Explain CI/CD flow and files

.github/workflows/README.md

@@ -0,0 +1,47 @@
+# CI/CD
+
+The CI/CD for this project uses [reusable Github Actions workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows).
+
+## 🧪 CI
+
+### Per app workflows
+
+Each app should have:
+
+- `ci-[app_name]`: must be created; should run linting and testing
+- `ci-[app_name]-vulnerability-scans`: calls `vulnerability-scans`
+  - Based on [ci-app-vulnerability-scans](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-app-vulnerability-scans.yml)
+
+### App-agnostic workflows
+
+- [`ci-docs`](./ci-docs.yml): runs markdown linting on all markdown files in the file
+  - Configure in [markdownlint-config.json](./markdownlint-config.json)
+- [`ci-infra`](./ci-infra.yml): run infrastructure CI checks
+
+## 🚢 CD
+
+Each app should have:
+
+- `cd-[app_name]`: deploys an application
+  - Based on [`cd-app`](https://github.com/navapbc/template-infra/blob/main/.github/workflows/cd-app.yml)
+
+The CD workflow uses these reusable workflows:
+
+- [`deploy`](./deploy.yml): deploys an application
+- [`database-migrations`](./database-migrations.yml): runs database migrations for an application
+- [`build-and-publish`](./build-and-publish.yml): builds a container image for an application and publishes it to an image repository
+
+```mermaid
+graph TD
+  cd-app
+  deploy
+  database-migrations
+  build-and-publish
+
+  cd-app-->|calls|deploy-->|calls|database-migrations-->|calls|build-and-publish
+```
+
+## ⛑️ Helper workflows
+
+- [`check-infra-auth`](./check-infra-auth.yml): verifes that the project's Github repo is able to connect to AWS
+