GitHub Actions Cheat Sheet
Complete reference guide for GitHub Actions with interactive examples and live playground links
Click on any section to jump directly to it
Workflow Basics
Workflow Structure
Basic workflow file structure
GitHub Actions
# Basic workflow file
name: CI/CD Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install dependencies
run: npm install
- name: Run tests
run: npm testWorkflow Triggers
Common workflow triggers
GitHub Actions
# Push and pull request triggers
on:
push:
branches: [ main, develop ]
paths:
- 'src/**'
- 'package.json'
pull_request:
branches: [ main ]
types: [opened, synchronize, reopened]
# Schedule trigger
on:
schedule:
- cron: '0 0 * * *' # Daily at midnight
# Manual trigger
on:
workflow_dispatch:
inputs:
environment:
description: 'Deployment environment'
required: true
default: 'staging'
type: choice
options:
- staging
- productionEnvironment Variables
Environment variable configuration
GitHub Actions
# Global environment variables
env:
NODE_ENV: production
API_URL: https://api.example.com
jobs:
build:
runs-on: ubuntu-latest
env:
DATABASE_URL: ${{ secrets.DB_URL }}
steps:
- name: Use environment variables
run: |
echo "Node environment: ${{ env.NODE_ENV }}"
echo "API URL: ${{ env.API_URL }}"
echo "Database URL: ${{ env.DATABASE_URL }}"Jobs and Steps
Job Configuration
Job configuration and dependencies
GitHub Actions
jobs:
build:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main'
timeout-minutes: 30
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
os: [ubuntu-latest, windows-latest]
steps:
- name: Build
run: npm run build
test:
runs-on: ubuntu-latest
steps:
- name: Test
run: npm test
deploy:
runs-on: ubuntu-latest
needs: [build, test]
environment: production
steps:
- name: Deploy
run: npm run deployStep Configuration
Step configuration and actions
GitHub Actions
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Run tests
run: npm test
continue-on-error: true
timeout-minutes: 10
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: build
path: dist/
if-no-files-found: errorMatrix Strategy
Matrix build strategy
GitHub Actions
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: [14.x, 16.x, 18.x]
include:
- os: ubuntu-latest
node-version: 18.x
test-command: 'npm run test:ci'
- os: windows-latest
node-version: 16.x
test-command: 'npm run test:windows'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- run: ${{ matrix.test-command }}Common Actions
Code Checkout
Code checkout actions
GitHub Actions
# Basic checkout
- uses: actions/checkout@v3
# Checkout with options
- uses: actions/checkout@v3
with:
ref: develop
fetch-depth: 0
token: ${{ secrets.PAT }}
path: custom/path
# Checkout multiple repos
- uses: actions/checkout@v3
with:
repository: owner/repo
path: repo1
- uses: actions/checkout@v3
with:
repository: owner/another-repo
path: repo2Setup Actions
Common setup actions
GitHub Actions
# Setup Node.js
- uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
# Setup Python
- uses: actions/setup-python@v4
with:
python-version: '3.10'
cache: 'pip'
# Setup Java
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
# Setup Docker
- uses: docker/setup-buildx-action@v2
# Setup GitHub CLI
- uses: actions/setup-gh@v1Deployment Actions
Common deployment actions
GitHub Actions
# Deploy to AWS
- uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# Deploy to Azure
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy to Google Cloud
- uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
# Deploy to Heroku
- uses: akhileshns/heroku-deploy@v3
with:
heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
heroku_app_name: "your-app-name"
heroku_email: "your-email@example.com"Security and Secrets
Secret Management
Secret and environment management
GitHub Actions
# Using secrets
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy with secrets
env:
API_KEY: ${{ secrets.API_KEY }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
echo "Deploying with API key: $API_KEY"
echo "Database password: $DB_PASSWORD"
# Using environment secrets
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
steps:
- name: Deploy
run: npm run deploy
env:
PROD_API_KEY: ${{ secrets.PROD_API_KEY }}Security Scanning
Security scanning actions
GitHub Actions
# CodeQL Analysis
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
# Dependency scanning
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# Container scanning
- name: Scan container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'app:latest'
format: 'table'
exit-code: '1'Permissions
Permission configuration
GitHub Actions
# Workflow permissions
permissions:
contents: read
packages: write
issues: write
pull-requests: write
# Job-level permissions
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Security scan
run: npm run security-scan
# Step-level permissions
steps:
- name: Deploy
run: npm run deploy
permissions:
contents: write
packages: writeAdvanced Features
Reusable Workflows
Reusable workflow patterns
GitHub Actions
# Call reusable workflow
jobs:
call-workflow:
uses: ./.github/workflows/reusable.yml
with:
node-version: '18'
test-command: 'npm test'
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# Define reusable workflow
name: Reusable Workflow
on:
workflow_call:
inputs:
node-version:
required: true
type: string
test-command:
required: true
type: string
secrets:
NPM_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}Caching
Caching strategies
GitHub Actions
# Cache npm dependencies
- uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
# Cache Docker layers
- uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Cache Python packages
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-Artifacts and Uploads
Artifact and release management
GitHub Actions
# Upload build artifacts
- name: Upload build
uses: actions/upload-artifact@v3
with:
name: build
path: dist/
retention-days: 7
# Download artifacts
- name: Download build
uses: actions/download-artifact@v3
with:
name: build
path: dist/
# Upload to GitHub Release
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
dist/*.zip
dist/*.tar.gz
body: ${{ github.event.head_commit.message }}GitHub Actions - Interactive Developer Reference
Hover over code blocks to copy or run in live playground