actions-cicd-practices
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Best use case
actions-cicd-practices is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Teams using actions-cicd-practices should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/actions-cicd-practices-majiayu000/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How actions-cicd-practices Compares
| Feature / Agent | actions-cicd-practices | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GitHub Actions CI/CD practices
## Purpose
Guide for GitHub Actions and CI/CD workflows covering testing, building, caching, and deployment automation.
## When to use
This skill activates when:
- Creating GitHub Actions workflows
- Setting up CI/CD pipelines
- Configuring automated testing
- Optimizing workflow performance
- Managing secrets and environments
## Core structure
### Basic workflow
```yaml
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.14'
- name: Install dependencies
run: pip install -e ".[dev]"
- name: Run tests
run: pytest
```
## Python workflows
### With uv
```yaml
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync
- name: Run tests
run: uv run pytest
```
### Matrix testing
```yaml
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.14']
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: uv sync
- name: Run tests
run: uv run pytest
```
## Caching
### uv cache
```yaml
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
```
### Manual caching
```yaml
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
```
## Linting and type checking
```yaml
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync
- name: Lint with ruff
run: uv run ruff check .
- name: Type check with basedpyright
run: uv run basedpyright
```
## Code coverage
```yaml
- name: Run tests with coverage
run: uv run pytest --cov=src --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
files: ./coverage.xml
fail_ci_if_error: true
```
## Workflow optimization
### Concurrency
```yaml
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
```
### Path filters
```yaml
on:
push:
paths:
- 'src/**'
- 'tests/**'
- 'pyproject.toml'
- '.github/workflows/ci.yml'
```
### Job dependencies
```yaml
jobs:
lint:
runs-on: ubuntu-latest
steps: ...
test:
needs: lint
runs-on: ubuntu-latest
steps: ...
build:
needs: [lint, test]
runs-on: ubuntu-latest
steps: ...
```
## Secrets and environments
### Using secrets
```yaml
- name: Deploy
env:
API_KEY: ${{ secrets.API_KEY }}
run: ./deploy.sh
```
### Environment protection
```yaml
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to production
run: ./deploy.sh
```
## Release workflow
```yaml
name: Release
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # For PyPI trusted publishing
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
- name: Build package
run: uv build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
```
## Reusable workflows
### Define reusable workflow
```yaml
# .github/workflows/test-reusable.yml
name: Reusable Test
on:
workflow_call:
inputs:
python-version:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ inputs.python-version }}
```
### Use reusable workflow
```yaml
jobs:
test-3-11:
uses: ./.github/workflows/test-reusable.yml
with:
python-version: '3.14'
```
## Security
### Minimal permissions
```yaml
permissions:
contents: read
pull-requests: write
```
### Pin action versions
```yaml
# Good: Pinned to specific version
- uses: actions/checkout@v4
# Better: Pinned to commit SHA
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
```
## Checklist
- [ ] Workflow triggers appropriate
- [ ] Matrix covers required platforms/versions
- [ ] Caching configured for performance
- [ ] Secrets not exposed in logs
- [ ] Permissions minimized
- [ ] Action versions pinned
- [ ] Concurrency configured
- [ ] Path filters for efficiency
---
**Additional resources:**
- [GitHub Actions documentation](https://docs.github.com/en/actions)
- [Workflow syntax](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions)Related Skills
ado-pipeline-best-practices
Azure DevOps pipeline best practices, patterns, and industry standards
vuejs-best-practices
Vue 3 and Nuxt 3 performance optimization and best practices. This skill should be used when writing, reviewing, or refactoring Vue.js code to ensure optimal performance patterns. Triggers on tasks involving Vue components, Nuxt pages, Composition API, Pinia state management, or performance improvements.
vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
vercel-ai-sdk-best-practices
Best practices for using the Vercel AI SDK in Next.js 15 applications with React Server Components and streaming capabilities.
typescript-nestjs-best-practices-cursorrules-promp-cursorrules
Apply for typescript-nestjs-best-practices-cursorrules-promp. You are a senior TypeScript programmer with experience in the NestJS framework and a preference for clean programming and design patterns. Generate code, corrections, and refactorings that comply with
supabase-postgres-best-practices
Postgres query performance optimization and runtime best practices for Supabase. Covers indexing strategies (B-tree, GIN, GiST, BRIN, composite, partial, covering), EXPLAIN ANALYZE diagnostics, connection pooling (Supavisor transaction/session modes, pool sizing), RLS performance patterns (auth.uid() subquery caching, SECURITY DEFINER bypass), concurrency control (deadlock prevention, SKIP LOCKED, advisory locks), data access optimization (N+1 elimination, keyset pagination, batch inserts, UPSERT), runtime monitoring (pg_stat_statements, VACUUM/ANALYZE), and advanced tuning (full-text search, JSONB GIN indexing). Use when writing, reviewing, or optimizing SQL queries, diagnosing slow queries with EXPLAIN, configuring connection pooling, tuning RLS performance, implementing concurrent processing, detecting unused indexes, or resolving Postgres bottlenecks. Does NOT cover schema design (ansem-db-patterns), auth/RLS policy design (supabase-auth-patterns), or TypeScript types (typescript-best-practices).
storyblok-best-practices
Comprehensive Storyblok CMS development best practices for agency developers. Covers content modeling, SDK integration (React, Vue, Nuxt, Next.js), Visual Editor configuration, field plugins, API usage, internationalization, webhooks, and deployment patterns. Triggers on tasks involving Storyblok components, Visual Editor setup, content fetching, field plugin development, or headless CMS integration.
sojustack-best-practices
Best-practice guidance for the SojuStack monorepo (NestJS + Drizzle + Better Auth + TanStack Start). Use when editing files in apps/api or apps/web, designing routes, query/form patterns, auth/transaction flows, or implementing cross-stack features.
security-best-practices
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
sc-best-practices-auto
单细胞分析最佳实践集合——目录索引自动发现,完整抓取HTML/MD与代码块
react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance pat...
python-best-practices
Python development best practices, patterns, and conventions. Use when writing Python code, reviewing .py files, discussing pytest, asyncio, type hints, pydantic, dataclasses, or Python project structure. Triggers on mentions of Python, pytest, mypy, ruff, black, FastAPI, Django, Flask.