s
--health-retries 5
Reading Order
| Task | Files to Read | | --------------------------- | ------------------------------------ | | Add Redis to CI | SKILL.md + redis-service.md | | Add PostgreSQL to CI | SKILL.md + postgres-service.md | | Debug networking issues | SKILL.md (decision tree + quick ref) | | Add other service (generic) | SKILL.md (minimal definition) |
In This Reference
| File | Purpose | | ----------------------------------------------------- | -------------------------------------- | | redis-service.md | Redis config, health checks, test | | postgres-service.md | PostgreSQL config, health checks, test |
Gotchas
- Windows/macOS runners: Service containers are Linux-only
- Missing health checks: Steps start immediately; service may not be ready
- Port conflicts: Two services mapping the same host port fail silently
container:+ports:: Port mapping is ignored in container jobs (bridge handles it)- Dynamic ports: Omit host port (
- 6379) then read viajob.services.<label>.ports['6379'] - Composite actions: Service containers cannot be created inside composite actions
Related Skills
kjanat/statute-proxy
development
VerifiedTrustedCommunity
Use this skill whenever the user is designing, building, scaffolding, reviewing, or debugging Go-based reverse proxy or HTTP edge infrastructure, especially when they mention statute, config-as-code proxies, building an nginx replacement in Go, networking topology, TLS termination, load balancing, HTTP/2, HTTP/3, QUIC, ACME, upstream pools, middleware chains, or graceful shutdown. Trigger this skill even when the user does not explicitly name statute but is clearly working on a Go HTTP server, edge proxy, or networking infrastructure problem where the resulting artefact will be a compiled binary rather than a runtime-configured server. Also trigger when the user asks for explanations of networking protocols (HTTP/1.1, HTTP/2, HTTP/3, WebSockets, gRPC, TLS) in the context of building or operating a proxy, or when they ask about Go net/http pitfalls, transport tuning, or production-grade server defaults.
SKILL.mdUpdated May 8, 2026
kjanat/threlte
development
VerifiedTrustedCommunity
Routes Threlte questions to exact, commit-pinned docs paths and practical workflows. Use when helping with setup, debugging, or architecture across @threlte/core, @threlte/extras, @threlte/gltf, @threlte/rapier, @threlte/theatre, @threlte/xr, @threlte/flex, and @threlte/studio.
SKILL.mdUpdated Apr 18, 2026
kjanat/lightning
testing
VerifiedTrustedCommunity
Comprehensive lightning physics knowledge base derived from Rakov & Uman (2003) "Lightning: Physics and Effects". Covers discharge types, current parameters, leader/return-stroke physics, cloud electrification, protection, detection systems, atmospheric effects, and quantitative reference data. Use when answering questions about lightning physics, electromagnetic fields, thunderstorm electricity, lightning protection, or atmospheric electrical phenomena.
SKILL.mdUpdated Apr 18, 2026
kjanat/index-knowledge
development
VerifiedTrustedCommunity
Generate hierarchical AGENTS.md knowledge base for a codebase. Creates root + complexity-scored subdirectory documentation.
SKILL.mdUpdated Apr 18, 2026