GitHub Actions Cheat Sheet
Complete reference guide for GitHub Actions with interactive examples and live playground links
Workflow Basics
Workflow Structure
Basic workflow file structure
GitHub Actions
# Basic workflow file
name: CI/CD Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install dependencies
run: npm install
- name: Run tests
run: npm testWorkflow Triggers
Common workflow triggers
GitHub Actions
# Push and pull request triggers
on:
push:
branches: [ main, develop ]
paths:
- 'src/**'
- 'package.json'
pull_request:
branches: [ main ]
types: [opened, synchronize, reopened]
# Schedule trigger
on:
schedule:
- cron: '0 0 * * *' # Daily at midnight
# Manual trigger
on:
workflow_dispatch:
inputs:
environment:
description: 'Deployment environment'
required: true
default: 'staging'
type: choice
options:
- staging
- productionEnvironment Variables
Environment variable configuration
GitHub Actions
# Global environment variables
env:
NODE_ENV: production
API_URL: https://api.example.com
jobs:
build:
runs-on: ubuntu-latest
env:
DATABASE_URL: ${{ secrets.DB_URL }}
steps:
- name: Use environment variables
run: |
echo "Node environment: ${{ env.NODE_ENV }}"
echo "API URL: ${{ env.API_URL }}"
echo "Database URL: ${{ env.DATABASE_URL }}"Jobs and Steps
Job Configuration
Job configuration and dependencies
GitHub Actions
jobs:
build:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main'
timeout-minutes: 30
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
os: [ubuntu-latest, windows-latest]
steps:
- name: Build
run: npm run build
test:
runs-on: ubuntu-latest
steps:
- name: Test
run: npm test
deploy:
runs-on: ubuntu-latest
needs: [build, test]
environment: production
steps:
- name: Deploy
run: npm run deployStep Configuration
Step configuration and actions
GitHub Actions
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Run tests
run: npm test
continue-on-error: true
timeout-minutes: 10
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: build
path: dist/
if-no-files-found: errorMatrix Strategy
Matrix build strategy
GitHub Actions
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: [14.x, 16.x, 18.x]
include:
- os: ubuntu-latest
node-version: 18.x
test-command: 'npm run test:ci'
- os: windows-latest
node-version: 16.x
test-command: 'npm run test:windows'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- run: ${{ matrix.test-command }}Common Actions
Code Checkout
Code checkout actions
GitHub Actions
# Basic checkout
- uses: actions/checkout@v3
# Checkout with options
- uses: actions/checkout@v3
with:
ref: develop
fetch-depth: 0
token: ${{ secrets.PAT }}
path: custom/path
# Checkout multiple repos
- uses: actions/checkout@v3
with:
repository: owner/repo
path: repo1
- uses: actions/checkout@v3
with:
repository: owner/another-repo
path: repo2Setup Actions
Common setup actions
GitHub Actions
# Setup Node.js
- uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
# Setup Python
- uses: actions/setup-python@v4
with:
python-version: '3.10'
cache: 'pip'
# Setup Java
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
# Setup Docker
- uses: docker/setup-buildx-action@v2
# Setup GitHub CLI
- uses: actions/setup-gh@v1Deployment Actions
Common deployment actions
GitHub Actions
# Deploy to AWS
- uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# Deploy to Azure
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy to Google Cloud
- uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
# Deploy to Heroku
- uses: akhileshns/heroku-deploy@v3
with:
heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
heroku_app_name: "your-app-name"
heroku_email: "your-email@example.com"Security and Secrets
Secret Management
Secret and environment management
GitHub Actions
# Using secrets
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy with secrets
env:
API_KEY: ${{ secrets.API_KEY }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
echo "Deploying with API key: $API_KEY"
echo "Database password: $DB_PASSWORD"
# Using environment secrets
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
steps:
- name: Deploy
run: npm run deploy
env:
PROD_API_KEY: ${{ secrets.PROD_API_KEY }}Security Scanning
Security scanning actions
GitHub Actions
# CodeQL Analysis
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
# Dependency scanning
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# Container scanning
- name: Scan container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'app:latest'
format: 'table'
exit-code: '1'Permissions
Permission configuration
GitHub Actions
# Workflow permissions
permissions:
contents: read
packages: write
issues: write
pull-requests: write
# Job-level permissions
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Security scan
run: npm run security-scan
# Step-level permissions
steps:
- name: Deploy
run: npm run deploy
permissions:
contents: write
packages: writeAdvanced Features
Reusable Workflows
Reusable workflow patterns
GitHub Actions
# Call reusable workflow
jobs:
call-workflow:
uses: ./.github/workflows/reusable.yml
with:
node-version: '18'
test-command: 'npm test'
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# Define reusable workflow
name: Reusable Workflow
on:
workflow_call:
inputs:
node-version:
required: true
type: string
test-command:
required: true
type: string
secrets:
NPM_TOKEN:
required: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}Caching
Caching strategies
GitHub Actions
# Cache npm dependencies
- uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
# Cache Docker layers
- uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Cache Python packages
- uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-Artifacts and Uploads
Artifact and release management
GitHub Actions
# Upload build artifacts
- name: Upload build
uses: actions/upload-artifact@v3
with:
name: build
path: dist/
retention-days: 7
# Download artifacts
- name: Download build
uses: actions/download-artifact@v3
with:
name: build
path: dist/
# Upload to GitHub Release
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
dist/*.zip
dist/*.tar.gz
body: ${{ github.event.head_commit.message }}GitHub Actions - Interactive Developer Reference
Hover over code blocks to copy or run in live playground