About CI/CD with GitHub Actions (Basics)

Anatomy, minimal workflow, triggers, secrets, deploy gotchas. Part of the DevTools Surf developer suite. Browse more tools in the Info / Guides collection.

Use Cases

• Developers setting up automated testing on pull requests
• DevOps engineers building deployment pipelines for staging and production
• Open-source maintainers automating release and changelog generation
• Teams adding code quality checks like linting and type checking to CI

Tips

• Study the workflow YAML anatomy before writing your first action
• Use the secrets section to safely inject API keys and credentials
• Check the deploy gotchas list for environment and artifact pitfalls

Fun Facts

• GitHub Actions was launched in October 2018 for CI/CD, just 7 months after Microsoft acquired GitHub for $7.5 billion in June 2018.
• GitHub provides 2,000 free CI/CD minutes per month for public repositories and 500 minutes for free-tier private repos.
• The GitHub Actions marketplace has over 20,000 community-built actions, from code linting to Kubernetes deployments to Slack notifications.

FAQ

What's the workflow anatomy?

File at .github/workflows/name.yml. Triggers (on:), jobs (services), steps (commands). Each step runs in a fresh VM or container.

What's a minimal useful workflow?

On push: checkout code, setup Node, npm install, npm test. Four steps cover most CI needs.

Secrets?

Set at repo or org level in Settings. Reference as ${{ secrets.NAME }}. Never echo secrets; GitHub auto-masks them in logs.

Deploy gotchas?

Permissions (give workflow access to what it needs), environment approvals (for production), and OIDC for cloud deploys instead of long-lived API keys.