Guide

Concepts and learning path

Troubleshooting

Failure modes and fixes

Cheatsheet

Commands to keep handy

GitHub Actions cheatsheet

Common triggers

YAMLWhen it runs
on: pushAny push to matching branches
on: pull_requestPR opened, sync, reopen
on: scheduleCron (UTC only)
on: workflow_dispatchManual run from UI
paths: ['src/**']Only when listed paths change

Secrets and variables

# Repository secret (Settings → Secrets) env: API_KEY: ${{ secrets.MY_API_KEY }} # Repository variable (non-secret) env: REGION: ${{ vars.AWS_REGION }} # Job-level permissions permissions: contents: read packages: write

Matrix build

jobs: test: runs-on: ubuntu-latest strategy: fail-fast: false matrix: node: [18, 20, 22] steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: ${{ matrix.node }} - run: npm test

Docker build and push

- uses: docker/login-action@v3 with: registry: harbor.example.com username: ${{ secrets.HARBOR_USER }} password: ${{ secrets.HARBOR_PASS }} - uses: docker/build-push-action@v6 with: push: true tags: harbor.example.com/app:${{ github.sha }}

Cache and artifacts

FeatureTypical use
actions/cache@v4npm, pip, Gradle caches
actions/upload-artifact@v4Test reports, binaries between jobs
actions/download-artifact@v4Consume artifact in downstream job

Job chaining

jobs: build: runs-on: ubuntu-latest steps: [...] deploy: needs: build runs-on: ubuntu-latest environment: production steps: [...]

gh CLI (local debugging)

gh run list --workflow=ci.yml gh run view RUN_ID --log gh run watch RUN_ID gh workflow run ci.yml --ref main

Useful context expressions

ExpressionDescription
github.shaCommit SHA that triggered the run
github.refBranch or tag ref
github.event.pull_request.numberPR number (on pull_request)
runner.osLinux, Windows, macOS

Pro tips