Github Actions

Last updated on January 23, 2026

GitHub Actions Cheat Sheet

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.

Key Components

Workflow: An automated procedure that you add to your repository. Defined by a YAML file in .github/workflows/.
Event: A specific activity that triggers a workflow run (e.g., push, pull_request, release).
Job: A set of steps that execute on the same runner. Jobs run in parallel by default.
Step: An individual task that can run commands or actions. Steps are executed in order.
Action: A custom application that performs a complex task. Can be written in JavaScript or as a Docker container.
Runner: A server with the GitHub Actions runner application installed. Can be GitHub-hosted or self-hosted.
Artifact: Files created during a workflow that can be shared between jobs or downloaded.
Secret: An encrypted variable stored in your repository, organization, or environment.

Workflow File Structure

yaml
name: Workflow Name # Name of the workflow
on: [push, pull_request]               # Events that trigger the workflow
env:                                   # Environment variables for all jobs
  NODE_VERSION: '20'
jobs:                                  # Jobs that make up the workflow
  build-job:                           # Unique job identifier
    runs-on: ubuntu-latest             # Runner environment
    steps:                             # Steps that define the job
      - name: Checkout code            # Step name
        uses: actions/checkout@v4      # Action to use
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:                          # Input parameters for the action
          node-version: ${{ env.NODE_VERSION }}
      - name: Run tests
        run: npm test                  # Command to execute

Common Events

Event	Description	Example Configuration
`push`	Triggered on push to branches/tags	`on: push` or `on: push: branches: [main]`
`pull_request`	Triggered on PR activity	`on: pull_request: types: [opened, synchronize]`
`schedule`	Cron-based scheduling	`on: schedule: cron: '0 2 * * *'`
`workflow_dispatch`	Manual trigger from UI	`on: workflow_dispatch`
`release`	Triggered on release activity	`on: release: types: [published]`

Jobs and Runners

Runner Types: GitHub provides Ubuntu Linux, Windows, and macOS runners. Self-hosted runners can be configured on custom hardware.
Job Dependencies: Use needs to create dependencies between jobs.
Matrix Strategy: Run jobs with multiple configurations.

Actions and Marketplace

Pre-built Actions: Available in GitHub Marketplace
Common Actions:
- actions/checkout@v4: Check out your repository
- actions/setup-node@v4: Setup Node.js environment
- actions/setup-python@v5: Setup Python environment
- actions/cache@v3: Cache dependencies and build outputs
- actions/upload-artifact@v4: Upload workflow artifacts
- actions/download-artifact@v4: Download workflow artifacts

Environment Variables and Secrets

Default Variables: Automatically available (e.g., GITHUB_REPOSITORY, GITHUB_SHA, GITHUB_REF)
Custom Variables: Define at workflow, job, or step level
Secrets: Store sensitive data; access with ${{ secrets.SECRET_NAME }}
Contexts: Access runtime information with expressions like ${{ github.event_name }}

Artifacts and Caching

Artifacts: Store files between jobs with upload-artifact and download-artifact
Caching: Speed up workflows by caching dependencies.

Best Practices

Use Specific Action Versions: Pin to full commit SHA or version tag
Limit Permissions: Use permissions key to restrict token scopes
Clean Up Resources: Use post job steps for cleanup operations
Optimize Workflow Speed: Cache dependencies, use matrix for parallel jobs
Secure Secrets: Never log secrets, use GitHub secrets store

Pricing and Limits

Free Tier: 2,000 minutes/month for private repositories (500MB package storage)
Public Repositories: Unlimited minutes and runners
Self-hosted Runners: Unlimited and free
Concurrent Jobs: Up to 20 jobs on free plans, more on paid plans