GitHub Actions automates build, test, and deploy workflows triggered by repository events. Workflows are YAML files in .github/workflows/. Jobs run on GitHub-hosted (ubuntu-22.04, windows-latest) or self-hosted runners. Steps call actions (pre-built reusable units) or run shell commands. OIDC token exchange eliminates long-lived credentials for cloud deployments. Reusable workflows (workflow_call) and composite actions prevent YAML duplication across repositories.
Calling a reusable workflow from multiple workflows.
Stored service principal credentials in GitHub Secrets are a perpetual breach risk. OIDC tokens expire when the job ends, are scoped to specific branches, and require no rotation.
on: push: paths: ['src/**', 'package.json'] prevents CI from running when only docs or assets change. This saves runner minutes and reduces noise in PRs.
Build artifacts once, deploy the same artifact to each environment. Never rebuild in the deploy job — you might deploy different code than what was tested.
Sign in to share your feedback and join the discussion.