actions-cicd-practices
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Best use case
actions-cicd-practices is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Teams using actions-cicd-practices should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/actions-cicd-practices/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How actions-cicd-practices Compares
| Feature / Agent | actions-cicd-practices | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# GitHub Actions CI/CD practices
## Purpose
Guide for GitHub Actions and CI/CD workflows covering testing, building, caching, and deployment automation.
## When to use
This skill activates when:
- Creating GitHub Actions workflows
- Setting up CI/CD pipelines
- Configuring automated testing
- Optimizing workflow performance
- Managing secrets and environments
## Core structure
### Basic workflow
```yaml
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.14'
- name: Install dependencies
run: pip install -e ".[dev]"
- name: Run tests
run: pytest
```
## Python workflows
### With uv
```yaml
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync
- name: Run tests
run: uv run pytest
```
### Matrix testing
```yaml
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.14']
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: uv sync
- name: Run tests
run: uv run pytest
```
## Caching
### uv cache
```yaml
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
```
### Manual caching
```yaml
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
```
## Linting and type checking
```yaml
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync
- name: Lint with ruff
run: uv run ruff check .
- name: Type check with basedpyright
run: uv run basedpyright
```
## Code coverage
```yaml
- name: Run tests with coverage
run: uv run pytest --cov=src --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
files: ./coverage.xml
fail_ci_if_error: true
```
## Workflow optimization
### Concurrency
```yaml
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
```
### Path filters
```yaml
on:
push:
paths:
- 'src/**'
- 'tests/**'
- 'pyproject.toml'
- '.github/workflows/ci.yml'
```
### Job dependencies
```yaml
jobs:
lint:
runs-on: ubuntu-latest
steps: ...
test:
needs: lint
runs-on: ubuntu-latest
steps: ...
build:
needs: [lint, test]
runs-on: ubuntu-latest
steps: ...
```
## Secrets and environments
### Using secrets
```yaml
- name: Deploy
env:
API_KEY: ${{ secrets.API_KEY }}
run: ./deploy.sh
```
### Environment protection
```yaml
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to production
run: ./deploy.sh
```
## Release workflow
```yaml
name: Release
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # For PyPI trusted publishing
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
- name: Build package
run: uv build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
```
## Reusable workflows
### Define reusable workflow
```yaml
# .github/workflows/test-reusable.yml
name: Reusable Test
on:
workflow_call:
inputs:
python-version:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ inputs.python-version }}
```
### Use reusable workflow
```yaml
jobs:
test-3-11:
uses: ./.github/workflows/test-reusable.yml
with:
python-version: '3.14'
```
## Security
### Minimal permissions
```yaml
permissions:
contents: read
pull-requests: write
```
### Pin action versions
```yaml
# Good: Pinned to specific version
- uses: actions/checkout@v4
# Better: Pinned to commit SHA
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
```
## Checklist
- [ ] Workflow triggers appropriate
- [ ] Matrix covers required platforms/versions
- [ ] Caching configured for performance
- [ ] Secrets not exposed in logs
- [ ] Permissions minimized
- [ ] Action versions pinned
- [ ] Concurrency configured
- [ ] Path filters for efficiency
---
**Additional resources:**
- [GitHub Actions documentation](https://docs.github.com/en/actions)
- [Workflow syntax](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions)Related Skills
ado-pipeline-best-practices
Azure DevOps pipeline best practices, patterns, and industry standards
github-actions
Create and configure GitHub Actions. Use when building custom actions, setting up runners, implementing security practices, or publishing to the marketplace.
actions-pattern
Garante que novas Actions sigam o padrão de classes actions reutilizáveis do Easy Budget.
actions-debugger
GitHub Actions のワークフロー実行エラーを調査し、原因を特定して解決策を提案する。「Actions エラー」「ワークフロー失敗」「CI が落ちた」「ビルド失敗」「テスト失敗」「Actions を調べて」「CI のエラーを見て」などで起動。失敗したジョブのログを分析し、具体的な修正方法を提示。
acc-check-leaky-abstractions
Detects leaky abstractions in PHP code. Identifies implementation details exposed in interfaces, concrete returns from abstract methods, framework leakage into domain, and infrastructure concerns in application layer.
Swift iOS Design Best Practices
Comprehensive guide to UI/UX design principles, architectural patterns, and animation techniques for building high-quality iOS apps with Swift.
vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
grail-miner
This skill assists in setting up, managing, and optimizing Grail miners on Bittensor Subnet 81, handling tasks like environment configuration, R2 storage, model checkpoint management, and performance tuning.
thor-skills
An entry point and router for AI agents to manage various THOR-related cybersecurity tasks, including running scans, analyzing logs, troubleshooting, and maintenance.
vly-money
Generate crypto payment links for supported tokens and networks, manage access to X402 payment-protected content, and provide direct access to the vly.money wallet interface.
astro
This skill provides essential Astro framework patterns, focusing on server-side rendering (SSR), static site generation (SSG), middleware, and TypeScript best practices. It helps AI agents implement secure authentication, manage API routes, and debug rendering behaviors within Astro projects.
tech-blog
Generates comprehensive technical blog posts, offering detailed explanations of system internals, architecture, and implementation, either through source code analysis or document-driven research.