home / skills / nickcrew / claude-cortex / github-actions-workflows
This skill helps you design and optimize GitHub Actions CI/CD workflows with matrix builds, reusable patterns, caching, and secure deployment.
npx playbooks add skill nickcrew/claude-cortex --skill github-actions-workflowsReview the files below or copy the command above to add this skill to your agents.
---
name: github-actions-workflows
description: GitHub Actions workflow patterns for CI/CD including matrix builds, reusable workflows, secrets management, and caching strategies. Use when setting up or optimizing GitHub Actions pipelines.
---
# GitHub Actions Workflows
Expert guidance for designing reliable, secure, and performant GitHub Actions CI/CD pipelines with patterns for matrix builds, reusable workflows, caching, and deployment automation.
## When to Use This Skill
- Setting up CI/CD pipelines with GitHub Actions from scratch
- Optimizing slow or expensive GitHub Actions workflows
- Implementing matrix builds for multi-environment testing
- Creating reusable workflows and composite actions for DRY pipelines
- Managing secrets securely across environments
- Configuring caching for dependency and build artifact reuse
- Setting up deployment workflows with staging and production gates
- Debugging failing or flaky workflow runs
- Implementing concurrency controls to prevent duplicate runs
## Quick Reference
| Task | Load reference |
| --- | --- |
| Matrix builds, reusable workflows, caching, deployment, concurrency | `skills/github-actions-workflows/references/workflow-patterns.md` |
## Core Principles
- **Structured jobs**: Break workflows into clear, distinct jobs with defined dependencies
- **DRY configuration**: Use reusable workflows and composite actions to avoid duplication
- **Security first**: Use GitHub secrets, OIDC, and minimum necessary permissions
- **Cache aggressively**: Cache dependencies, build outputs, and test fixtures
- **Trigger thoughtfully**: Configure event triggers to avoid unnecessary workflow runs
- **Document workflows**: Add comments explaining non-obvious YAML configuration
## Workflow
### 1. Design
Plan the pipeline structure before writing YAML.
- Identify trigger events (push, pull_request, schedule, workflow_dispatch)
- Map job dependencies and what can run in parallel
- Determine caching opportunities (dependencies, build outputs)
- Plan environment promotion (dev, staging, production)
### 2. Implementation
Build the pipeline incrementally.
- Start with a minimal workflow and add complexity
- Use matrix builds for multi-environment testing
- Extract reusable workflows for shared patterns
- Configure secrets management with environment protection
### 3. Optimization
Reduce runtime and cost.
- Profile workflow timing to identify bottlenecks
- Add caching for dependencies and build artifacts
- Use concurrency controls to cancel redundant runs
- Configure path filters to skip unaffected workflows
### 4. Maintenance
Keep workflows healthy over time.
- Pin action versions to specific SHAs for security
- Review and update actions regularly
- Monitor workflow runtime trends and costs
- Peer-review workflow changes before merging
## Common Mistakes
- Using `actions/checkout@main` instead of pinning to a SHA or version tag
- Not setting `permissions` block (defaults to overly broad read-write)
- Caching node_modules instead of the package manager cache directory
- Missing `concurrency` groups, leading to duplicate deploys
- Hardcoding secrets in workflow files instead of using GitHub Secrets
- Running the full test suite on every push instead of using path filters
- Not using `workflow_call` for shared CI logic across repositories
This skill provides practical GitHub Actions workflow patterns for building reliable, secure, and cost-effective CI/CD pipelines. It focuses on matrix builds, reusable workflows, secrets handling, and caching strategies to speed up pipelines and reduce duplication. The guidance is geared toward teams that need repeatable, maintainable automation for testing, building, and deploying code.
The skill inspects workflow design choices and recommends concrete YAML patterns: job splitting, matrix configurations, reusable workflow extraction, cache keys, and concurrency groups. It highlights security controls such as minimal permissions, OIDC, and proper secrets usage, and suggests optimizations like targeted triggers, path filters, and artifact caching. The result is a stepwise plan to implement, profile, and iterate on GitHub Actions pipelines.
How do I securely use cloud credentials in workflows?
Use repository or organization secrets and prefer OIDC where supported to avoid long-lived credentials. Grant minimal permissions and use environment protection rules for production deployments.
When should I extract a reusable workflow?
Extract when multiple repositories share the same build or release steps, or when you want a single place to update CI logic to maintain consistency and reduce duplication.