GitHub Actions Workflows
Define automated CI/CD workflows using YAML files triggered by GitHub events like pushes, pull requests, and releases.
Description
GitHub Actions is a CI/CD platform integrated directly into GitHub that allows defining automated workflows in YAML files stored in the .github/workflows directory. Workflows are triggered by GitHub events (push, pull_request, release, schedule, workflow_dispatch) and consist of one or more jobs that run on GitHub-hosted or self-hosted runners. Each job contains a sequence of steps that execute shell commands or reusable actions.
Key features include matrix strategies for testing across multiple OS and runtime versions, service containers for integration testing (e.g., spinning up PostgreSQL alongside tests), caching with actions/cache for node_modules and build artifacts, and environment protection rules with required reviewers for production deployments. Reusable workflows and composite actions enable DRY pipeline definitions across repositories in an organization.
GitHub Actions supports OIDC-based authentication for cloud deployments (eliminating long-lived credentials), environment-scoped secrets, concurrency groups to cancel superseded runs, and artifact upload/download for sharing build outputs between jobs. The marketplace provides thousands of community actions, though security best practices dictate pinning actions to specific SHA commits rather than mutable tags to prevent supply chain attacks.
Prompt Snippet
Create a GitHub Actions workflow (.github/workflows/ci.yml) triggered on push to main and pull_request events. Define jobs for lint, test, and build running on ubuntu-latest with Node 20. Cache node_modules using actions/cache@v4 keyed on hashFiles('**/pnpm-lock.yaml'). Use service containers for PostgreSQL integration tests. Pin all third-party actions to full SHA commit hashes. Configure concurrency groups per PR to cancel stale runs, and use OIDC with aws-actions/configure-aws-credentials for deployment without static access keys.Tags
Related Terms
CI/CD Pipeline Design
Automate building, testing, and deploying code through a structured pipeline triggered by version control events.
Secrets in CI/CD
Securely store, access, and rotate sensitive credentials used in CI/CD pipelines without exposing them in code or logs.
Database Migration in CI/CD
Automate database schema changes as versioned migrations integrated into the CI/CD pipeline with rollback safety.
Container Security Scanning
Scan container images for known vulnerabilities, misconfigurations, and embedded secrets before deployment.