home / skills / doanchienthangdev / omgkit / github-actions

github-actions skill

safe

/plugin/skills/devops/github-actions

This skill helps you implement GitHub Actions CI/CD workflows for builds, tests, and deployments across projects.

npx playbooks add skill doanchienthangdev/omgkit --skill github-actions

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

3.1 KB

---
name: Automating with GitHub Actions
description: The agent implements GitHub Actions CI/CD workflows with builds, tests, and deployments. Use when setting up continuous integration, automating deployments, creating reusable actions, or implementing security scanning.
---

# Automating with GitHub Actions

## Quick Start

```yaml
# .github/workflows/ci.yml
name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
      - run: npm ci
      - run: npm test
      - run: npm run build
```

## Features

| Feature | Description | Guide |
|---------|-------------|-------|
| Workflows | Event-driven automation pipelines | Trigger on push, PR, schedule, or manual dispatch |
| Jobs | Parallel or sequential task execution | Use `needs` for dependencies, matrix for variations |
| Actions | Reusable workflow components | Use marketplace actions or create custom composite |
| Environments | Deployment targets with protection | Configure approvals, secrets, and URLs |
| Artifacts | Build output persistence | Upload/download between jobs, retention policies |
| Caching | Dependency caching for speed | Cache npm, pip, gradle directories |

## Common Patterns

### Matrix Build

```yaml
jobs:
  test:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
        node: [18, 20, 22]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}
      - run: npm ci && npm test
```

### Deployment with Environments

```yaml
jobs:
  deploy:
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://example.com
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run build
      - name: Deploy
        run: ./deploy.sh
        env:
          DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
```

### Docker Build and Push

```yaml
jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
```

## Best Practices

| Do | Avoid |
|----|-------|
| Use concurrency groups to cancel stale runs | Hardcoding secrets in workflows |
| Cache dependencies for faster builds | Skipping security scanning |
| Use matrix strategies for cross-platform | Using deprecated action versions |
| Implement environment protection rules | Running unnecessary jobs on PRs |
| Set timeouts on long-running jobs | Ignoring workflow permissions |
| Use reusable workflows for common patterns | Self-hosted runners without security review |
| Upload test artifacts on failure | Skipping concurrency controls |

Overview

This skill automates CI/CD using GitHub Actions for JavaScript projects, including builds, tests, Docker image handling, and deployments. It provides ready-to-use workflow patterns and practical guidance to speed up setup and reduce manual steps. The focus is on reliable pipelines, reusable components, and secure deployment practices.

How this skill works

The agent generates and configures GitHub Actions workflows that run on events like push, pull_request, schedule, or manual dispatch. It sets up jobs, matrices, caching, artifact handling, and environment-based deployments, and can create Docker build-and-push pipelines and reusable composite actions. Secrets, environment protection, and concurrency are applied to make runs fast, secure, and traceable.

When to use it

Setting up continuous integration for a JavaScript project
Creating multi-platform test matrices (Node versions, OS)
Automating build and Docker image publishing to registries
Implementing deployment pipelines with protected environments and secrets
Adding caching, artifacts, and security scans to CI workflows

Best practices

Use matrix strategies to test across Node versions and OSes
Cache dependencies (npm) to reduce run times and CI costs
Group concurrency to cancel stale runs and avoid duplicate deployments
Store secrets in GitHub Secrets and never hardcode credentials in workflows
Use environment protection and approvals for production deployments
Upload logs or test artifacts on failure to speed debugging

Example use cases

Basic CI: install dependencies, run tests, and build on push and PR to main
Matrix test suite: run tests on Node 18/20/22 across Linux and macOS
Docker pipeline: build, cache, and push container images to GitHub Container Registry
Protected deploy: build and deploy to production environment using DEPLOY_TOKEN from secrets
Reusable workflow: centralize common steps (install, lint, test) for multiple repositories

FAQ

How do I speed up slow test runs?

Enable caching for node_modules or lockfile directories and use matrix caching strategies. Split long test suites into parallel jobs when possible.

Where should I store deployment credentials?

Put tokens and keys in GitHub Secrets and reference them with the secrets context. Combine them with environment protection rules for extra safety.