github-actions-1-security-best-practices

Sub-skill of github-actions: 1. Security Best Practices (+3).

5 stars

Best use case

github-actions-1-security-best-practices is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sub-skill of github-actions: 1. Security Best Practices (+3).

Teams using github-actions-1-security-best-practices should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/1-security-best-practices/SKILL.md --create-dirs "https://raw.githubusercontent.com/vamseeachanta/workspace-hub/main/.agents/skills/_archive/operations/automation/github-actions/1-security-best-practices/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/1-security-best-practices/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How github-actions-1-security-best-practices Compares

Feature / Agentgithub-actions-1-security-best-practicesStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Sub-skill of github-actions: 1. Security Best Practices (+3).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# 1. Security Best Practices (+3)

## 1. Security Best Practices

```yaml
# Always pin action versions with SHA
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1

# Use minimum required permissions
permissions:
  contents: read
  packages: write

# Never hardcode secrets
env:
  API_KEY: ${{ secrets.API_KEY }}  # Good
  # API_KEY: "sk-1234567890"       # Never do this

# Use OIDC for cloud provider authentication
- uses: aws-actions/configure-aws-credentials@v4
  with:
    role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
```


## 2. Performance Optimization

```yaml
# Use caching aggressively
- uses: actions/cache@v4
  with:
    path: ~/.cache/pip
    key: pip-${{ hashFiles('requirements.txt') }}

# Use matrix fail-fast wisely
strategy:
  fail-fast: false  # Continue other jobs on failure

# Limit concurrent runs
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
```


## 3. Maintainability

```yaml
# Use reusable workflows
jobs:
  test:
    uses: ./.github/workflows/reusable-test.yml

# Extract common steps into composite actions
- uses: ./.github/actions/setup-project

# Use environment variables for configuration
env:
  PYTHON_VERSION: '3.11'
  NODE_VERSION: '20'
```


## 4. Error Handling

```yaml
# Use continue-on-error for non-critical steps
- name: Optional step
  continue-on-error: true
  run: optional-command

# Add timeout to prevent stuck jobs
jobs:
  build:
    timeout-minutes: 30

# Always clean up resources
- name: Cleanup
  if: always()
  run: cleanup-command
```

Related Skills

tax-filing-session-setup-with-github-tracking

5
from vamseeachanta/workspace-hub

Structured workflow for preparing and tracking a tax filing session using prepared documents, task checklist, and GitHub issue cross-referencing

tax-filing-session-setup-with-github-traceability

5
from vamseeachanta/workspace-hub

Structured workflow for setting up a multi-file tax filing session with GitHub issue tracking and prepared-file validation

github-issue-structure-for-personal-finance-tracking

5
from vamseeachanta/workspace-hub

Pattern for organizing financial analysis work across multiple repos (data/config vs. logic separation)

skill-dedup-collision-reconciliation-with-content-security-scan

5
from vamseeachanta/workspace-hub

Reconcile duplicate/colliding workspace-hub skills without losing useful content, while avoiding pre-commit skill-content security scan regressions.

github-actions-trigger-and-shell-gotchas

5
from vamseeachanta/workspace-hub

Prevent false verification gaps in GitHub Actions by checking push path filters, shell compatibility, and shared CI environment failures before concluding a workflow fix worked or failed.

github-actions-cross-platform-validation-gotchas

5
from vamseeachanta/workspace-hub

Execution-time GitHub Actions pitfalls discovered while fixing cross-platform CI workflows — path-filter non-triggers, Windows shell parsing mismatches, and job-scoped validation.

github-visual-planning-issues

5
from vamseeachanta/workspace-hub

Create review-friendly GitHub planning issues that supersede stale/seasonal issues and include source-backed image thumbnails for faster human review.

github-roadmap-anchor-reuse

5
from vamseeachanta/workspace-hub

Reuse and reopen existing roadmap/epic GitHub issues instead of fragmenting work across duplicate replacement epics; retarget children and link active issues for continuity.

github-repo-management

5
from vamseeachanta/workspace-hub

Clone, create, fork, configure, and manage GitHub repositories. Manage remotes, secrets, releases, and workflows. Works with gh CLI or falls back to git + GitHub REST API via curl.

github-pr-workflow

5
from vamseeachanta/workspace-hub

Full pull request lifecycle — create branches, commit changes, open PRs, monitor CI status, auto-fix failures, and merge. Works with gh CLI or falls back to git + GitHub REST API via curl.

github-issues

5
from vamseeachanta/workspace-hub

Create, manage, triage, and close GitHub issues. Search existing issues, add labels, assign people, and link to PRs. Works with gh CLI or falls back to git + GitHub REST API via curl.

github-issue-lifecycle-operations

5
from vamseeachanta/workspace-hub

Class-level GitHub issue lifecycle operations: issue creation, planning/execution routing, labels, evidence fields, roadmap anchors, closeout races, and visual planning.