GHA Cheatsheet

Top patterns.

Overview

GitHub Actions is the CI/CD platform that lives inside GitHub itself. Five primitives carry most operational use: YAML workflows, triggers, matrix builds, marketplace actions, and secrets with OIDC for short-lived cloud credentials. The integration with the rest of GitHub (PRs, issues, releases) is what makes it the default for repos that already live there.

• YAML workflows. .github/workflows/*.yml defines pipelines. Version-controlled CI from day one.
• Triggers. push, pull_request, schedule, workflow_dispatch. Right trigger per use case.
• Matrix builds. Multi-OS, multi-version, multi-dependency parallel coverage in one workflow.
• Marketplace actions plus OIDC. Reusable actions from GitHub and third parties; OIDC federation to AWS/GCP for short-lived credentials.

The approach

Five idioms cover most operational GHA use. Memorising them moves the team from copy-paste to confident workflow authoring.

• actions/checkout@v4. Standard checkout. Pin versions for reproducibility.
• matrix.os: [ubuntu-latest, macos-latest]. Multi-platform coverage in one matrix block.
• if: failure(). Conditional cleanup steps. Predictable behaviour after failures.
• OIDC plus workflow_dispatch. aws-actions/configure-aws-credentials with OIDC removes long-lived keys; workflow_dispatch with inputs supports operational tasks.

Why this compounds

Each workflow captures testing or deploy knowledge. Reusable workflows spread patterns across the org; OIDC removes a recurring credential-management problem; matrix builds extend coverage cheaply.

• Faster builds. Cached, parallel pipelines produce fast feedback. Developer wait time drops.
• Reliable releases. Tested commits produce confident releases.
• Reusable workflows. Patterns spread across repos via the org workflow library.
• Year-one investment, year-two habit. First year builds patterns. By year two, every new repo ships with workflows on day one.