playbooks

home / skills / willsigmon / sigstack / github-actions-expert

github-actions-expert skill

/plugins/automation/skills/github-actions-expert

This skill helps you automate builds, tests, and deployments with GitHub Actions, optimizing workflows and leveraging reusable patterns.

npx playbooks add skill willsigmon/sigstack --skill github-actions-expert

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.3 KB
---
name: GitHub Actions Expert
description: GitHub Actions CI/CD - workflows, reusable actions, matrix builds, secrets management
allowed-tools: Read, Edit, Bash
model: sonnet
---

# GitHub Actions CI/CD Expert

Master GitHub Actions for automated builds, tests, and deployments.

## Key Advantages
- Deep GitHub integration
- Free for public repos
- 2,000 free minutes/mo (private)
- YAML-based configuration
- Extensive marketplace

## Workflow Patterns

### iOS Build & TestFlight
```yaml
name: iOS Build
on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: macos-14
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.2'
          bundler-cache: true

      - name: Install dependencies
        run: bundle exec pod install

      - name: Build & Upload
        env:
          APP_STORE_CONNECT_API_KEY: ${{ secrets.ASC_KEY }}
        run: |
          bundle exec fastlane beta
```

### Node.js CI with Caching
```yaml
name: CI
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v2
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'pnpm'

      - run: pnpm install
      - run: pnpm test
      - run: pnpm build
```

### Matrix Strategy
```yaml
jobs:
  test:
    strategy:
      matrix:
        node: [18, 20, 22]
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}
```

### Reusable Workflows
```yaml
# .github/workflows/deploy.yml
on:
  workflow_call:
    inputs:
      environment:
        required: true
        type: string
    secrets:
      DEPLOY_KEY:
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    steps:
      - run: echo "Deploying to ${{ inputs.environment }}"
```

## Secrets Management
- Repository secrets: Settings → Secrets
- Environment secrets: Per-environment isolation
- OIDC tokens: Passwordless cloud auth

## AI Integration (2026)
- GitHub Copilot in Actions: Suggest workflow improvements
- AI-powered failure diagnosis
- Predictive test selection

Use when: CI/CD pipelines, automated testing, deployment automation, GitHub-based workflows

Overview

This skill teaches practical GitHub Actions CI/CD patterns for automated builds, tests, and deployments. It covers YAML workflows, reusable actions, matrix builds, and secure secrets handling to streamline GitHub-native pipelines. The content focuses on reproducible, fast, and secure automation for TypeScript and multi-platform projects.

How this skill works

I explain common workflow recipes and what each step inspects or executes: checking out code, setting up runtimes, installing dependencies, running tests and builds, and invoking deployment steps. I show matrix strategies to run combinations of OS and runtime versions in parallel and how to call reusable workflows with inputs and required secrets. I also cover secrets management and modern authentication options like OIDC and AI-assisted improvements for diagnosing failures or optimizing test selection.

When to use it

  • When you need automated CI for pull requests and protected branches
  • When building and releasing multi-platform projects (Node, iOS, etc.)
  • When you want reusable deploy logic across multiple repositories
  • When you must run matrix tests across versions and OS combinations
  • When you require secure secrets handling or passwordless cloud auth (OIDC)

Best practices

  • Use actions/checkout and official setup actions to ensure reproducible environments
  • Cache package managers (pnpm, npm, pip) and build artifacts to speed pipelines
  • Prefer reusable workflows for shared deployment and CI logic to reduce duplication
  • Store sensitive values in repository or environment secrets and use per-environment secrets for isolation
  • Limit job concurrency and use matrix strategies judiciously to control cost and runtime

Example use cases

  • Node.js project: run unit tests across Node 18/20/22 and build artifacts using caching
  • iOS app: build on macOS runner and upload to TestFlight with an App Store Connect API key
  • Microservices: reusable deploy workflow called by service repos with a DEPLOY_KEY secret
  • Monorepo: targeted CI using predictive test selection to run only affected test suites
  • Secure cloud deploys: use OIDC to authenticate to cloud provider without long-lived credentials

FAQ

How do reusable workflows pass secrets securely?

Reusable workflows declare required secrets under workflow_call; calling workflows must supply those secrets through repo or environment secrets to avoid exposing values in logs.

When should I use a matrix vs separate jobs?

Use a matrix to run similar jobs across multiple runtimes or OSes in parallel. Use separate jobs when steps differ significantly or need distinct resource allocation or concurrency control.