- Home
- Skills
- Ancoleman
- Ai Design Components
- Writing Github Actions
writing-github-actions_skill
- Python
291
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill ancoleman/ai-design-components --skill writing-github-actions- outputs.yaml7.8 KB
- SKILL.md11.6 KB
Overview
This skill helps you author GitHub Actions workflows with correct YAML syntax, reusable workflows, composite actions, matrix builds, caching, and security best practices. It focuses on practical patterns for CI/CD, artifact management, and runner selection to deliver reliable automation for GitHub-hosted projects. Use it to speed up workflow authoring and avoid common pitfalls.
How this skill works
It inspects workflow requirements and generates YAML for workflows, reusable workflow entry points, and composite actions with proper inputs/outputs. It applies patterns for matrix builds, artifact upload/download, caching strategies, concurrency control, and secrets/permissions (including OIDC) to harden deployments. The skill produces concise examples and configuration snippets tailored to typical Node, Python, and multi-platform builds.
When to use it
- Creating CI/CD workflows for repositories hosted on GitHub
- Standardizing job logic across multiple repositories via reusable workflows
- Packaging repeated step sequences as composite actions
- Implementing matrix builds or cross-platform testing
- Optimizing build time using caching and parallel jobs
- Securing workflows with minimal permissions, OIDC, and action pinning
Best practices
- Pin actions to commit SHAs for reproducible runs and enable Dependabot for updates
- Prefer reusable workflows for full-job reuse and composite actions for step-level reuse
- Use built-in setup action caching where available; add manual caches for custom paths
- Grant minimal permissions at workflow/job level and use environment secrets for deployments
- Use concurrency groups to avoid duplicated deployments and set cancel-in-progress where appropriate
- Limit checkout depth (fetch-depth: 1) and run independent jobs in parallel to reduce duration
Example use cases
- A Node.js CI workflow with matrix across Node versions and OSes, caching npm dependencies
- A reusable build workflow consumed by multiple microservice repositories that uploads build artifacts
- A composite action to standardize project setup steps (checkout, install, cache) across repos
- A deploy job that authenticates to cloud providers via OIDC with least-privilege permissions
- A scheduled nightly workflow that builds artifacts and uploads them for downstream jobs
FAQ
Use a reusable workflow to share full job definitions and inputs/outputs across repos. Use a composite action when you need to reuse a sequence of steps inside jobs without creating separate jobs or artifacts.
How do I secure secrets and avoid long-lived credentials?
Store secrets in repository or environment secrets and prefer OIDC for cloud authentication. Minimize permissions at workflow and job level and pin actions to specific SHAs.