CI/CD with GitHub Actions (Basics)
Run workflows on git events — test on PR, deploy on push, schedule backups. YAML files in `.github/workflows/`.
1 credit
Anatomy
4 itemsWorkflow
One YAML file. Top-level event triggers + jobs.Job
Runs on one runner, contains steps. Jobs run in parallel unless `needs:` specified.Step
Runs a shell command (`run:`) or an Action (`uses:`).Runner
The VM (ubuntu-latest, macos-latest, windows-latest) or self-hosted.Minimal test-on-PR workflow
yaml
name: CI
on:
pull_request:
push: { branches: [main] }
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 22, cache: "npm" }
- run: npm ci
- run: npm run lint
- run: npm testCommon building blocks
6 itemsTrigger on tag
on: push: tags: ['v*']Scheduled (cron)
on: schedule: - cron: '0 9 * * 1' # Mon 9am UTCManual dispatch
on: workflow_dispatch: — adds a "Run workflow" buttonMatrix build
strategy: matrix: node: [20, 22] — runs each combinationSecrets
\${{ secrets.DEPLOY_KEY }} — set in repo settingsArtifacts
actions/upload-artifact@v4 — persist files between jobsDeploy gotchas
- Don't ship secrets via logs — `::add-mask::` or GitHub auto-masks `secrets.*`. But a `echo $VAR` can leak.
- Use OIDC to cloud providers (AWS/GCP) instead of long-lived access keys.
- `environment:` gates + required reviewers = manual approval before prod deploy.
- Runtime limits: 6h per job, 72h per workflow. Build caches have 10GB limit.