CI How-To by Platform
How to do the same CI task on GitHub Actions, GitLab, CircleCI, Jenkins, and more.
Step-by-step how-tos for common CI/CD tasks - caching, secrets, matrix builds, artifacts, services, manual and scheduled triggers - shown for GitHub Actions, GitLab CI, CircleCI, Jenkins, Azure Pipelines, and Bitbucket.
GitHub Actions
Task how-tos for GitHub Actions.
CI concept mappingA cross-tool mapping of common CI concepts (matrix, cache, artifacts, secrets, services, conditionals, manual…
Contract testing vs e2eCompare contract testing and end-to-end tests honestly: contract tests are fast and isolate the API agreement…
OIDC claims referenceReference the GitHub Actions OIDC token claims (repository, ref, environment, sub, aud) you match in a cloud…
Concurrency limits by planUnderstand how GitHub plan tiers cap concurrent runner jobs, how larger runners consume more of that budget,…
macOS & Windows multipliersUnderstand why GitHub bills macOS and Windows runner minutes at a multiple of Linux, and choose the cheapest…
OS minutes multipliersUnderstand GitHub Actions minute multipliers so you budget correctly: macOS bills at 10x and Windows at 2x th…
Add a column safelyAdd a column in a zero-downtime migration by making it nullable or giving it a constant default, avoiding the…
ChatOps command helpAdd a /help response for ChatOps so users can discover available slash commands, their arguments, and require…
Codecov or Coveralls badgeAdd a code coverage badge by uploading a coverage report to Codecov or Coveralls from CI, then embedding the…
Data diff in a PRShow how a dbt change alters output data in a pull request with recce or data-diff, comparing dev models agai…
Dead-letter failed webhooksCapture webhook deliveries that fail processing in a dead-letter store so you can inspect, fix, and replay th…
Docker Hub pulls badgeAdd a Docker Hub pulls badge with the shields.io docker/pulls route so your README shows how many times your…
Force full buildGive incremental CI an escape hatch to run the full build on demand via workflow_dispatch input or a commit m…
Add a workflow status badgeAdd a GitHub Actions workflow status badge to your README by linking the built-in badge.svg endpoint for a sp…
Tabulate results in the summaryTurn raw test counts into a Markdown table on the GitHub Actions run page by parsing output in a step and app…
Latest release or tag badgeAdd a badge that always shows your latest GitHub release or tag using the shields.io github/v/release and git…
Add a combo with includeAppend an extra combination to a GitHub Actions matrix with strategy.matrix.include, adding one targeted job…
Add NOT NULL safelyAdd a NOT NULL constraint on a large table without a full-table lock by adding a validated CHECK constraint N…
Add a PR to a projectAutomatically add a new pull request or issue to a GitHub Projects board with actions/add-to-project, keeping…
pre-commit secret scanAdd a Gitleaks pre-commit hook so secrets are caught locally on staged changes before a commit is created, sh…
shields.io build badgeAdd a shields.io build status badge that reads GitHub Actions results through img.shields.io, giving you a st…
Timeout and retry verificationBound post-deploy verification in GitHub Actions with a job timeout and a bounded retry loop, so a slow or fl…
Review + approval UIGate merges on visual review by wiring a cloud tool status check into required PR checks, so a pull request c…
Add a workflow badgeShow a live pass/fail badge for a GitHub Actions workflow in your README using the badge URL, optionally filt…
Approval gate before deployAdd an approval gate to a deploy from CI/CD using a protected environment with required reviewers, pausing th…
Annotate a file and lineSurface a problem in the GitHub Actions Checks UI by emitting the ::error:: workflow command with file, line,…
Add an index concurrentlyAdd a Postgres index without blocking writes using CREATE INDEX CONCURRENTLY, which must run outside a transa…
Inference latency gateBenchmark inference latency in GitHub Actions and fail the run when p95 exceeds a threshold, so a change that…
Approval gatesAdd human approval gates to GitHub Actions deploys with protected environments, required reviewers, and a wai…
Attest build provenanceGenerate build provenance attestations when publishing from CI with actions/attest-build-provenance and id-to…
Build provenance attestationEmit signed SLSA build provenance for an artifact in GitHub Actions with actions/attest-build-provenance, rec…
Codecov PR comment & checksConfigure Codecov to post a PR comment and project and patch status checks via codecov.yml, so coverage chang…
Healthchecks for CIDefine healthcheck blocks in docker-compose.yml with test, interval, and retries so docker compose up --wait…
Custom scanner rulesDetect organization-specific tokens by adding custom regex rules to a secret scanner such as Gitleaks, matchi…
Review dependencies on PRsBlock pull requests that introduce vulnerable or disallowed-license dependencies in GitHub Actions with actio…
Approve deploys in SlackAdd deploy approvals in Slack for GitHub Actions by pausing on a protected environment and posting an approva…
detect-secrets hookWire Yelp detect-secrets into pre-commit so candidate secrets are caught on the developer machine before they…
Extra vars per comboAttach extra values to specific GitHub Actions matrix combinations with an include that matches an existing l…
cost estimate on PRsEstimate the monthly cost impact of a Terraform change in GitHub Actions with Infracost, posting a cost diff…
Composite inputs and outputsDeclare inputs and outputs on a composite action, read inputs with the inputs context, and map a step output…
npm version and downloads badgesAdd npm version and downloads badges with the shields.io npm/v and npm/dm routes, so the README reflects the…
Add OCI image labelsAdd standard OCI annotation labels (source, revision, created, version) to a container image in GitHub Action…
Add or remove labelsAdd and remove labels on a pull request programmatically with actions/github-script, calling addLabels and re…
Policy as code gatesGate CI on policy as code using Open Policy Agent and conftest, failing the build when Terraform or Kubernete…
OPA policy guardrailsEnforce platform policy on generated repos by running conftest against workflow and config files in CI, faili…
Pre and post stepsRun setup before and cleanup after a JavaScript action with the pre and post keys in action.yml, which run en…
Add required reviewersAdd required reviewers to a GitHub Actions environment so any job that targets it pauses for human sign-off b…
Coverage, version, license badgesAdd shields.io badges for coverage, package version, license, and downloads using the codecov, npm, and licen…
Add XS/S/M/L size labelsAutomatically tag pull requests with a size label from XS to XL based on lines changed using the pascalgn/siz…
PR slash commands (/deploy)Wire up comment slash commands like /deploy and /rebase on pull requests with peter-evans/slash-command-dispa…
lint and scan gateAdd static analysis gates to a Terraform pipeline with tflint for linting and tfsec, checkov, or trivy for se…
Vulnerability gatesFail a GitHub Actions build on high or critical vulnerabilities with Trivy, a common SOC 2 and PCI expectatio…
Aggregate CI statusBuild a single view of build health across repos by querying each repo latest workflow run with the GitHub AP…
Aggregate lint resultsCollect ESLint, Ruff, and other linter output into one SARIF or annotation set in GitHub Actions so all findi…
Aggregate release notesRoll up per-package changelog entries into one summary for a monorepo release using the Changesets workspace…
Aggregate SARIF resultsUpload multiple SARIF files from different analyzers to GitHub code scanning with distinct categories so all…
Alert on a long-running workflowSend an alert when a GitHub Actions job takes too long by recording the start time and posting a Slack notice…
Alert on verification failureSend a Slack alert from GitHub Actions when post-deploy verification fails, so on-call is notified with the r…
Alert on pipeline failuresAlert on pipeline failures by defining a Prometheus alerting rule on the CI failure metric and routing it thr…
Per-leg soft failuresMark experimental GitHub Actions matrix legs as non-blocking by driving continue-on-error from a matrix flag…
Allowlist findingsSuppress confirmed false positives in a secret scanner with a scoped allowlist that requires a justification…
Monorepo Sonar projectsScan a monorepo by running one SonarQube analysis per package with its own project key, or by defining module…
Canary metric analysisAnalyze canary metrics from Prometheus in CI/CD by querying success rate and latency for the new version, the…
Analyze step timingAnalyze where a workflow spends its time by reading per-step start and completion timestamps from the GitHub…
Annotate deploys on dashboardsAdd deploy annotations to Grafana and Datadog from the pipeline using their annotation APIs, so a vertical ma…
apply saved planSave a plan with terraform plan -out on the PR, upload it as an artifact, then apply that exact file after me…
ECR lifecycle policyApply an Amazon ECR lifecycle policy from CI with the aws CLI to expire untagged images and keep only the mos…
FinOps for CI/CDApply FinOps principles to CI/CD by making spend visible, attributing it to teams, and running a regular opti…
Firewall the runnerRestrict inbound and outbound traffic on self-hosted GitHub Actions runners with host and cloud firewall rule…
Least privilege tokensScope the GITHUB_TOKEN and OIDC cloud access to the minimum needed in GitHub Actions, so a compromised job ca…
Least-privilege token scopesNarrow a GitHub App installation token to specific repositories and permissions in the workflow, so each job…
Approve/update baselinesUpdate visual baselines safely with a manually triggered workflow that regenerates snapshots and commits them…
Archive logs as an artifactCollect your application and tool log files during a GitHub Actions run and upload them as a downloadable art…
Schema assertionsValidate that an API response matches a JSON Schema in GitHub Actions with ajv or jsonschema, so a shape chan…
Subdomain per previewGive each preview a stable subdomain in GitHub Actions by deriving a per-PR hostname and configuring ingress…
Reviewers and assigneesRoute dependency update PRs to the right people with reviewers and assignees in Dependabot, or reviewers and…
Assume AWS role (OIDC)Replace long-lived AWS access keys in GitHub Actions with short-lived OIDC credentials by assuming an IAM rol…
Attach SBOM/provenanceGenerate and attach an SBOM and build provenance to a container image in GitHub Actions using the sbom and pr…
Docker buildx SBOMHave Docker Buildx generate and attach an SBOM attestation to an image at build time with the --sbom flag, so…
Attach an SBOMGenerate a Software Bill of Materials with Syft in GitHub Actions and attach it to the GitHub Release, so con…
Attach release assetsUpload build outputs as GitHub Release assets in GitHub Actions by passing a files glob to softprops/action-g…
Attach failure screenshotsUpload Playwright or Cypress screenshots and traces captured when a UI test fails as a GitHub Actions artifac…
Attest build provenanceGenerate a signed SLSA provenance attestation for a pushed Docker image in CI with the attest-build-provenanc…
Attribute cost per workflowBreak GitHub Actions spend down by workflow and repository using the CSV usage report, so each team can see t…
Audit chat commandsAudit chat-triggered CI/CD actions in GitHub Actions by recording who ran each command, when, and with what a…
Audit deploymentsReview the GitHub Actions deployment history for an environment with the gh CLI, listing who deployed what an…
Audit flag changesKeep an audit trail of who changed which feature flag and when by driving flag changes through version contro…
Audit runner activityTrack what runs on your self-hosted GitHub Actions runners using the organization audit log and runner diagno…
Allow-list third-party actionsRestrict which third-party actions can run in your org or repo by switching the Actions policy to an allowed-…
Audit secret accessAudit secret usage across GitHub Actions by listing secrets with the gh CLI, grepping workflows for reference…
OIDC to AWSAuthenticate Terraform to AWS from GitHub Actions using OIDC and a short-lived assumed role, removing long-li…
OIDC to GCP/AzureFederate GitHub Actions into GCP Workload Identity or Azure with OIDC so Terraform gets short-lived credentia…
Use gh with a tokenAuthenticate the GitHub CLI in CI by exporting GH_TOKEN, so gh commands run under a GitHub App installation t…
Authenticate with a kubeconfig secretAuthenticate kubectl to any Kubernetes cluster from GitHub Actions by storing a base64 kubeconfig as a secret…
module registry authPull private Terraform modules in CI by authenticating to a private registry or Git source, using a CLI crede…
Authenticate to EKS via OIDCAuthenticate to an Amazon EKS cluster from GitHub Actions without static keys by assuming an IAM role through…
Authenticate to AWS (OIDC)Get short-lived AWS credentials in GitHub Actions via OIDC and aws-actions/configure-aws-credentials, removin…
Keyless auth to AWSAssume an AWS IAM role from GitHub Actions with aws-actions/configure-aws-credentials and OIDC, exchanging th…
Authenticate to AKSAuthenticate to an Azure Kubernetes Service cluster from GitHub Actions with azure/login via OIDC, then pull…
Azure OIDC loginLog in to Azure from GitHub Actions with passwordless OIDC by registering a federated credential on an app re…
Keyless auth to AzureSign in to Azure from GitHub Actions with azure/login and a federated identity credential on an app registrat…
Authenticate to Azure (OIDC)Log in to Azure from GitHub Actions with OIDC and azure/login, using a federated identity credential so no cl…
Keyless auth to GCPAuthenticate GitHub Actions to Google Cloud with Workload Identity Federation and google-github-actions/auth,…
Authenticate to GCP via WIFAuthenticate GitHub Actions to Google Cloud with Workload Identity Federation and OIDC, exchanging the runner…
Authenticate to GCP (WIF)Authenticate to Google Cloud from GitHub Actions using Workload Identity Federation and google-github-actions…
Authenticate to GKE via Workload IdentityAuthenticate to Google Kubernetes Engine from GitHub Actions keylessly with Workload Identity Federation, the…
GCP OIDC (WIF)Use keyless OIDC to authenticate GitHub Actions to Google Cloud with Workload Identity Federation and google-…
Keyless auth to HCP TerraformUse dynamic OIDC credentials to authenticate GitHub Actions to HCP Terraform (Terraform Cloud) so runs use a…
Auto-assign reviewersAutomatically request reviewers on a pull request from GitHub Actions using the GitHub CLI, so new PRs always…
Auto-assign PR reviewersRequest reviewers on a new pull request automatically with a CODEOWNERS file plus the kentaro-m/auto-assign-a…
Auto-comment on a PRPost an automated comment on a pull request from a workflow with actions/github-script and the built-in GITHU…
Auto-format commitRun a formatter in a GitHub Actions PR job and push the formatting changes back to the branch automatically s…
Auto notes from PRsGenerate release notes from merged pull requests using GitHub native auto-generated notes via generate_releas…
Label PRs by changed pathsApply labels to a pull request based on which files it touches using actions/labeler and a .github/labeler.ym…
Auto-label PRsAutomatically label pull requests by changed paths in GitHub Actions with actions/labeler and a labeler confi…
Auto-merge when checks passEnable native auto-merge on a pull request with gh pr merge --auto so GitHub merges it automatically once all…
Auto-merge with ghEnable auto-merge on a pull request with gh pr merge --auto so GitHub merges it, or adds it to the merge queu…
Auto-merge DependabotEnable auto-merge on Dependabot pull requests with gh pr merge --auto in a workflow, so a PR merges only afte…
Auto-merge DependabotAutomatically merge passing Dependabot pull requests in GitHub Actions by reading update metadata and calling…
Request review from teamsRequest a review from a GitHub team on a pull request from a workflow using actions/github-script and the req…
Auto-update a changelogAutomatically generate and commit changelog entries in GitHub Actions from conventional commits, so CHANGELOG…
Flux image automationConfigure Flux image automation with ImageRepository, ImagePolicy, and ImageUpdateAutomation so a new registr…
Changesets release PR botUse changesets/action to open and maintain a Version Packages PR that aggregates pending changesets; merging…
Automate release-pleaseAutomate version bumps, changelogs, and GitHub Releases in GitHub Actions with googleapis/release-please-acti…
Automate semantic-releaseAutomate version bumps, tags, changelogs, and a GitHub Release in GitHub Actions with semantic-release, which…
Automate repo onboardingAutomate onboarding by creating repos with the paved-road CI, branch protection, and CODEOWNERS applied on da…
Automate the version bumpAutomate the version bump before publishing in CI with semantic-release or npm version, deriving the next ver…
Auto-retry flaky testsRe-run only the failed tests in a Jest suite on GitHub Actions with jest.retryTimes or jest --onlyFailures, s…
Auto rollback on failed checkAutomatically roll back a release in GitHub Actions when post-deploy verification fails, using a job that run…
minRunners and maxRunnersTune ARC autoscaling with minRunners and maxRunners in the runner scale set values, so pods scale up to a cei…
EC2 autoscaling with TerraformDeploy autoscaling GitHub Actions runners on AWS EC2 with the philips-labs/terraform-aws-github-runner module…
Scale on queue depthScale self-hosted CI runners on the number of queued jobs rather than CPU, so capacity matches pending workfl…
Autoscale runners on AWSAutoscale ephemeral self-hosted GitHub Actions runners on AWS with the philips-labs terraform-aws-github-runn…
No concurrency deadlockAvoid a GitHub Actions deadlock where a queued job waits on a needs dependency that shares its concurrency gr…
Avoid caching secretsKeep credentials out of GitHub Actions caches by caching only dependency stores, scoping cached paths, and ne…
Avoid caching secretsKeep secrets out of GitHub Actions caches and artifacts so a later job or a cache restore never resurfaces cr…
Do not cancel mainCancel redundant PR runs in GitHub Actions but never cancel runs on the default branch, by making cancel-in-p…
Skip docs-only runsPrevent GitHub Actions from spending minutes on documentation-only commits with paths-ignore, while keeping r…
Pull rate limitsAuthenticate to Docker Hub in CI so Testcontainers image pulls are not throttled by anonymous rate limits, us…
Beat Docker Hub limitsAvoid Docker Hub anonymous pull rate limits in GitHub Actions by authenticating every pull with docker/login-…
Avoid Docker socket mountsNever bind-mount /var/run/docker.sock into a GitHub Actions job on a self-hosted runner; use rootless or per-…
Flaky risk from shared statePrevent tests that pass serially but fail in parallel by removing shared state, fixed ports, temp files, and…
Bound migration locksPrevent a migration from holding a lock behind a queue of blocked queries by setting lock_timeout and stateme…
Avoid partial releasesReduce the blast radius of a mid-publish failure by building all packages before publishing any, and by makin…
Handle untrusted PR codeUnderstand why pull_request_target runs with repo secrets and write permissions, and never check out or execu…
Never on public reposKeep self-hosted GitHub Actions runners off public repositories, where a forked pull request can run attacker…
Avoid blind retriesAvoid the cost of blind retries in CI, where retrying every failure masks real bugs and burns minutes, by tra…
Empty-string if gotchaAvoid the common GitHub Actions if pitfall where the string false is truthy, by comparing explicitly against…
Default-branch-only gotchaUnderstand why GitHub Actions schedule triggers only use the workflow file on the default branch, and how to…
Batched backfillBackfill a large table without a long-running transaction or bloated locks by updating in bounded batches, co…
Bake tools into the imagePre-install build tools into a self-hosted GitHub Actions runner image so jobs skip per-run setup, using a Pa…
Balance the tradeoffsUnderstand the honest tradeoffs between CI cost, carbon, and feedback speed, and choose per-workflow defaults…
Paved road tradeoffsDecide when teams take the supported paved road and when they go off-road, using a labeled escape hatch so ex…
Balance shards by timingKeep every test shard finishing at the same time in GitHub Actions by splitting on recorded durations instead…
Balance shards evenlyKeep every CI test shard finishing at the same time by splitting on recorded duration instead of file count,…
Balance shards with Knapsack ProDynamically balance test files across CI nodes with Knapsack Pro Queue Mode, which hands each node the next t…
Batch matrix combosReduce per-job startup overhead in GitHub Actions by grouping several cheap matrix combinations into one job…
Batch small CI jobsCombine many tiny CI jobs into fewer batched jobs so you stop paying repeated checkout and setup overhead, cu…
hyperfine regression gateBenchmark a CLI command in GitHub Actions with hyperfine, export JSON, and fail the job when the mean wall ti…
Benchmark DB queriesBenchmark a SQL query in GitHub Actions against a Postgres service container with pgbench, capturing latency…
Benchmark runner optionsRun the same job across several runner sizes and types, capture duration and cost, and choose the option with…
Bisect a flaky testBisect a flaky test in CI by narrowing which sibling test or which commit introduced the flakiness, using tar…
Block merge on coverage dropFail a GitHub Actions job when a pull request lowers test coverage below a threshold, then require that check…
Block fork PR secretsKeep GitHub Actions secrets out of untrusted fork pull requests by relying on the pull_request event isolatio…
Block PRs missing testsFail a pull request that changes source without touching test files or the changelog using tj-actions/changed…
Dependency reviewFail pull requests that add vulnerable or disallowed-license dependencies in GitHub Actions with actions/depe…
Block 169.254.169.254Prevent SSRF credential theft by blocking the cloud instance metadata endpoint (169.254.169.254) from GitHub…
Boot a specific simulatorBoot a chosen iOS Simulator on a GitHub Actions macOS runner with simctl, creating or selecting a device by U…
Bootstrap Flux from CIInstall Flux into a cluster and commit its own manifests to Git from a GitHub Actions job using flux bootstra…
PlanetScale branch per previewCreate a PlanetScale database branch for each preview in GitHub Actions with the pscale CLI, giving every pul…
Build a .NET app on WindowsBuild and test a .NET application on a windows-latest runner in GitHub Actions with actions/setup-dotnet, dot…
Badge for a custom metricBuild a badge that reflects a custom metric such as bundle size by computing the value in CI, writing shields…
Build C++ with MSVCCompile a C++ project with the MSVC toolchain on a windows-latest runner in GitHub Actions by importing the D…
Key on a lockfile hashUse the hashFiles expression to derive a cache key from one or more lockfiles in GitHub Actions, so the key c…
Build a CI dashboard in GrafanaBuild a Grafana dashboard for CI health with panels for build duration, success rate, and queue time, backed…
Composite action IOBundle several shell and action steps into one reusable composite GitHub Action that accepts inputs and surfa…
Build a CUDA Docker imageBuild a Docker image on an NVIDIA CUDA base in GitHub Actions, installing a matching torch build, so training…
JS actionAuthor a JavaScript-based custom GitHub Action with action.yml and the actions toolkit, read inputs, set outp…
Dashboard CI spendTurn the GitHub Actions billing API into a CI spend dashboard by pulling minutes and cost on a schedule and c…
DIY quality gateFail CI on coverage and complexity without a SaaS by scripting thresholds in GitHub Actions against a coverag…
Docker build args from secretsPass secrets into a Docker build in GitHub Actions safely using BuildKit secret mounts instead of build args,…
Docker actionPackage a custom GitHub Action as a Docker container with action.yml using runs: docker, pass inputs as args,…
Dynamic matrixGenerate a GitHub Actions job matrix at runtime from the directories that changed, using fromJSON so only aff…
Dynamic matrix from JSONGenerate a GitHub Actions matrix at runtime by having a setup job emit JSON and a downstream job read it with…
Build a flaky test dashboardSurface flaky tests by recording per-test pass and fail counts across runs into a metrics store, then ranking…
Build Flutter in CIBuild a Flutter app in CI with flutter build apk, appbundle, and ipa after setting up the Flutter SDK via sub…
Build a golden path CIDefine a paved-road CI workflow that every team gets by default, wrapping build, test, and scan into one opin…
Build a kill switchAdd a feature flag kill switch so an incident is mitigated by toggling one flag off in seconds instead of wai…
Build a Mac Catalyst appBuild an iPad app for Mac with Catalyst on a GitHub Actions runner using xcodebuild with the variant=Mac Cata…
Build a macOS app with xcodebuildBuild a macOS app on a GitHub Actions runner with xcodebuild build, targeting the platform=macOS destination…
Matrix across runner typesDrive runs-on from a matrix dimension to run one job across multiple runner types, mixing OS, architecture, a…
Matrix from JSON fileGenerate a GitHub Actions matrix at runtime from a JSON file by emitting it as a job output and consuming it…
Matrix from changed filesFan out a GitHub Actions matrix only over the packages that changed by detecting changed files in a setup job…
QEMU arch matrixUse QEMU and Buildx in GitHub Actions to build container images for amd64 and arm64 across a matrix of platfo…
Build a matrix of variantsBuild several Docker image variants (different base versions or flavors) in parallel in CI using a build matr…
Matrix of Docker platformsBuild a Docker image for amd64 and arm64 in parallel in GitHub Actions with a platform matrix that feeds dock…
Build a multi-arch imageBuild and push a multi-arch Docker image in GitHub Actions with QEMU and Buildx, producing linux/amd64 and li…
Build a multi-arch imageBuild a multi-architecture Docker image (amd64 + arm64) in GitHub Actions with QEMU and Buildx, pushing a sin…
Multi-arch build + signBuild and push a multi-arch container image with Buildx in GitHub Actions, then keylessly sign it with Cosign…
Multi-dimension matrixCombine two or more matrix dimensions in GitHub Actions to run the full cross-product of OS and version, unde…
Next.js to S3Build a static Next.js export in GitHub Actions and sync the output to an S3 bucket with the AWS CLI so each…
Build React Native in CIBuild a bare React Native app in CI for Android and iOS by installing npm dependencies and CocoaPods, then ru…
Reusable deploy pipelinePackage a full deploy pipeline as a reusable GitHub Actions workflow with an environment input, inherited sec…
Rust multi-target buildCross-build a Rust binary for several platform targets in GitHub Actions with a matrix, using cross or rustup…
Slack app for ChatOpsBuild a Slack app with interactivity for ChatOps that verifies request signatures, handles button actions, an…
TypeScript action with nccBuild a TypeScript action and bundle it with @vercel/ncc into a single dist file, so the runner has no node_m…
Build a universal binaryBuild a universal arm64 + x86_64 macOS binary on a GitHub Actions runner by passing both arches to xcodebuild…
Universal macOS binaryCombine an arm64 and an x86_64 macOS build into one universal binary in CI using lipo -create, so a single fi…
Deploy audit trailRecord a who, what, and when audit trail of every deploy in GitHub Actions using the Deployments API and stru…
Build on all three OSRun one GitHub Actions job on ubuntu-latest, macos-latest, and windows-latest at once by driving runs-on from…
Build an AMI with PackerBake a golden Amazon Machine Image with HashiCorp Packer from GitHub Actions, authenticating over OIDC and ru…
Build an Android APK/AABBuild a release Android APK or app bundle in CI by running gradlew assembleRelease or bundleRelease on a JDK-…
Build iOS with xcodebuildBuild an iOS app in CI on a macOS runner with xcodebuild, archiving the scheme and exporting an IPA using an…
Build an MSI with WiXProduce a Windows MSI installer on a windows-latest runner in GitHub Actions with the WiX Toolset, installing…
Build and archive an iOS appBuild an .xcarchive on a GitHub Actions macOS runner with xcodebuild archive, then export a signed .ipa with…
Cache dev containerBuild a dev container in GitHub Actions with the devcontainers CLI and cache its layers so repeated CI runs r…
Publish VS Code extensionPackage a VS Code extension with vsce and publish it to the Marketplace from GitHub Actions on a tag, using a…
Build & push a Docker imageBuild and push a Docker image in GitHub Actions with docker/build-push-action - log in to GHCR, set tags, and…
Push image to ECRBuild a Docker image and push it to Amazon ECR from GitHub Actions using amazon-ecr-login over OIDC, tagging…
Build and push multi-archBuild a single Docker manifest covering linux/amd64 and linux/arm64 in CI with QEMU and Buildx, then push it…
Push to ECR with OIDCBuild a Docker image and push it to Amazon ECR from GitHub Actions using OIDC to assume an IAM role, so no st…
Build and push with buildxBuild and push a container image in one GitHub Actions step with docker/setup-buildx-action and docker/build-…
Self-hosted GPU runnerRun GPU workloads in GitHub Actions on a self-hosted runner with a GPU, targeting it by label and verifying C…
Build with bakeUse docker compose bake to build all services through Buildx Bake for parallel, cache-aware image builds driv…
Build images with ComposeBuild all service images defined in docker-compose.yml in one step with docker compose build, pin the build c…
Multi-arch Docker imagesBuild and push a single Docker image for linux/amd64 and linux/arm64 in one step using docker buildx and the…
Native arm64 vs IntelPick the right macOS runner for Apple silicon or Intel builds: macos-14 and later are arm64, macos-13 is Inte…
Multi-platform prebuildsShip precompiled native Node addons for every OS and arch by building prebuilds in a GitHub Actions matrix wi…
Build on Apple SiliconRun a build on an Apple Silicon (arm64) GitHub Actions runner by selecting an M-series image such as macos-14…
nx affected in CIBuild only the packages a change touches with nx affected in GitHub Actions, using nrwl/nx-set-shas to comput…
turbo --filter in CIBuild only changed Turborepo packages in GitHub Actions with turbo run build --filter and a since ref, scopin…
nx affectedRun nx affected in CI to build, lint, and test only the projects touched by a change and their dependents, us…
Build changed packagesBuild only the affected packages in a monorepo in GitHub Actions with Turborepo filters so CI skips unchanged…
Build only changed pathsSkip unnecessary work in a large repository by building only the paths a change touched in GitHub Actions, us…
Build changed services onlyBuild Docker images only for the services that changed in a monorepo by detecting touched paths and feeding t…
Build only on path changeTrigger a GitHub Actions build only when files under a given path change, using push and pull_request paths f…
Multi-platform wheelsBuild manylinux, macOS, and Windows Python wheels across CPython versions in one GitHub Actions job using pyp…
Shrink Docker imagesShrink CI Docker images with multi-stage builds and slim base images so every pull, push, and store moves les…
Build then deploySplit a static site pipeline into a build job that produces an artifact and a deploy job that consumes it, ke…
Build with a secret mountPass a private token to a Docker build in CI without baking it into a layer, using RUN --mount=type=secret an…
Build with buildx bakeDefine multiple Docker build targets in a bake file and build them together in CI with docker/bake-action, ke…
Bump internal dependentsKeep internal package interdependencies correct by bumping dependents when a dependency releases, using the u…
Bump version and tagBump the version in package.json and push the matching git tag from GitHub Actions with npm version, configur…
Version and bust a cacheInvalidate a poisoned or stale GitHub Actions cache by bumping a version segment in the key or a CACHE_VERSIO…
Cache the perf jobCut the runtime of a GitHub Actions performance job by caching the dependency store and the headless Chrome t…
Cache a custom directoryCache any directory in GitHub Actions with actions/cache using a key built from hashFiles, so an expensive ge…
Cache a DB fixtureSpeed up CI by caching a pre-migrated, pre-seeded database dump with actions/cache, restoring it with pg_rest…
Cache the Next.js buildCache the Next.js .next/cache directory in GitHub Actions keyed on the lockfile and source, so next build reu…
Cache a Poetry virtualenvCache the Poetry-managed virtualenv in GitHub Actions by setting virtualenvs-in-project and caching .venv key…
Cache across matrix jobsShare a cache across GitHub Actions matrix legs by including the matrix value in the key, so each OS or versi…
Cache a custom directoryCache an arbitrary build or tool directory in GitHub Actions with actions/cache, keyed on the files that inva…
Cache layers to registrySpeed up Docker builds in GitHub Actions by exporting BuildKit layer cache to a registry with cache-to and ca…
Cache build outputsPersist build outputs (compiler caches, build directories) across CI runs with actions/cache so even affected…
Cache to skip recomputeCache dependency stores and build outputs in GitHub Actions so CI stops rebuilding unchanged work every run,…
Cache Ruby gemsCache installed Ruby gems in GitHub Actions by keying vendor/bundle on Gemfile.lock and configuring bundler t…
Cache Cargo registry and targetCache the Cargo registry, git index, and the target directory in GitHub Actions keyed on Cargo.lock, so Rust…
Cache ccache for C++Speed up C and C++ builds in GitHub Actions by caching the ccache directory keyed on the commit, so the compi…
Cache Chocolatey downloadsSpeed up Windows builds in GitHub Actions by caching the Chocolatey package directory with actions/cache, key…
Cache CocoaPodsCache the CocoaPods Pods directory and spec repo on a GitHub Actions macOS runner with actions/cache keyed on…
Cache Compose buildsSpeed up docker compose build in CI with BuildKit inline cache or a registry cache backend so unchanged layer…
Cache PHP depsCache the Composer download cache in GitHub Actions keyed on composer.lock, so composer install reuses previo…
Cache across test shardsShare a dependency cache across parallel test shards in GitHub Actions with a lockfile-keyed cache, so each s…
Cache dependenciesSpeed up GitHub Actions by caching package dependencies with actions/cache or the built-in cache option of se…
Cache in a custom actionAdd caching inside a composite action by calling actions/cache as a nested step, keyed on a lockfile hash so…
Cache per matrix legGive each GitHub Actions matrix leg its own cache by including a matrix value in the actions/cache key, so a…
Cache DerivedDataCache Xcode DerivedData on a GitHub Actions macOS runner with a fixed -derivedDataPath and actions/cache to r…
Cache Docker layersCache Docker build layers in GitHub Actions with Buildx and the GitHub Actions cache backend (type=gha) so un…
Docker layer cache (local)Export BuildKit layer cache to a local directory with cache-to type=local, then pair it with actions/cache to…
Cache Docker layers (registry)Cache Docker build layers to a container registry in GitHub Actions with Buildx cache-to type=registry, so la…
Docker layer cache (registry)Store Docker BuildKit layer cache in a container registry with cache-from and cache-to type=registry, sharing…
Cache layers to a registryPersist Docker build layers across CI runs with Buildx registry cache (type=registry), pushing and pulling ca…
Cache Docker layersCut Docker build time in GitHub Actions by exporting and importing BuildKit layer cache through the GitHub Ac…
Docker layer cache (gha)Speed up docker/build-push-action with the GitHub Actions cache backend using cache-from and cache-to type=gh…
Cache Docker layers (gha)Speed up Docker builds in GitHub Actions by caching layers with the type=gha backend in Buildx, reusing uncha…
Cache Docker layers (gha)Cache Docker build layers in GitHub Actions using Buildx with the gha cache backend (cache-from and cache-to…
Cache Go build & modulesSpeed up Go CI by caching the module download cache and the build cache in GitHub Actions, keyed on go.sum so…
Cache Go modulesCache Go modules and the Go build cache in GitHub Actions - let actions/setup-go cache go.sum, or cache ~/go/…
Cache Go buildsCache both the Go module download cache and the compiler build cache in GitHub Actions, keyed on go.sum, so g…
Cache Go modules and buildCache both the Go module download cache and the compiler build cache in GitHub Actions, keyed on go.sum and t…
Cache Gradle and PodsSpeed up mobile CI by caching the Gradle home and the CocoaPods Pods directory keyed on the lockfiles, so dep…
Cache GradleCache Gradle dependencies and the local build cache in GitHub Actions, either with the official setup-gradle…
Cache HomebrewSpeed up Homebrew installs on a GitHub Actions macOS runner by caching the downloads directory with actions/c…
Cache incremental buildsCache build tool output (tsc .tsbuildinfo, webpack cache, Gradle build cache) in GitHub Actions so a large re…
Cache Maven .m2Cache the Maven local repository (~/.m2/repository) in GitHub Actions, keyed on pom.xml, so Java builds skip…
Cache weights and datasetsCache large model weights and datasets between GitHub Actions runs with actions/cache keyed on a content hash…
Cache deps by lockfile hashSpeed up GitHub Actions installs by caching the npm download store keyed on hashFiles of the lockfile, with r…
Cache npm dependenciesCache the npm download cache in GitHub Actions with actions/cache keyed on the package-lock.json hash, plus a…
Remote cache for ephemeralsKeep builds fast on ephemeral runners that lose local disk by pushing dependency and build caches to a remote…
Cache pip downloadsCache the pip download cache in GitHub Actions by resolving pip cache dir and keying the cache on requirement…
Cache pip wheelsCache the pip wheel cache in GitHub Actions, keyed on requirements files, so Python CI skips rebuilding and r…
Cache Python installsCache the pip download cache, the Poetry virtualenv, or the uv cache in GitHub Actions, keyed on requirements…
Cache browser binariesCache Playwright browser downloads in GitHub Actions keyed on the Playwright version, skipping the browser in…
Cache Playwright browsersCache the Playwright browser binaries in GitHub Actions, keyed on the installed Playwright version, so e2e ru…
Cache Rust buildCache Rust dependencies and the target directory in GitHub Actions with Swatinem/rust-cache, keyed on Cargo.l…
Cache Swift Package ManagerCache resolved Swift packages on a GitHub Actions macOS runner with actions/cache keyed on Package.resolved s…
Cache imagesReduce Testcontainers pull time in CI by caching image tarballs with actions/cache and docker save/load, or b…
Cache .gradle directoryCache the Gradle user home and wrapper in GitHub Actions so Java and Kotlin builds reuse downloaded dependenc…
Cache build outputAvoid rebuilding in every job by caching the compiled output keyed on source hash, so test and deploy jobs re…
Cache Rust buildsCache the Cargo registry, git dependency cache, and the target directory in GitHub Actions, keyed on Cargo.lo…
Cache the Cypress binaryCache the Cypress binary cache (~/.cache/Cypress) in GitHub Actions keyed on the Cypress version, so end-to-e…
Cache the git repositoryCache the .git directory in GitHub Actions with actions/cache so a large repository fetches only new objects…
Cache JVM buildsCache the Maven ~/.m2 repository or the Gradle caches in GitHub Actions, keyed on pom.xml or the Gradle lockf…
Cache the Maven repoCache the local Maven repository (~/.m2/repository) in GitHub Actions keyed on the pom.xml files, so mvn buil…
Cache monorepo depsCache a workspace package store once for a whole monorepo in GitHub Actions by keying on every lockfile, so a…
Cache the pnpm storeCache the global pnpm content-addressable store in GitHub Actions keyed on pnpm-lock.yaml, so a whole workspa…
Cache the pnpm storeCache the global pnpm content-addressable store in GitHub Actions by resolving the store path with pnpm store…
Cache Rust target dirCache Cargo registry, git deps, and the target directory in GitHub Actions, keyed on Cargo.lock, so Rust CI r…
Cache the Turbo/Nx cacheCache the Turborepo (or Nx) local computation cache in GitHub Actions keyed on source and lockfile, so unchan…
Cache the uv cacheCache the uv package cache in GitHub Actions, keyed on uv.lock, so the uv Python package manager reuses its w…
Cache Yarn Berry (PnP)Cache the .yarn/cache directory for Yarn Berry (2+) Plug-n-Play in GitHub Actions, keyed on yarn.lock, so yar…
Cache Yarn (classic)Cache the Yarn 1.x global cache in GitHub Actions by resolving yarn cache dir and keying the cache on yarn.lo…
Call a workflow conditionallyGate a reusable GitHub Actions workflow behind an if condition on the calling job, so the shared pipeline onl…
Matrix of reusable callsFan out a reusable GitHub Actions workflow across a matrix by putting strategy.matrix on the caller job that…
Call from another repoReference a reusable GitHub Actions workflow that lives in a different repository with the owner/repo path sy…
Call a workflow in a matrixFan out a reusable GitHub Actions workflow across many inputs by putting a strategy.matrix on the calling job…
Call a reusable workflowInvoke a reusable GitHub Actions workflow from a caller job with uses at the job level, running the shared wo…
Cloud Run canaryRun a canary on Cloud Run from GitHub Actions by deploying a new revision with no traffic, then shifting a pe…
Cancel duplicate runsCancel superseded GitHub Actions runs on the same branch or PR using a concurrency group keyed on the ref so…
Cancel in-progress runsCancel superseded GitHub Actions runs automatically with a concurrency group and cancel-in-progress, so only…
Cancel on new pushCancel an in-progress GitHub Actions run when a newer commit is pushed to the same ref by pairing a concurren…
Cancel matrix legsCancel the remaining legs of a GitHub Actions matrix as soon as one fails using strategy.fail-fast, so a brok…
Cancel superseded runsUse a GitHub Actions concurrency group with cancel-in-progress so a new push stops the previous run on the sa…
Cancel in-progress runsCancel superseded GitHub Actions runs with a concurrency group and cancel-in-progress, so a new push to a bra…
Cancel superseded runsStop wasting minutes on outdated commits by grouping runs per branch with a concurrency block and cancel-in-p…
Capture a CPU profileRecord a CPU profile of a Node workload in GitHub Actions with the built-in --cpu-prof flag, then upload the…
Capture output into envCapture the output of a script in GitHub Actions and expose it to later steps by appending name=value to GITH…
Capture Playwright tracesRecord Playwright traces in GitHub Actions and read navigation timing from the browser, so you can inspect a…
Check DAG parse timeFail CI when an Airflow DAG file takes too long to parse using airflow dags list-import-errors and a timed pa…
Check color contrastCatch low color-contrast text in GitHub Actions by running pa11y or axe with the color-contrast rule, failing…
A11y regressions on a PRBlock accessibility regressions on pull requests in GitHub Actions by running axe on the PR and posting viola…
Check broken linksFind broken links in docs and HTML in GitHub Actions with the lychee-action, scanning files for dead URLs and…
Check missing i18n keysDetect untranslated or missing i18n keys in GitHub Actions with i18next-parser, regenerating catalogs and fai…
Check HTML validityValidate HTML in GitHub Actions with html-validate, catching unclosed tags, invalid nesting, and bad attribut…
Query Datadog p95 latencyQuery the Datadog metrics API after a deploy in GitHub Actions to read p95 latency over a bake window and fai…
Check out other private reposUse a GitHub App installation token to clone a second private repository in GitHub Actions, since the default…
Check out multiple reposClone more than one repository into a single GitHub Actions job with actions/checkout using the repository in…
Check out one subdirectoryCombine a partial clone with git sparse-checkout to pull just one subdirectory of a large repository in CI, m…
Check out via App tokenGenerate a short-lived GitHub App installation token scoped to specific repos and use it with actions/checkou…
Private submodulesClone a repo with private Git submodules in GitHub Actions by passing a GitHub App installation token to acti…
Shallow parallel submodulesSpeed up a large repository with many submodules in GitHub Actions by cloning them shallow and in parallel us…
Quantization checkQuantize a model in GitHub Actions and assert the size shrinks and accuracy stays within a threshold, so an o…
Check actor or authorGate GitHub Actions steps on who triggered the run using github.actor, or on the pull request author via gith…
Query Prometheus post-deployQuery Prometheus after a deploy in GitHub Actions to check the 5xx error rate over a short window and fail th…
Check the event nameBranch GitHub Actions behavior on the trigger using github.event_name, so one workflow can react differently…
What the image preinstallsFind out which languages, package managers, and CLIs ship preinstalled on a GitHub runner image so you can sk…
DB container vs serviceDecide between a GitHub Actions service container and a manually run docker container for your CI database, w…
GPU runners for MLSelect a GPU-backed runner for machine learning workloads in CI, target it with labels, and confirm the GPU i…
Merge, rebase, or squash policyPick a merge, rebase, or squash policy that fits your branching strategy, and enforce it with repository sett…
Down vs forward fixDecide between a down migration and a forward fix when a release goes wrong, since many schema changes are no…
Pick runners via matrixDrive runs-on from a GitHub Actions matrix to route different legs to different runner labels, mixing hosted…
Wait strategiesPick the right Testcontainers wait strategy (listening port, log message, or health check) so tests start onl…
Blobless vs treeless cloneCompare blobless (--filter=blob:none) and treeless (--filter=tree:0) partial clones for CI, and pick the righ…
Artifact vs cacheDecide when to use actions/upload-artifact versus actions/cache in GitHub Actions: artifacts hand off build o…
ARM vs x86 runnersChoose ARM64 or x86-64 GitHub runners based on your deployment target and cost, and learn how to run both in…
node_modules vs storeDecide whether to cache node_modules or the npm, yarn, or pnpm download store in GitHub Actions, and why cach…
Check runs vs statusesUnderstand the difference between GitHub check runs and commit statuses, and create a rich check run with the…
Concurrency vs max-parallelUnderstand the difference between GitHub Actions concurrency, which serializes runs by group, and strategy.ma…
Ephemeral vs persistentDecide whether self-hosted runners should be ephemeral (fresh per job) or persistent (reused), weighing isola…
Pick the right token typeDecide between a fine-grained personal access token, a classic PAT, and a GitHub App installation token for C…
Store baselines: git vs cloudCompare storing visual baselines in git versus a cloud service, weighing repo bloat, review workflow, and cro…
Hosted vs self-hosted runnersDecide between GitHub-hosted and self-hosted runners by weighing per-minute billing, maintenance burden, hard…
Choose a runner typeDecide between GitHub-hosted, self-hosted, and managed GitHub Actions runners based on cost, control, mainten…
Renovate vs DependabotCompare Renovate and Dependabot honestly on setup, grouping, automerge, scheduling, and ecosystem support so…
Rulesets vs branch protectionCompare GitHub repository rulesets with classic branch protection rules, and decide which to use for required…
Scale sets vs individualCompare runner scale sets against individually registered self-hosted runners for scaling, and pick scale set…
Short-lived vs long-lived branchesCompare short-lived and long-lived branches for CI cost and merge risk, and set up integration so branches st…
Standard vs larger runnersCompare the standard 2-vCPU GitHub runner against larger 4, 8, and 16 vCPU runners, and pick the size that fi…
Share code: 3 optionsCompare git submodule, git subtree, and publishing a versioned package for sharing code across repos, with th…
ubuntu-latest vs pinnedWeigh the convenience of ubuntu-latest against the reproducibility of a pinned image like ubuntu-24.04, and p…
Dispatch vs webhookChoose the right trigger by comparing workflow_dispatch for manual runs, repository_dispatch for external POS…
Component vs full-page snapshotsDecide between component-level snapshots via Storybook and full-page snapshots via Playwright, balancing stab…
Compose vs services blockDecide between the GitHub Actions services block and docker compose for test dependencies, comparing how each…
run vs up in CIUse docker compose up to start long-running dependencies and docker compose run for a one-off test command, u…
DinD vs socket mountDecide between Docker-in-Docker and mounting the host Docker socket on self-hosted runners, weighing isolatio…
DinD vs socketCompare Docker-in-Docker and mounting the host Docker socket for running Testcontainers on self-hosted runner…
Independent vs fixed modeCompare independent versioning (each package moves on its own) with fixed or locked mode (all packages share…
Job-level vs test-level retryChoose between job-level and test-level retry in CI, retrying a whole job for infrastructure flakiness and in…
Consumer version selectorsUse consumer version selectors so the provider verifies exactly the right consumer pacts, such as the latest…
Pin vs rangeDecide between pinning exact versions and keeping semver ranges in Renovate with rangeStrategy, balancing rep…
Secret scope levelsUnderstand the three GitHub Actions secret scopes (organization, repository, environment) and which one wins…
Test types in CIUnderstand when to run smoke, load, stress, and soak tests in CI, and how to shape each with k6 stages so PRs…
When to use which strategyChoose between trunk-based, GitHub Flow, GitFlow, and GitLab Flow based on release cadence, environment count…
Clean the workspaceReset a persistent self-hosted GitHub Actions runner between jobs by clearing the workspace in a pre/post ste…
Clean self-hosted workspaceReset a persistent self-hosted runner workspace between GitHub Actions jobs with git clean and reset, avoidin…
Clean disk between jobsWipe the workspace, temp files, and leftover artifacts between jobs on a reused self-hosted GitHub Actions ru…
Clean up stale branchesDelete merged and abandoned branches automatically so the repository stays tidy, using delete-on-merge plus a…
Clean up stale previewsReap orphaned or expired preview environments with a scheduled GitHub Actions workflow that lists open PRs an…
Close stale issuesMark and close inactive issues and pull requests on a schedule in GitHub Actions with the stale action, warni…
Close stale PRs and issuesAutomatically mark and close inactive pull requests and issues with actions/stale on a schedule, warning afte…
Collect audit evidenceExport GitHub Actions workflow runs, approvals, and reviews with the gh CLI and REST API to produce audit evi…
Collect flake rate from XMLCollect a flake rate from JUnit XML in CI by parsing testcase results across many runs, counting how often ea…
Aggregate job resultsBuild a final gate job in GitHub Actions that inspects each upstream job via needs.<job>.result and the alway…
Collect matrix outputsGather results from every leg of a GitHub Actions matrix by uploading per-leg artifacts and aggregating them…
Merge queue + incrementalRun incremental CI safely inside a GitHub merge queue by testing each merge_group against its base, so affect…
Schedule plus manual runLet one GitHub Actions workflow run both on a cron schedule and on demand by listing schedule and workflow_di…
Concurrency + environmentsCombine a GitHub Actions concurrency group with a deployment environment so approvals gate the deploy and the…
Combine conditionsCombine multiple GitHub Actions if conditions with && and ||, and preserve status behavior by leading with al…
Combine sharded coverageMerge coverage from parallel matrix or sharded CI jobs by uploading each shard as an artifact, then combining…
Flags + progressive deliveryLayer feature flags on top of a progressive delivery pipeline so CD ships the artifact everywhere while flags…
Multi-language analysisAnalyze a repo with JavaScript, Python, and Go in a single SonarQube scan by setting sources and per-language…
Combine multiple badgesCombine several status badges into one clean README row using a consistent style parameter and a badge line,…
Combine sharded coverage and JUnitMerge per-shard coverage and JUnit XML into one report by uploading artifacts from each shard and combining t…
Comment a preview linkAfter deploying a per-PR preview in GitHub Actions, post the live preview URL as a comment so reviewers can c…
Comment preview URLPost a preview deployment URL as a sticky comment on a pull request in GitHub Actions, updating the same comm…
Benchmark deltasRun benchmarks against a PR and the base branch in GitHub Actions, compute the delta, and post it as a sticky…
Comment build results on a PRPost a single, self-updating build-results comment on a pull request from GitHub Actions with the marocchino…
Comment on a PRPost a comment on a pull request from a GitHub Actions workflow using actions/github-script and the GITHUB_TO…
Comment and label with AppPost comments and apply labels from CI using a GitHub App installation token, so the automation shows up as t…
Compare PR bundle sizeShow how much a pull request changes your bundle in GitHub Actions by building both the PR and the base branc…
Compare runner ratesCompare the per-minute cost of GitHub Actions runner types, from standard Linux to Windows, macOS, and GPU-en…
Per-seat vs per-minuteCompare per-seat and per-minute pricing on third-party CI platforms so you pick the model that matches your t…
Diff two run logsFind what changed between a passing and a failing GitHub Actions run by downloading both logs with the gh CLI…
Compare strings in ifCompare strings in a GitHub Actions if using == and !=, understanding case sensitivity and how the expression…
Run a step conditionallyRun a GitHub Actions step only when a condition holds using the step-level if key with expressions, contexts,…
Select env by branchPick the GitHub Actions deployment environment from the branch by computing the name with an expression, so m…
Conditionally skip a jobConditionally run or skip a GitHub Actions job with the if: key and expressions - branch checks, event checks…
Set up a Buildx builderCreate and tune a dedicated Buildx builder in CI with setup-buildx-action, including a custom driver, BuildKi…
Rolling updateConfigure a Kubernetes rolling update from CI/CD with maxSurge and maxUnavailable, plus readiness probes so o…
Scoped registry in .npmrcRoute a scoped npm package to a specific registry in CI with an .npmrc that maps the scope and its auth token…
Configure an environment URLAttach a live URL to a GitHub Actions deployment with the environment url key, so the deployment shows a clic…
Branch protection per strategySet branch protection rules that match your branching strategy, requiring status checks, reviews, and linear…
Configure bypass listsGrant specific apps, teams, or roles the ability to bypass a GitHub ruleset or branch protection rule, so aut…
Dependabot across reposStandardize Dependabot version updates across many repositories by templating dependabot.yml and syncing it,…
Fixed vs independent versionsSet up independent per-package versions or lock a group of packages to one version in Changesets using the fi…
GCS / azurerm stateSet up a Terraform gcs or azurerm remote state backend for CI, where object versioning and blob leases provid…
Git credential configConfigure git in CI to authenticate HTTPS operations with a GitHub App or scoped token using an http.extrahea…
Gitleaks TOML configCustomize Gitleaks detection by extending the default rule set in a .gitleaks.toml, adding your own regex rul…
k6 thresholds as a gateConfigure k6 thresholds so specific metrics like p95 latency and error rate abort the run and fail CI, with a…
Required checks with the queueSelect which status checks the GitHub merge queue must pass, and make sure every required check runs on the m…
S3 remote stateStore Terraform state in an S3 backend with DynamoDB state locking so concurrent CI runs cannot corrupt state…
SPA 404 fallbackConfigure a single-page app so unknown routes serve index.html instead of a 404, letting the client-side rout…
AWS OIDC provider + trustRegister the GitHub Actions OIDC provider in AWS IAM and write a role trust policy that allows sts:AssumeRole…
Threshold configTune Playwright visual comparison sensitivity with threshold, maxDiffPixels, and maxDiffPixelRatio so minor a…
GraphQL contractsContract test a GraphQL API with Pact by treating the single POST /graphql endpoint as an HTTP interaction an…
Message queue contractsUse Pact message pacts to contract test asynchronous producers and consumers over a queue, verifying the mess…
Spring Cloud ContractUse Spring Cloud Contract to define contracts in Groovy or YAML on the producer side, generate provider tests…
Container lifecycleDecide whether a Testcontainers container starts once per test class or restarts per test method, trading iso…
Control fail-fastChoose whether a GitHub Actions matrix stops at the first failing leg or runs every combination to completion…
Fail-fast vs keep goingDecide whether a GitHub Actions matrix stops at the first failure or finishes every leg with strategy.fail-fa…
GITHUB_TOKEN permissionsSet least-privilege permissions for the built-in GITHUB_TOKEN in GitHub Actions with the permissions key, and…
Tame matrix costKeep a GitHub Actions build matrix from multiplying your minutes bill by pruning combinations with exclude an…
Control preview costKeep per-PR preview environments cheap in GitHub Actions by deploying only on labels, scaling previews to zer…
Control runner costKeep self-hosted runner bills predictable with an idle timeout, a hard max-runners ceiling, spot instances, a…
Control CI test costCut the warehouse cost of data tests in CI by limiting rows with a sample, using slim CI selection, and auto-…
Cost of visual testingReduce visual testing cost in CI by snapshotting only changed stories, trimming viewport and browser combinat…
lcov / Cobertura formatsUnderstand and convert the common coverage report formats in CI (lcov.info, Cobertura XML, coverage.xml) so a…
Coordinate a releaseShip a coordinated release across several repos by driving them from an orchestrator workflow that tags each…
Copy between registriesCopy a container image from one registry to another in GitHub Actions with crane, skopeo, or regctl, preservi…
Correlate deploy with prodCorrelate a deploy with production metrics by stamping the release version as a label and overlaying deploy a…
Create a check with annotationsCreate a GitHub check run with inline file annotations from GitHub Actions using the Checks API via github-sc…
Create a commit statusCreate a commit status from CI using the GitHub statuses API, posting a state, context, and target URL agains…
Create a composite actionBundle several steps into one reusable composite action in GitHub Actions with runs.using composite and an ac…
Create with action.ymlBundle several steps into one reusable composite action in GitHub Actions with an action.yml that sets runs.u…
Custom badge via gistCreate a custom badge whose value your CI updates by writing shields endpoint JSON to a gist with schneegans/…
Create a deployment environmentCreate a named deployment environment in GitHub Actions and target it from a job with the environment key, un…
Create a draft releaseCreate an unpublished draft GitHub Release for review in GitHub Actions by setting draft true on softprops/ac…
Draft release with notesCreate a draft GitHub release with auto-generated release notes in GitHub Actions when a tag is pushed, so yo…
Dynamic endpoint badgeBuild a dynamic shields.io badge by hosting a JSON document in the shields schema and pointing the endpoint r…
Create a Deployment recordRecord a preview in the GitHub Deployments API from GitHub Actions so the PR shows a linked environment with…
Release from a tagCreate a GitHub Release automatically when a version tag is pushed, generating release notes and attaching bu…
Release on tag pushCreate a GitHub Release automatically when you push a version tag using softprops/action-gh-release, with aut…
Create a release with changelogCut a GitHub Release with auto-generated notes from GitHub Actions using softprops/action-gh-release or the g…
Manifest listsCombine separately built amd64 and arm64 images into one multi-arch tag using docker manifest create and dock…
Preview deploy per PRPublish a preview deploy for every pull request from CI and post its URL back on the PR, so reviewers can cli…
Create a release branchCut a release branch like release/1.4 from GitHub Actions on demand, deriving the name from a workflow_dispat…
Create a reusable workflowTurn a workflow into a callable unit in GitHub Actions by adding on.workflow_call, so other workflows can inv…
Vercel preview per PRDeploy a Vercel preview for each pull request from GitHub Actions using the vercel CLI, capturing the generat…
Create an Argo CD ApplicationDefine an Argo CD Application manifest that points at a Git repo and path, and set an automated sync policy s…
Neon DB branch per previewGive each preview its own Postgres by creating a Neon branch per pull request in GitHub Actions, then deletin…
Create and unlock a keychainCreate a temporary keychain on a GitHub Actions macOS runner with security create-keychain, unlock it, and ad…
imagePullSecrets in CICreate a docker-registry pull secret in Kubernetes from a CI pipeline with kubectl create secret docker-regis…
Create or update a SecretCreate or update a Kubernetes Secret idempotently from GitHub Actions by piping kubectl create secret through…
Per-package git tagsTag each released package independently with a name@version tag so history and GitHub releases map to the rig…
Feature branch preview envsSpin up a per-branch preview environment on each pull request and tear it down on close, so reviewers test fe…
Render review apps per PREnable Render review apps in render.yaml so each pull request gets an ephemeral environment, with GitHub Acti…
Go cross-compile matrixCross-compile a Go binary for many GOOS and GOARCH combinations in GitHub Actions with a matrix on a single r…
Cross-compile Go binariesBuild Go binaries for linux, darwin, and windows across amd64 and arm64 in CI by setting GOOS and GOARCH in a…
Cross-compile RustCross-compile Rust in CI by adding a target with rustup and building with --target, or use the cross tool to…
Cut CI costLower CI minutes for a large repository by skipping unchanged builds, caching aggressively, cancelling supers…
Path filters to skip runsStop GitHub Actions from billing minutes on irrelevant changes by adding paths and paths-ignore filters, so a…
Blue-green DNS cutoverCut over blue-green traffic with weighted DNS from CI/CD, shifting resolution from the old environment to the…
Debug AssumeRole denialDiagnose the AWS Not authorized to perform sts:AssumeRoleWithWebIdentity error in GitHub Actions by checking…
Debug a 403 token errorTrace a 403 Resource not accessible by integration error in GitHub Actions by printing the GITHUB_TOKEN scope…
Debug cache missesDiagnose why a GitHub Actions cache never restores by checking the resolved key, the hashFiles inputs, the pa…
Debug a cache missWork out why actions/cache keeps missing in GitHub Actions by printing the resolved cache key and the hashFil…
Debug a cache that missesDiagnose a GitHub Actions cache that always misses by checking for keys that change every run, wrong paths, O…
Debug a Docker buildSee the full output of every Docker build step in GitHub Actions by passing --progress=plain and --no-cache,…
Debug a failing matrix legIsolate the one failing combination of a GitHub Actions matrix by disabling fail-fast and printing the matrix…
Trace a step with set -xSee every command a GitHub Actions shell step runs, with variables expanded, by enabling bash xtrace via set…
Re-run to confirm flakinessConfirm a GitHub Actions test is flaky by running it many times in a loop within one step, surfacing intermit…
Thread-dump a hanging jobCatch what a hanging GitHub Actions job is stuck on by setting a tight timeout and dumping thread stacks with…
Debug service unhealthyFix "dependency failed to start: container is unhealthy" in Compose CI by inspecting the healthcheck output,…
Debug a skipped jobFigure out why a GitHub Actions job shows up as skipped by inspecting its if condition and needs results, the…
Debug an offline runnerDiagnose a self-hosted GitHub Actions runner stuck offline or with jobs queued forever by checking labels, th…
Debug a webhook deliveryDebug a failing webhook by inspecting the delivery in the sender log, capturing the raw request with a reques…
Debug a path issueFix file-not-found and wrong-path failures in GitHub Actions by printing pwd, ls, and GITHUB_WORKSPACE to see…
Debug an empty secretCheck whether a GitHub Actions secret is actually set without leaking it by printing only its character count…
Debug an expressionFind out what a GitHub Actions expression actually evaluates to by echoing the rendered value into the log, c…
Debug an OOM killConfirm a GitHub Actions step died to the out-of-memory killer by checking exit code 137, reading dmesg for t…
Stuck or offline runnersDiagnose jobs stuck in queued and runners stuck offline by checking labels, runner status via the API, and th…
Debug a cancellationDiagnose why a GitHub Actions run was canceled by checking the cancellation reason in the logs: concurrency s…
When a bigger runner pays offWork out whether a larger CI runner saves money by comparing the per-minute cost multiplier against the wall-…
Custom runner imagesJudge when baking a custom runner image beats installing tools per job, trading longer image maintenance for…
compose watch in CIUnderstand why docker compose watch is a local dev feature, and use a plain compose up plus rebuild in CI ins…
Spot & preemptible runnersWeigh the deep discount of spot and preemptible cloud instances for self-hosted CI runners against the risk o…
Feature-flag releaseDecouple deploy from release using feature flags so CI ships code dark, then a flag flip exposes it to a perc…
Decouple deploy from releaseShip code to production behind an off feature flag so deploying and releasing become separate steps, letting…
Decrypt with git-cryptUnlock git-crypt encrypted files in a GitHub Actions checkout by exporting the symmetric key, base64-encoding…
Decrypt SOPS secretsDecrypt a committed SOPS-encrypted file inside a GitHub Actions job using an age or GPG key from a secret, th…
Deepen history on demandKeep a fast shallow checkout in CI but fetch extra history on demand with git fetch --deepen or --unshallow,…
Default a skipped outputAvoid empty outputs in GitHub Actions when a conditional step is skipped by reading the output with a fallbac…
Deflake time and randomnessDeflake a test by controlling time and randomness, freezing the clock and seeding the RNG so date-, timezone-…
Deflake async waitsDeflake a test by replacing fixed sleeps with polling assertions that wait for a real condition, removing the…
Deflake shared stateDeflake a test by isolating shared state, resetting databases, caches, and globals between tests so leftover…
Deflake order-dependent testsDeflake order-dependent tests in CI by finding tests that only pass in a specific sequence and removing the h…
Delete an artifactRemove a GitHub Actions artifact before it expires by calling the REST API deleteArtifact endpoint from actio…
Delete untagged versionsPrune old and untagged container image versions from GHCR in GitHub Actions with actions/delete-package-versi…
Deploy a Cloud FunctionDeploy a 2nd gen Cloud Function from GitHub Actions with the deploy-cloud-functions action, setting runtime,…
Deploy a Cloud Run JobDeploy a Cloud Run Job (for batch and one-off tasks) from GitHub Actions with gcloud run jobs deploy, then ex…
Cloud Run behind an LBDeploy a Cloud Run service that sits behind an external HTTPS load balancer from GitHub Actions, deploying wi…
Deploy to Cloud RunDeploy a prebuilt container image to Google Cloud Run from GitHub Actions using google-github-actions/deploy-…
Deploy a CFN stackDeploy or update an AWS CloudFormation stack from GitHub Actions with aws cloudformation deploy, passing para…
Deploy a container LambdaBuild a Lambda container image, push it to Amazon ECR from GitHub Actions, and update the function to the new…
Deploy a container to ECSBuild and push an image to ECR then deploy to Amazon ECS from GitHub Actions, rendering a new task definition…
Deploy to LightsailPush a container image to an Amazon Lightsail container service from GitHub Actions and create a deployment w…
Deploy to AWS ECSDeploy a Docker image to AWS ECS from GitHub Actions by pushing to ECR and rendering a new task definition, a…
Cloud Run from sourceBuild and deploy to Cloud Run straight from source in GitHub Actions with gcloud run deploy --source, letting…
Deploy a Dataflow jobLaunch a Google Cloud Dataflow job from GitHub Actions with gcloud dataflow flex-template run, passing a temp…
Deploy a docs siteBuild and deploy a documentation site to GitHub Pages from CI, whether it is MkDocs, Sphinx, or Docusaurus, u…
Deploy Firebase HostingDeploy a site to Firebase Hosting from GitHub Actions using the FirebaseExtended/action-hosting-deploy action…
Deploy a Helm chart to k8sDeploy a Helm chart to a Kubernetes cluster from GitHub Actions using azure/setup-helm and helm upgrade --ins…
Deploy a Lambda with SAMDeploy an AWS Lambda from GitHub Actions with the SAM CLI, running sam build then sam deploy with no-confirm-…
Deploy a monorepo selectivelyDeploy only the changed app in a monorepo from GitHub Actions using a path-change detection step and a condit…
Multi-service previewBuild and deploy several services into one per-PR preview environment in GitHub Actions using a matrix to bui…
Netlify preview via CLIPublish a Netlify deploy preview from GitHub Actions with the netlify CLI, using --json to read the deploy_ur…
Preview env per PRDeploy a unique preview environment for each pull request in GitHub Actions, naming the environment by PR num…
Deploy a preview per PRStand up an ephemeral preview environment for every pull request in GitHub Actions by triggering on pull_requ…
Preview the changed appDeploy a preview for just the app a pull request touched in a monorepo using a GitHub Actions paths filter or…
Per-PR Kubernetes namespaceDeploy an isolated preview onto Kubernetes for each pull request in GitHub Actions by creating a per-PR names…
Cloudflare Pages previewDeploy a per-branch preview to Cloudflare Pages from GitHub Actions with wrangler so reviewers click a live U…
Pub/Sub-triggered functionDeploy a Cloud Function triggered by a Pub/Sub topic from GitHub Actions with gcloud functions deploy --trigg…
Scheduled LambdaDeploy a Lambda and attach an EventBridge schedule rule from GitHub Actions so the function runs on a cron, w…
Deploy to S3 + CloudFrontDeploy a static site to an S3 bucket with aws s3 sync, then invalidate the CloudFront cache with aws cloudfro…
Deploy to Azure Static Web AppsDeploy a static site or SPA to Azure Static Web Apps from GitHub Actions with the Azure/static-web-apps-deplo…
Static site to GCS + CDNDeploy a static site to a Google Cloud Storage bucket from GitHub Actions with gsutil rsync, then invalidate…
Deploy to Cloudflare PagesDeploy a static site to Cloudflare Pages from CI with wrangler pages deploy or the cloudflare/wrangler-action…
Deploy to Firebase HostingDeploy a static site to Firebase Hosting from CI with firebase deploy --only hosting, authenticating non-inte…
Deploy to GitHub PagesDeploy a built static site to GitHub Pages from GitHub Actions using actions/upload-pages-artifact and action…
Deploy to NetlifyDeploy a static site to Netlify from CI with netlify deploy --prod, authenticating via NETLIFY_AUTH_TOKEN and…
Static site to S3 + CDNBuild a static site, sync it to S3 from GitHub Actions, and invalidate the CloudFront distribution so visitor…
Deploy to S3 + CloudFrontPublish a static site to S3 and invalidate the CloudFront cache from GitHub Actions, syncing the build output…
Deploy to VercelDeploy a static site or SPA to Vercel from CI with vercel --prod, using a VERCEL_TOKEN plus the org and proje…
Deploy over SSH with rsyncDeploy a static site to your own server from CI with rsync over SSH, loading a deploy key from a secret and s…
Deploy a state machineUpdate an AWS Step Functions state machine definition from GitHub Actions with aws stepfunctions update-state…
Deploy a zip LambdaPackage and deploy an AWS Lambda function as a zip from GitHub Actions using OIDC and aws lambda update-funct…
Deploy DAGs to MWAADeploy validated Airflow DAGs to Amazon MWAA from CI by syncing the dags folder to the environment S3 bucket…
ARC runner scale setInstall Actions Runner Controller (ARC) and deploy a runner scale set on Kubernetes with Helm, wiring a liste…
Deploy Lambda with SAMBuild and deploy a serverless app with AWS SAM from GitHub Actions, authenticating to AWS via OIDC so no long…
Deploy API GW + LambdaDeploy a Lambda-backed REST API and stage to Amazon API Gateway from GitHub Actions by updating the function…
MkDocs to PagesBuild an MkDocs site in GitHub Actions and publish it to GitHub Pages with the Pages deploy action so docs up…
Deploy Firebase FunctionsDeploy Cloud Functions for Firebase from GitHub Actions with the firebase-tools CLI, authenticating with a se…
Terraform on GCPProvision Google Cloud infrastructure from GitHub Actions with Terraform, authenticating via Workload Identit…
Deploy on a tag/releaseTrigger a GitHub Actions deploy only on a version tag or published release with on.push.tags and the release…
Deploy only changed appDeploy just the app a push touched in GitHub Actions by detecting changed app dirs with paths-filter and gati…
Deploy only on changeSkip a static site deploy when nothing that affects the build changed, using a paths filter or a content hash…
Deploy branch to environmentMap each branch to a deployment environment in GitHub Actions so develop deploys to staging and main deploys…
Matrix of environmentsDeploy to staging and production from one GitHub Actions job by driving the environment key from a matrix, sc…
Multi-account deployDeploy across AWS accounts from GitHub Actions by assuming a low-privilege OIDC role, then chaining into a ta…
Deploy to Azure Web AppDeploy a web app to Azure App Service from GitHub Actions with azure/login (OIDC) and azure/webapps-deploy, p…
Deploy to App EngineDeploy a service to Google App Engine from GitHub Actions with the deploy-appengine action or gcloud app depl…
Deploy to App RunnerShip a new container image to AWS App Runner from GitHub Actions by pushing to ECR and triggering a deploymen…
Deploy to AWS via OIDCDeploy to AWS from GitHub Actions without long-lived keys by assuming an IAM role through OIDC with aws-actio…
Terraform to AWS (OIDC)Apply Terraform to AWS from GitHub Actions using OIDC for keyless authentication, running terraform init, pla…
Deploy Azure FunctionsDeploy a Function App to Azure Functions from GitHub Actions using the official functions-action and an Azure…
Deploy to Cloudflare PagesDeploy a site to Cloudflare Pages from GitHub Actions with Wrangler, using an API token and account ID so bui…
Deploy to Cloudflare PagesDeploy a build to Cloudflare Pages from GitHub Actions with the Wrangler CLI and the cloudflare/wrangler-acti…
Deploy to ECS FargateRoll out a new container to Amazon ECS Fargate from GitHub Actions by rendering a fresh image into your task…
Deploy to EKSDeploy a workload to Amazon EKS from GitHub Actions by assuming a role over OIDC, writing a kubeconfig with a…
Deploy to BeanstalkDeploy an application to AWS Elastic Beanstalk from GitHub Actions by uploading a bundle to S3, creating an a…
Deploy to Fly.ioDeploy an app to Fly.io from GitHub Actions with the flyctl CLI and a Fly API token, running fly deploy --rem…
Deploy to GitHub PagesDeploy a static site to GitHub Pages with the official Actions flow: upload-pages-artifact then deploy-pages,…
Deploy to GKEDeploy to a Google Kubernetes Engine cluster from GitHub Actions using get-gke-credentials and kubectl, apply…
Deploy to GKE with HelmDeploy a Helm release to Google Kubernetes Engine from GitHub Actions by fetching cluster credentials and run…
Deploy to Cloud RunDeploy a container to Google Cloud Run from GitHub Actions using Workload Identity Federation, pushing to Art…
Deploy to Cloud RunDeploy a container to Google Cloud Run from GitHub Actions using Workload Identity Federation for keyless aut…
Deploy to KubernetesDeploy to Kubernetes from GitHub Actions - configure kubectl with a secret kubeconfig (or cloud OIDC), set th…
Deploy to k8s with kubectlDeploy to Kubernetes from GitHub Actions with kubectl by setting the image on a deployment and waiting for th…
Deploy to green regionsTarget lower-carbon cloud regions in your CI deploy step so production runs on cleaner electricity, balancing…
Sequential deploysChain deploys to dev, staging, and prod in order in GitHub Actions using needs so each environment only ships…
Deploy to multiple projectsDeploy to staging and production GCP projects from GitHub Actions using a matrix, with a per-project Workload…
Deploy to multiple clustersRoll out the same Kubernetes manifests to several clusters in parallel from GitHub Actions with a matrix that…
Deploy to NetlifyDeploy a static site to Netlify from GitHub Actions with the Netlify CLI, using an auth token and site ID so…
Deploy to Netlify via CLIDeploy a build to Netlify from GitHub Actions with the netlify CLI, using an auth token and site id to push t…
Deploy to VercelDeploy a project to Vercel from GitHub Actions using the Vercel CLI and a scoped token so production deploys…
Deploy to Vercel via CLIDeploy to Vercel from GitHub Actions using the Vercel CLI with a token, pulling project settings then running…
Deploy with AWS CDKSynthesize and deploy AWS CDK stacks from GitHub Actions with cdk deploy --require-approval never, authentica…
Deploy with AWS SAMBuild and deploy a serverless application with AWS SAM from GitHub Actions using sam build and sam deploy in…
Deploy via Cloud BuildTrigger a Cloud Build pipeline from GitHub Actions with gcloud builds submit, running your cloudbuild.yaml to…
Deploy with helm upgrade --installDeploy a Helm chart idempotently from GitHub Actions with helm upgrade --install --wait --atomic, so the rele…
Deploy with KustomizeDeploy an environment overlay from GitHub Actions with kubectl apply -k, letting Kustomize merge a base and o…
Serverless Framework deployDeploy a Serverless Framework service to AWS from GitHub Actions per stage, authenticating with OIDC and sele…
Least-privilege role designDesign a least-privilege IAM role for keyless CI by scoping the trust policy to one repository and ref and gr…
destroy PR envsSpin up a per-pull-request Terraform environment and tear it down on PR close in GitHub Actions with a dedica…
Detect affected projectsUse the affected graph in Nx, Turborepo, or Bazel to build only projects impacted by a change in a large repo…
Detect breaking changesDetect breaking API changes in CI by diffing the OpenAPI spec with oasdiff and failing the pull request when…
Detect changed areasUse dorny/paths-filter in GitHub Actions to compute which areas of a large repository changed and gate downst…
Detect changed filesDetect which files changed in a GitHub Actions run with dorny/paths-filter, exposing per-filter boolean outpu…
git diff for changesDetect changed files in CI with plain git diff --name-only against a base ref, a zero-dependency way to drive…
pnpm --filter since refRun scripts only for changed pnpm workspace packages in GitHub Actions using pnpm --filter "...[ref]", which…
Detect drift with Argo CDSurface manual cluster changes as OutOfSync drift in Argo CD, and decide whether selfHeal reverts them automa…
Detect flaky tests in CIDetect flaky tests in CI by re-running the same commit and comparing results, so a test that passes and fails…
Detect hardcoded stringsFlag untranslated literal UI strings in JSX during GitHub Actions using the react/jsx-no-literals ESLint rule…
Catch un-generated migrationsFail CI when a model change has no matching migration using makemigrations --check or a diff command, so sche…
Baseline regression in CIDetect performance regressions in CI by comparing this run p95 to a stored baseline, failing when the delta e…
Detect schema driftDetect drift between a committed OpenAPI spec and the running implementation in CI, so the spec you publish f…
Detect schema driftCatch schema drift in GitHub Actions by checking that the committed migrations fully describe the schema, fai…
Detect stale flags in CIFail a CI job when a feature flag has been fully rolled out or is past its expiry, so stale flags are flagged…
detect driftCatch out-of-band infrastructure changes by running terraform plan -detailed-exitcode on a schedule in GitHub…
Diff an Argo CD appPreview what a GitOps change will do by running argocd app diff against a branch in a pull request job, surfa…
Diff manifests before applyShow exactly what a Kubernetes deploy will change in a GitHub Actions pull request by running kubectl diff ag…
Disable schedule on forksStop a cron workflow from running in forks of a GitHub repository by gating the scheduled job on github.repos…
Disable animationsFreeze CSS animations and transitions before capturing screenshots with Playwright animations: disabled, so m…
Dismiss stale reviewsAutomatically invalidate approving reviews when a pull request gets new commits, using the dismiss stale revi…
Dispatch deploysTrigger deploy workflows in several repos from one place by looping over the repo list and calling gh workflo…
Distribute to TestFlightUpload an iOS build to TestFlight in CI with fastlane pilot or upload_to_testflight, authenticating via an Ap…
Firebase App DistributionSend an APK or IPA to testers via Firebase App Distribution in CI using the firebase CLI or fastlane plugin w…
Distribute to Google PlayUpload an AAB to Google Play in CI with fastlane supply and a service account JSON key, promoting to a chosen…
Blue-green deployRun a blue-green deployment from GitHub Actions by deploying the new color, smoke testing it, then switching…
Blue-green ECS deployRun a blue-green Amazon ECS deployment through AWS CodeDeploy from GitHub Actions, shifting traffic between t…
Canary deployRoll out a canary deployment from GitHub Actions by shifting a small traffic percentage to the new version, w…
Canary Lambda deployShift traffic gradually to a new Lambda version from GitHub Actions using a weighted alias, publishing a vers…
Canary rollout with flagsRoll out a feature to a small canary segment first using flag targeting, so a bad change hits only a fraction…
Percentage rolloutEnable a feature for a growing percentage of users with a feature flag rollout, bucketing by a stable key so…
Shallow clone the repoSpeed up checkout of a large repository in GitHub Actions with fetch-depth: 1 for a shallow clone, and learn…
Atomic deploysDeploy a static site atomically by uploading a new versioned directory and flipping a symlink or pointer, so…
Zero-downtime expand-contractShip zero-downtime schema changes with the expand-contract (parallel change) pattern: expand the schema, migr…
Document control mappingDocument your CI/CD pipeline as a control mapping in the repo, linking each control to the workflow step and…
Download all artifactsDownload every artifact from a GitHub Actions run at once by calling actions/download-artifact@v4 with no nam…
Cross-run artifactFetch an artifact produced by a separate GitHub Actions workflow run using run-id and the GitHub token so a l…
Download from another runFetch an artifact created by a different GitHub Actions run using actions/download-artifact@v4 with run-id, g…
Download in same workflowDownload an artifact within the same GitHub Actions run using actions/download-artifact@v4, restoring files a…
Download into a deploy workflowPull a build artifact produced by a CI run into a separate deploy workflow in GitHub Actions with actions/dow…
Download to a pathControl where a GitHub Actions artifact lands by setting the path input on actions/download-artifact@v4, rest…
Draft release notesBuild a draft release changelog automatically from merged pull requests with release-drafter, grouping entrie…
Draft notes as PRs mergeKeep a running draft release with release-drafter/release-drafter in GitHub Actions, which categorizes merged…
Conditional jobsWire a detection job output into downstream job if conditions in GitHub Actions, the core pattern for buildin…
Webhook-driven GitOpsDrive a GitOps flow with webhooks by having a build POST a repository_dispatch that updates a manifest and le…
nx release from commitsLet nx release compute each package version bump from conventional commit types by enabling conventionalCommi…
Drop a column safelyDrop a column without downtime by deprecating it first: ship code that stops reading and writing it, deploy,…
Dry-run a publishRehearse a publish in CI without shipping using dry-run flags like npm publish --dry-run, cargo publish --dry…
Plan before applyPreview the exact SQL a migration will run before applying it, using atlas migrate diff or a tool dry-run fla…
Dump and restore a DBCapture a Postgres database with pg_dump and reload it with pg_restore inside a GitHub Actions job, useful fo…
Dump logs on failureCapture docker compose logs when a CI job fails so you can see why a service crashed or never became healthy,…
Generate a matrix dynamicallyBuild a GitHub Actions matrix at runtime by emitting JSON from one job and feeding it to a downstream matrix…
Annotations from an actionEmit error, warning, and notice annotations from a custom action with the ::error:: workflow commands or the…
Emit CI annotationsEmit inline error and warning annotations from a GitHub Actions job with the error and warning workflow comma…
Structured logs in pipelinesEmit structured JSON logs from pipeline steps with a consistent schema, so log aggregation systems can index…
Branch vs line coverageTurn on branch coverage in CI so both sides of every conditional are measured, a stricter signal than line co…
Vulnerability alertsGet notified about vulnerable dependencies with Dependabot alerts, which read the dependency graph and GitHub…
Native secret scanningTurn on GitHub native secret scanning and push protection so provider-partnered credential patterns are block…
Incremental GradleSpeed up Gradle in CI with the build cache and up-to-date checks so only tasks with changed inputs re-run, re…
Enable Windows long pathsAvoid the 260-character MAX_PATH limit on a windows-latest runner in GitHub Actions by enabling the LongPaths…
PR decoration + commentsTurn on SonarQube pull request decoration in GitHub Actions so scan results post as a PR summary comment and…
Renovate automergeTurn on Renovate automerge with automerge and automergeType, so a PR or branch merges only after required sta…
Lock file maintenanceRefresh transitive dependencies without changing your manifest using Renovate lockFileMaintenance, which rege…
Enable runner diagnostic loggingCapture low-level runner and worker diagnostic logs in GitHub Actions by setting ACTIONS_RUNNER_DEBUG to true…
Self-service secret accessLet teams request scoped secrets and access through a reviewed pull request or environment, so credentials fl…
Enable step debug loggingTurn on verbose step debug logging in GitHub Actions by setting the ACTIONS_STEP_DEBUG secret or variable to…
Turn on debug logsGet verbose diagnostic output from a GitHub Actions run by enabling step debug logging with the ACTIONS_STEP_…
Enable the merge queueTurn on the GitHub merge queue for a branch so pull requests are merged in a serialized, tested order, and wi…
Gradle build cacheTurn on the Gradle build cache in CI so unchanged task outputs are reused, and combine it with actions/cache…
TurboSnap for changed storiesCut Chromatic snapshot cost with TurboSnap, which uses the Webpack dependency graph to snapshot only stories…
Ownership via CODEOWNERSAssign clear service ownership with a CODEOWNERS file so the right team is auto-requested for review on every…
Encrypt a file with ageEncrypt build output or config in a GitHub Actions job with the age tool using a recipient public key, produc…
Encrypt artifactsEncrypt sensitive build outputs with GPG or openssl in GitHub Actions before calling upload-artifact so the s…
SOPS secrets for GitOpsCommit encrypted Kubernetes secrets to a GitOps repo with SOPS and age, letting Flux decrypt them at apply ti…
Enforce a build-time budgetFail a GitHub Actions job when the build takes longer than a set number of seconds by timing the build comman…
Enforce bundle size budgetFail a GitHub Actions build when a JavaScript bundle exceeds its byte budget using size-limit, which measures…
Enforce coverage thresholdFail a GitHub Actions build when coverage drops below a target by setting coverageThreshold in Jest, so a reg…
Cognitive complexity limitCap function cognitive complexity in CI using the ESLint sonarjs rule or a SonarQube quality profile threshol…
Docker image size budgetFail a GitHub Actions build when a Docker image grows past a size budget by inspecting the built image size i…
Go coverage thresholdGate Go coverage in CI by parsing go tool cover output or using go-test-coverage, failing the job when total…
Enforce a Lighthouse budgetFail a GitHub Actions run when a page blows its performance budget by feeding a budget.json to Lighthouse CI…
Enforce a perf budgetEnforce a performance budget in CI by failing the job when p95 latency exceeds a limit, expressed as a thresh…
Enforce a PR checklistBlock a pull request until every required checkbox in the description is ticked using mheap/require-checklist…
Semantic squash titlesKeep a clean default branch history by validating the PR title (which becomes the squash commit) against Conv…
Verify before deployAdd a policy gate job that verifies signatures and provenance before any deploy job runs in GitHub Actions, s…
Enforce a11y scoreFail a GitHub Actions build when the Lighthouse accessibility score drops below a threshold using a lighthous…
Org required workflowsUse organization-level required workflows (repository rulesets) to force a chosen reusable workflow to run on…
Branch naming automationEnforce a branch naming convention like feature/ and fix/ in CI so branch names stay consistent and can drive…
Enforce conventional commitsEnforce the Conventional Commits format on pull requests in GitHub Actions by linting the PR title, so automa…
Enforce Conventional CommitsValidate commit messages against the Conventional Commits spec in GitHub Actions with wagoid/commitlint-githu…
Coverage on the diff onlyRequire coverage only on changed lines in CI using Codecov patch status, so new code is tested without demand…
Data residency in CIKeep CI builds and artifacts in a specific region using region-pinned self-hosted runners and a residency che…
Deployment freeze windowsBlock deploys during change-freeze windows in GitHub Actions by checking the current time against a freeze sc…
Deployment windows / freezeEnforce deployment windows and change freezes from CI/CD by blocking deploys outside allowed hours or during…
Lighthouse CI budgetsEnforce front-end performance budgets in CI with Lighthouse CI assertions, failing the build when metrics lik…
Lockfile integrityEnforce exact, reproducible dependency installs in CI with npm ci and frozen-lockfile modes, so a mismatched…
Enforce import boundariesFail CI when a package imports across forbidden boundaries using an Nx module boundary lint rule or eslint-pl…
Review rules with Danger JSCodify pull request review rules in a dangerfile.js and run Danger JS in CI to warn or fail when a PR skips a…
Enforce prose with ValeLint documentation prose in GitHub Actions with Vale, enforcing style rules and readability and failing the b…
Require reviewersEnforce required pull request reviewers and approvals in GitHub as a SOC 2 change management control, so no c…
Require status checksBlock merges until CI passes by marking a GitHub Actions job as a required status check in branch protection,…
Danger JS review rulesAutomate pull-request review conventions with Danger JS in GitHub Actions, failing the check when a PR misses…
Separation of dutiesEnforce separation of duties in GitHub Actions so the author of a change cannot approve or deploy it alone, a…
Memory & disk per jobMeasure a jobs peak memory and disk use to pick a runner size that will not OOM or run out of space, before p…
Tune matrix combosRefine a GitHub Actions matrix with exclude to drop combinations and include to add or extend specific ones,…
Exclude files from artifactDrop unwanted files from a GitHub Actions artifact by adding negated glob lines (prefixed with !) to the path…
Exclude files from coverageKeep generated code, tests, and vendored files out of coverage numbers with per-tool exclude patterns so the…
Exclude generated codeKeep generated files, vendored code, and build output out of a SonarQube scan with sonar.exclusions so metric…
Exclude fixturesCut secret scan noise by excluding fixture and sample directories that hold intentionally fake keys, scoping…
Export ONNX / TorchScriptExport a model to ONNX or TorchScript in GitHub Actions and validate the exported graph against the source mo…
Export build traces to DatadogSend CI pipeline traces to Datadog using CI Visibility or an OpenTelemetry Collector with the datadog exporte…
Export build traces to HoneycombShip CI build traces to Honeycomb over OTLP by setting the ingest endpoint and x-honeycomb-team API key heade…
Export traces to Jaeger or TempoSend CI build traces to Jaeger or Grafana Tempo through an OpenTelemetry Collector, routing OTLP spans from t…
Export to PushgatewayExport short-lived CI metrics to the Prometheus Pushgateway, since pipeline jobs are too brief to be scraped,…
Export JSON and JUnitExport load test results in CI as a JSON summary and a JUnit XML report so the run surfaces in the test tab a…
Factor steps into an actionMove repeated setup steps into a local composite action in GitHub Actions with runs.using composite, then cal…
Queue time considerationsInclude time spent waiting for an available runner, not just run time, when choosing between hosted, larger,…
Region & latencyChoose a runner region close to your artifact registry, package mirrors, and deploy target to cut download an…
Fail on bundle growthMeasure the production bundle size in a GitHub Actions PR, compare it against a baseline budget, and fail the…
Cap PR diff sizeFail a pull request whose diff exceeds a line threshold by reading additions and deletions from the PR payloa…
Require tests with codeFail a GitHub Actions check when a PR changes several package source dirs but adds no test files, using tj-ac…
Fail PR on regressionBlock a pull request in GitHub Actions when a benchmark is slower than the base branch by running the suite o…
Fail PR on gateMake a red quality gate fail the pull request check in GitHub Actions using sonar.qualitygate.wait or the qua…
Fail CI on duplicationBlock a pull request when duplicated code exceeds a threshold, using a SonarQube duplicated_lines_density gat…
Block console.logFail GitHub Actions when a stray console.log is committed, using grep or an ESLint rule so debug logging neve…
Jest coverage thresholdEnforce a minimum coverage level in CI with Jest coverageThreshold, so the test command exits non-zero when l…
pytest coverage thresholdSet a minimum coverage in CI with pytest --cov-fail-under, so pytest exits non-zero when total coverage drops…
Fail fast to save minutesStop a matrix the moment one leg fails with strategy.fail-fast, and order quick checks before slow ones so a…
Fail on coverage dropFail a GitHub Actions build when test coverage falls below a threshold, parsing the coverage percentage from…
Fail on lint errorsMake a GitHub Actions job fail on lint errors by running the linter with a non-zero exit, and surface finding…
Fail on new flakes onlyFail a CI build on new flaky tests but not known ones by comparing detected flakes against an allowlist of qu…
Fan out then aggregate coverageRun sharded tests in parallel, upload each shard coverage file, then merge them in a final job so your total…
AWS Secrets ManagerPull secrets from AWS Secrets Manager into a GitHub Actions job at runtime using OIDC for auth so no long-liv…
GCP Secret ManagerRead secrets from Google Cloud Secret Manager in a GitHub Actions job using Workload Identity Federation so n…
Keyless auth to VaultAuthenticate GitHub Actions to HashiCorp Vault using the JWT auth method and the OIDC token, binding a Vault…
Fetch secrets from VaultRead secrets from HashiCorp Vault in GitHub Actions using JWT auth and hashicorp/vault-action, trading the wo…
Fetch SSM parametersRead AWS SSM Parameter Store values in GitHub Actions with the AWS CLI after OIDC auth, masking SecureString…
Filter webhook eventsFilter webhook events in GitHub Actions with event type lists and an if condition on the action, so a workflo…
bazel affected targetsCompute the Bazel targets affected by a set of changed files with bazel query rdeps, then build and test only…
Find changed filesList the files a push or pull request changed in CI with git diff --name-only against the base ref, driving p…
Self-hosted breakevenWork out the point where self-hosted GitHub Actions runners cost less than GitHub-hosted ones, factoring in c…
Find expensive workflowsRank GitHub Actions workflows by billed minutes to find the few pipelines that drive most of your CI spend, u…
Fix missing OIDC providerResolve the AWS No OpenIDConnect provider found error by creating the IAM OIDC identity provider for token.ac…
Fix the stuck "expected" checkResolve a merge queue entry that sits pending forever because a required check is listed as expected but neve…
Fix request URL not setFix the GitHub Actions error where the OIDC token request URL is empty by granting the job id-token: write pe…
fetch-depth 0 for blameDisable the shallow clone in GitHub Actions with fetch-depth 0 so SonarQube can read Git blame and attribute…
Flaky tests: freeze time/randomStabilize flaky visual tests by freezing the clock and seeding randomness with Playwright clock and Math.rand…
Checks not running on merge groupDiagnose why required checks are skipped on the GitHub merge group when a path filter or if condition exclude…
Fix secret access errorsResolve the GitHub Actions error where a reusable workflow cannot see a secret, usually because it was never…
Required checks fixSolve the pending required check problem in incremental CI, where a skipped job never reports status, by usin…
Composite step shell keyEvery run step in a composite action must declare a shell, so add shell bash (or pwsh, python) to each run st…
Free disk before buildReclaim gigabytes on a GitHub-hosted runner before a large Docker build by removing preinstalled toolchains,…
Schemathesis vs OpenAPIRun property-based API tests in GitHub Actions with Schemathesis, generating cases from an OpenAPI schema and…
Gate deploy with environmentGate a deploy job behind a GitHub Actions environment with required reviewers so production deploys pause for…
External approval gateBlock a GitHub Actions deploy until an external approval service grants sign-off by polling its API and only…
Block deploy on failureMake the app rollout depend on the migration step so a failed migration stops the deploy, keeping the code fr…
Gate a deploy on branchPrevent a GitHub Actions deploy job from running off the wrong branch with a job-level if on github.ref, comb…
Gate deploy with can-i-deployRun pact-broker can-i-deploy in CI before shipping so the broker confirms the version you are about to deploy…
Gate promotion with approvalRequire a reviewed pull request before a GitOps change reaches production using branch protection with requir…
Gate on k6 thresholdsFail a GitHub Actions run when a k6 load test breaches a threshold, since k6 exits non-zero when a thresholds…
Gate prod with approvalsRequire a human approval before a production deploy in GitHub Actions by targeting a protected environment wi…
Health-check gate before promoteGate a deployment promotion on a health check from CI/CD so traffic only shifts to the new version after its…
Gate release on approvalPause a release job for human sign-off in GitHub Actions with a protected environment and required reviewers,…
Gate on exit codeGate a GitHub Actions job on a custom script exit code so any non-zero result fails the workflow and blocks t…
Gate on API latencyGate CI on API response times by asserting per-endpoint p95 with k6 tags and scoped thresholds, so a slow end…
Gate deploy on stagingBlock a production deploy in GitHub Actions until staging deploys successfully, using job dependencies and a…
Gate deploys with environmentsProtect production in GitHub Actions with an environment that has required reviewers, a wait timer, and a dep…
Gate merges on checksMake a GitHub Actions job a required status check so a PR cannot merge until it passes, using a stable aggreg…
Gate on code smellsFail a build when new code smells appear by adding a maintainability issue condition to a SonarQube quality g…
New-code vs overall gateConfigure a SonarQube quality gate to enforce clean-as-you-code on new code only, so legacy debt does not blo…
Tech-debt ratio gateFail a build when the SonarQube technical debt ratio on new code exceeds a threshold, keeping the maintainabi…
Gate prod on approvalHold a GitHub Actions production deploy until a human approves it by targeting a protected environment with r…
Gate promotion on SLOGate a release promotion in GitHub Actions on a service level objective, promoting only when availability and…
approval gate for applyPause a Terraform apply until a human approves by targeting a protected GitHub environment with required revi…
Readiness gate before trafficHold traffic promotion in GitHub Actions until a readiness endpoint reports every dependency healthy, so a re…
.NET coverage in CIMeasure .NET coverage in CI with Coverlet via dotnet test, emitting Cobertura XML that ReportGenerator, Codec…
conventional-changelog CLIGenerate or update a CHANGELOG.md in GitHub Actions with the conventional-changelog CLI, appending the latest…
Changelog with git-cliffGenerate a changelog from Conventional Commits in GitHub Actions with orhun/git-cliff-action, driven by a cli…
Coverage badgeGenerate a test coverage badge in GitHub Actions and commit or publish it so the README shows live coverage w…
cdxgen CycloneDX SBOMGenerate a CycloneDX SBOM for a Node or multi-language project in CI with cdxgen, capturing the full dependen…
Mint an installation tokenGenerate a short-lived GitHub App installation access token inside GitHub Actions with actions/create-github-…
Dynamic matrix from diffBuild a GitHub Actions matrix at runtime from the directories a PR changed, emitting JSON to a job output and…
Sitemap and robots.txtGenerate a sitemap.xml and robots.txt during a static site build so search engines can crawl the deployed sit…
SBOM and provenanceProduce a CycloneDX SBOM and SLSA build provenance attestation in GitHub Actions for supply-chain compliance,…
Generate an SBOM (Syft)Produce a Software Bill of Materials for a Docker image in CI with Anchore Syft, emitting SPDX or CycloneDX J…
Generate an SBOM (Syft)Produce a software bill of materials in GitHub Actions with anchore/sbom-action (Syft), emitting CycloneDX or…
Generate an SBOMGenerate a software bill of materials in GitHub Actions with Anchore Syft, producing an SPDX or CycloneDX SBO…
Generate and attest an SBOMProduce an SPDX SBOM with anchore/sbom-action in GitHub Actions and bind it to your build with actions/attest…
Publish a coverage reportGenerate a code-coverage report in GitHub Actions and upload it to Codecov, or enforce a threshold and attach…
Generate and upload an HTML reportBuild an HTML report during a GitHub Actions run and attach it as a downloadable artifact, or publish it to G…
Generate and upload SBOMGenerate a software bill of materials in GitHub Actions with Syft and upload it as a build artifact, so every…
Generate & publish API docsGenerate API reference docs in GitHub Actions and publish them to GitHub Pages so the documentation always tr…
Automate screenshotsGenerate localized App Store screenshots in CI with fastlane snapshot, driving UI tests across simulators and…
Catalog and lineage in CIProduce a data catalog and column-level lineage in CI with dbt docs generate and manifest.json, publishing li…
Generate Go coverageProduce Go test coverage in CI with go test -coverprofile, then render a percentage with go tool cover, givin…
Generate JaCoCo coverageMeasure JVM coverage in CI with the JaCoCo Maven or Gradle plugin, binding the report goal to the test phase…
Generate Jest coverageProduce a Jest coverage report in CI by running jest with the --coverage flag and an lcov reporter, so the nu…
c8 or nyc coverageCollect coverage for any Node test runner in CI with c8 (native V8) or nyc (Istanbul), wrapping your test com…
Per-package changelogsWrite a CHANGELOG.md inside each package rather than one root changelog, so consumers see only the entries fo…
Argo CD ApplicationSet previewsLet an Argo CD ApplicationSet pull request generator create and delete preview Applications automatically, wi…
Generate pytest coverageMeasure Python test coverage in CI with pytest-cov, running pytest --cov to print a report and emit coverage.…
Release notes from PRsGenerate release notes from merged pull requests in GitHub Actions so each release ships an accurate changelo…
Rust coverage in CICollect Rust coverage in CI with cargo-llvm-cov, which drives LLVM source-based coverage and emits lcov or Co…
Generate SimpleCov coverageTrack Ruby coverage in CI with SimpleCov, starting it before the test suite loads and emitting an lcov or JSO…
Generate build provenanceProduce signed SLSA build provenance for a release artifact in GitHub Actions with actions/attest-build-prove…
terraform-docsKeep module READMEs current by running terraform-docs in GitHub Actions to inject an inputs and outputs table…
Get a stack traceSurface a full stack trace from a crashing process in GitHub Actions by enabling language-level traceback fla…
Consistent rendering via DockerEliminate anti-aliasing and font differences in visual tests by running Playwright inside the official Docker…
fail-fast false for full resultsKeep every test shard running to completion in GitHub Actions with strategy.fail-fast false, so one failing s…
GitOps by committing to a config repoDeploy GitOps-style from GitHub Actions by bumping the image tag in a separate config repo and committing it,…
GPU inside a containerRun a container with GPU access in GitHub Actions using the NVIDIA Container Toolkit and docker run --gpus al…
Give a runner AWS accessGrant a self-hosted GitHub Actions runner AWS access through an EC2 instance profile so jobs use short-lived…
Test DB in CIBack API tests with a real Postgres in GitHub Actions using a service container with health checks, so integr…
Name matrix jobsGive each GitHub Actions matrix leg a clear name in the checks list with a job-level name that interpolates m…
Least-privilege runner IAMAttach a minimal IAM role to self-hosted GitHub Actions runners so a compromised job can only touch the exact…
Grant id-token: writeEnable OIDC in GitHub Actions by granting the id-token: write permission so the job can request a signed OIDC…
Group by workflow + refBuild a robust GitHub Actions concurrency key from github.workflow and github.ref so each workflow deduplicat…
Group Dependabot PRsReduce pull request noise by grouping related Dependabot updates into a single PR with the groups key, matchi…
Renovate groupingBundle related updates into one Renovate PR using packageRules with matchPackagePatterns and groupName, so ES…
Collapse log sectionsFold noisy command output into collapsible groups in GitHub Actions logs using the ::group:: and ::endgroup::…
Monorepo groupingManage updates across multiple packages in a monorepo by grouping related bumps, using Dependabot multi-direc…
Guard commands with environmentsGuard chat-triggered commands in GitHub Actions with a protected environment that adds required reviewers and…
Pass a secret safelyCarry a secret computed in one GitHub Actions step into later steps without leaking it, by masking the value…
Publish with 2FA onPublish from CI when 2FA is enabled by using an automation token that bypasses the interactive one-time-passw…
Flaky check blocking the queueKeep a flaky required status check from repeatedly kicking pull requests out of the GitHub merge queue by add…
Handle a dispatched commandHandle a dispatched slash command in GitHub Actions with an on.repository_dispatch workflow that filters on t…
handle stale locksRecover from a stuck Terraform state lock left by a killed CI job by reading the lock ID from the error and r…
Secrets in load testsAuthenticate CI load tests by passing a token from a repo secret into the load tool as an environment variabl…
Auth tokens for testsAuthenticate API tests in GitHub Actions by fetching a token at runtime or reading one from secrets, then pas…
Badge caching and camoUnderstand how GitHub proxies README badges through its camo image cache, why badges look stale, and how cach…
Monorepo branching and CIKeep a single trunk in a monorepo and use path filters plus a dynamic matrix so a branch only builds the pack…
Self-hosted cachingUnderstand how actions/cache behaves on self-hosted GitHub Actions runners, and when a persistent local tool…
PR vs push diffsCompute the changed file set correctly for pull_request and push events, since each provides a different base…
Control CRLF on checkoutStop CRLF and LF line-ending churn on a windows-latest runner in GitHub Actions by configuring git core.autoc…
Cross-OS rendering in a containerStop cross-OS rendering differences from failing visual tests by generating and comparing baselines inside on…
Failing update PRsKeep broken dependency bumps out of main by requiring your test suite as a status check, so Dependabot and Re…
Sharding and flakinessHandle flakiness when sharding tests in CI, keeping shards independent so a test never depends on a sibling t…
Git LFS in CIFetch Git LFS objects correctly in GitHub Actions with the lfs: true checkout input, and control bandwidth so…
Rate limits by token typeUnderstand GitHub API rate limits for GITHUB_TOKEN, user PATs, and GitHub App installation tokens, and pick t…
Handle GPU OOMKeep GPU jobs within memory in GitHub Actions by bounding batch size, clearing the cache between tests, and a…
Handle large binariesKeep large binaries out of the git working tree in CI with a blob size filter, Git LFS, or an external store,…
Broker token secretsStore the Pact Broker token as a GitHub Actions secret, expose it only to the steps that publish or verify, a…
Path separators on WindowsWrite portable paths across Windows and Linux runners in GitHub Actions by using forward slashes, the runner…
Handle schedule delaysDeal with GitHub Actions delaying cron runs under load by avoiding the top of the hour and treating the sched…
bash vs pwsh shellsPin a consistent shell across a cross-platform GitHub Actions matrix by setting shell: bash, or use pwsh wher…
Higher-priority cancelUnderstand the GitHub Actions "Canceling since a higher priority waiting request exists" message: it means a…
Handle no baseFall back to a full build in CI when change detection has no base ref (a new branch, first commit, or shallow…
No files were foundControl the GitHub Actions "No files were found" artifact warning with the if-no-files-found input of actions…
Ryuk resource reaperUnderstand the Ryuk resource reaper that cleans up Testcontainers after a run, and the tradeoff of setting TE…
Idempotent webhook deliveryMake webhook processing safe under retries by deduplicating on the delivery id, so a redelivered event is pro…
Windows path and CRLFAvoid the two classic Windows CI failures: backslash path separators and CRLF line endings, by configuring co…
Harden the runnerAdd network egress control and tamper detection to a GitHub Actions job with step-security/harden-runner, blo…
Harden against escapeReduce container escape risk on self-hosted GitHub Actions runners by running rootless, dropping capabilities…
Harden runnersRestrict what a GitHub Actions runner can reach at the network level with step-security/harden-runner, blocki…
Harden the runner hostHarden the OS behind a self-hosted GitHub Actions runner with regular patching, a non-root service account, a…
Hold and unhold mergesImplement /hold and /unhold merge gating in GitHub Actions by toggling a hold label and a status check, so a…
Re-run CI from a commentAdd /retest and /rerun-failed slash commands in GitHub Actions that re-run all or only the failed jobs of a w…
Promote to prod commandImplement a /promote command in GitHub Actions that promotes a staged release to production, gated on a maint…
Add a /rebase commandAdd a /rebase slash command in GitHub Actions that rebases a pull request branch onto its base using the cirr…
Prow-style /lgtm /approveImplement Prow-style commands such as /lgtm and /approve in GitHub Actions, mapping each to a label and a req…
Import a signing certificateImport a base64 p12 signing certificate into a temporary keychain on a GitHub Actions macOS runner with secur…
Import coverage to SonarQubeFeed an existing coverage report into SonarQube from CI by pointing the language-specific coverage property a…
import resourcesBring resources created outside Terraform under management in CI using import blocks with terraform plan -gen…
Import coverage to SonarFeed test coverage into SonarQube by generating an lcov, cobertura, or JaCoCo report and pointing the matchin…
Increase tool verbosityGet more detail from a failing command in GitHub Actions by adding the tool verbose flag, such as npm --logle…
Increment the build numberAuto-increment the iOS build number and Android versionCode in CI using the run number or fastlane, so each u…
Inherit all caller secretsForward every caller secret to a reusable GitHub Actions workflow at once with secrets: inherit, avoiding a l…
SDK init in test envInitialize a feature flag SDK once in CI test setup and wait for it to be ready, so tests do not race the SDK…
Env vars at build timeInject environment variables into a static site at build time using the framework prefix (VITE_, NEXT_PUBLIC_…
Inject Doppler secretsPull secrets from Doppler into a GitHub Actions job using the Doppler CLI and a service token, downloading th…
Inspect github.eventRead the raw webhook payload that triggered a GitHub Actions run by dumping github.event or the GITHUB_EVENT_…
Install a pinned kubectlInstall a specific kubectl version in GitHub Actions with azure/setup-kubectl so CI uses a client within one…
Install profile and p12Install an iOS provisioning profile and p12 certificate in CI from base64 secrets, importing into a temporary…
Install a tool with ChocolateyInstall Windows tooling on a windows-latest runner in GitHub Actions with Chocolatey using choco install, whi…
Install a tool with HomebrewInstall a CLI tool on a GitHub Actions macOS runner with brew install, pinning auto-update off so the step st…
Install with winget or ScoopInstall Windows packages on a windows-latest runner in GitHub Actions using winget or Scoop as an alternative…
Install from shared lockfileInstall a monorepo from its single root lockfile in GitHub Actions with a frozen install, so CI fails on lock…
Install the Windows SDKInstall a specific Windows SDK on a windows-latest runner in GitHub Actions with Chocolatey or the Visual Stu…
Instrument CI with OpenTelemetryEmit OpenTelemetry traces for a GitHub Actions workflow run so each job and step becomes a span, using the ru…
Invalidate a cacheInvalidate a GitHub Actions cache by bumping a version prefix in the key, since cache entries are immutable a…
Invalidate CloudFrontCreate a CloudFront invalidation from GitHub Actions after a deploy with aws cloudfront create-invalidation,…
Isolate a DB per workerGive each parallel test worker its own database or schema so concurrent tests do not clobber shared rows, usi…
Isolate runners per jobRun each self-hosted GitHub Actions job in its own fresh VM or container with no shared state, so a compromis…
Central CI configReduce config drift across repos by combining a reusable workflow for logic, a shared actions repo for steps,…
Immutable audit logsShip GitHub Actions audit logs to write-once storage such as S3 Object Lock so the record cannot be altered o…
See every platformStop one failing OS from cancelling the rest of a cross-platform GitHub Actions matrix by setting strategy.fa…
Full training vs CI costDecide what training runs in GitHub Actions versus an external trainer, keeping smoke tests in CI and dispatc…
Update pinned ActionsKeep action SHAs and versions current with a github-actions ecosystem entry in dependabot.yml, so pinned uses…
Keep tokens out of logsPrevent a GitHub App token or PAT from leaking into GitHub Actions logs by relying on automatic masking, usin…
Incremental sbtPreserve sbt Zinc incremental compilation across CI runs by caching the target directory and Coursier cache,…
Patch runner imagesRebuild self-hosted GitHub Actions runner images on a regular cadence so ephemeral runners always boot from a…
Update pinned actionsConfigure Dependabot to bump SHA-pinned GitHub Actions automatically, so pinning by commit SHA does not leave…
Keep the merge queue fastReduce merge queue latency with dependency caching, test impact analysis, and right-sized batching so pull re…
Label PRs by sizeAdd a size label to pull requests in GitHub Actions based on lines changed, so reviewers can triage small ver…
Compose -f overridesCombine a base docker-compose.yml with a CI-specific override using multiple -f flags so CI can change ports,…
Bypass required reviewsAllow a workflow to merge past required pull request reviews by adding a GitHub App to the branch protection…
Concurrency on one jobApply concurrency to one job instead of the whole workflow in GitHub Actions, so only the deploy job serializ…
Limit artifact retentionSet short retention on GitHub Actions artifacts so build outputs do not sit in storage for the default 90 day…
Cap with max-parallelCap how many GitHub Actions matrix legs run at once with strategy.max-parallel, throttling a wide fan-out to…
Rate limits and concurrencyCap how many update PRs Renovate opens at once with prConcurrentLimit and prHourlyLimit, keeping CI load and…
Link tickets to deploysCross-reference Jira or ServiceNow change tickets with GitHub Actions deploys, validating a ticket id in CI s…
Spectral OpenAPI lintLint an OpenAPI or AsyncAPI document in GitHub Actions with Spectral, enforcing style and correctness rules s…
ruff and mypy in CIRun ruff and mypy in CI over pipeline Python so lint errors and type mistakes in transformation and DAG code…
Hadolint DockerfilesLint Dockerfiles in GitHub Actions with hadolint so unpinned base images and bad layer practices fail CI befo…
Lint missing alt textCatch images without alt text in GitHub Actions using eslint-plugin-jsx-a11y in JSX, or an axe image-alt scan…
Lint MarkdownLint Markdown files in GitHub Actions with markdownlint-cli2, enforcing consistent heading, list, and formatt…
Lint only changed filesLint just the files a PR changed in GitHub Actions by collecting the diff with tj-actions/changed-files and p…
Lint changed filesLint only the files changed in a pull request in CI by passing the diff file list to ESLint, so linting time…
Lint scripts with ShellCheckCatch shell script bugs in GitHub Actions with ShellCheck, which is preinstalled on Ubuntu runners, failing t…
Lint SQL with sqlfluffLint and enforce SQL style in CI with sqlfluff, using a dialect and templater config so dbt models and raw SQ…
Lint SQL with SQLFluffRun SQLFluff in GitHub Actions to lint SQL and migration files for style and correctness, failing the build o…
yamllintLint YAML files in GitHub Actions with yamllint so indentation and syntax mistakes fail CI before they break…
List changed filesGet the exact list of files changed in a push or pull request with tj-actions/changed-files, then loop over t…
Load image to testBuild a Docker image with Buildx and load it into the local daemon in CI with load:true, so a later step can…
Load AWS Secrets ManagerPull secrets from AWS Secrets Manager into GitHub Actions env vars with aws-actions/aws-secretsmanager-get-se…
Load Azure Key VaultRead secrets from Azure Key Vault in GitHub Actions by logging in with azure/login via OIDC, then using azure…
Hugging Face datasets in CIDownload Hugging Face datasets and models in GitHub Actions with an auth token from secrets and a cached HF_H…
Load 1Password secretsInject secrets from 1Password into GitHub Actions with the official load-secrets-action and a service account…
Load test a preview URLPoint a CI load test at a staging or preview deployment by passing the URL as an environment variable to k6,…
Lock stale conversationsAutomatically lock closed issues and pull requests after a period of inactivity with dessant/lock-threads, cu…
Experiment tracking in CILog CI training runs to Weights and Biases or MLflow from GitHub Actions with an API key secret, tagging each…
Log in to ECRAuthenticate to Amazon Elastic Container Registry from GitHub Actions with aws-actions/amazon-ecr-login, usin…
Log in to ACRAuthenticate to Azure Container Registry from GitHub Actions using azure/login with OIDC and docker/login-act…
Log in to Docker HubAuthenticate to Docker Hub from GitHub Actions with docker/login-action using a Docker Hub username and an ac…
Log in to GHCRAuthenticate to GitHub Container Registry (ghcr.io) from a GitHub Actions workflow with docker/login-action a…
Log in to GARAuthenticate to Google Artifact Registry from GitHub Actions with Workload Identity Federation and gcloud aut…
Incident and rollback loggingRecord rollbacks and incident-linked deploys in GitHub Actions with deployment status updates and structured…
Reusable workflow libraryCentralize CI logic in a versioned library of reusable workflows called via workflow_call, so every team shar…
Gate as required checkRegister a quality-gate job as a required status check under GitHub branch protection so pull requests cannot…
Fail the job on errorEnsure a failing GitHub Actions script fails the job by exiting non-zero, since GitHub only marks a run step…
Backward-compatible schemaKeep schema changes backward compatible so the currently running app version keeps working during a rolling d…
Require coverage to mergeBlock merges on coverage in CI by adding the Codecov status context to branch protection required checks, so…
Reproducible ML runsMake GitHub Actions ML runs reproducible by pinning CUDA and torch versions, seeding every RNG, and enabling…
Renovate across reposRun Renovate against many repositories from one place with a shared preset, so dependency update pull request…
Manage CI disk spaceFree disk space in GitHub Actions when a large repository fills the runner, using df to inspect, docker prune…
Flag config as codeKeep feature flag definitions in a version-controlled file and sync them from CI so flag changes go through r…
Feature flags for long workMerge unfinished feature work to main behind a feature flag instead of a long-lived branch, keeping integrati…
Manage signing secretsManage mobile signing secrets safely in CI by base64-encoding keys into repo or environment secrets, decoding…
Multi-cluster Argo CDDeploy one app to many clusters from a single Argo CD instance with an ApplicationSet and a cluster generator…
Manage dist-tagsControl which monorepo package version resolves to latest, next, or beta by publishing under a dist-tag and m…
Preview environment secretsScope non-production secrets to preview deploys in GitHub Actions with a dedicated Environment, keeping produ…
Stacked pull requestsBreak a large change into a stack of dependent branches and pull requests so each one is small, reviewable, a…
Manage flag lifecycleTrack a feature flag through its lifecycle from creation to rollout to removal, so temporary flags do not lin…
ubuntu-latest migration riskProtect your pipeline from silent breakage when GitHub promotes a new ubuntu-latest image, using pinned image…
Trigger with inputsAdd a manual Run workflow button in GitHub Actions with workflow_dispatch and typed inputs, then read the val…
GitFlow CI mappingMap CI jobs to GitFlow branches (feature, develop, release, hotfix, main) so each branch type triggers the ri…
Mark a test flaky with trackingMark a test as flaky in CI with a skip that carries a tracking issue reason, so a temporarily disabled test i…
Required action inputsMark a custom action input as required in action.yml and validate it at runtime, since the runner does not ha…
Mask a custom valueMask a value computed at runtime in GitHub Actions logs with the add-mask workflow command so a derived token…
Mask a custom valueRedact a value computed at runtime from GitHub Actions logs with the add-mask workflow command, so dynamic to…
Mask a value in logsHide a value computed at runtime from GitHub Actions logs with the add-mask workflow command, so a minted tok…
Mask a value in logsHide a computed value from GitHub Actions logs with the add-mask workflow command, so dynamic tokens never ap…
Mask dynamic regionsHide timestamps, ads, and avatars from visual comparisons with Playwright toHaveScreenshot mask, so genuinely…
String match functionsUse the GitHub Actions expression functions contains, startsWith, and endsWith to match substrings, prefixes,…
Matrix OS and versionCombine an os dimension with a language version dimension in a GitHub Actions matrix so every OS is tested ag…
Matrix CUDA and torchTest a model across multiple torch and CUDA builds in GitHub Actions with a strategy.matrix that selects the…
Deploy to many regionsDeploy to several regions in parallel from GitHub Actions with a strategy.matrix over region values, keeping…
Measure FP rateTrack a secret scanner false positive rate by labeling triaged findings as real or noise, then computing the…
Measure queue timeMeasure how long GitHub Actions jobs wait before starting, because long queue times slow delivery and, on sel…
Measure cold-start latencyMeasure the cold-start latency of a serverless function or container in GitHub Actions by forcing a fresh ins…
Measure Core Web VitalsCapture lab Core Web Vitals (LCP, CLS, TBT) in GitHub Actions by running Lighthouse against a built site and…
Measure cost per pipelineEstimate the cost of a pipeline run by multiplying billable minutes per runner type by the per-minute rate, r…
Measure cost savingsQuantify the minutes and money incremental CI saves by comparing skipped jobs against a full run, so you can…
Measure DORA metricsCompute the four DORA metrics (deployment frequency, lead time, change failure rate, MTTR) from deploy events…
Measure minutes usageRead your GitHub Actions minutes usage from the billing settings page and the billing REST API, so you know e…
Measure adoptionTrack platform adoption by counting how many repos call the golden-path workflow and pass scorecards, so the…
Measure CI carbonEstimate the energy and carbon footprint of a GitHub Actions job with Eco-CI, so you can see which pipelines…
Measure flag impactMeasure the effect of a feature by emitting the flag variation with your metrics and analyzing outcomes per v…
Docker requirement in CITestcontainers needs a working Docker daemon; GitHub-hosted Linux runners already provide one, so verify it w…
Merge sharded coverageCollect per-shard coverage artifacts in GitHub Actions and merge them into one report in a dependent job so a…
Merge multiple artifactsCombine several GitHub Actions artifacts into one using actions/upload-artifact/merge@v4, useful after a matr…
Jenkins to ActionsTranslate a declarative Jenkins pipeline to GitHub Actions, mapping stages to jobs, agents to runners, and th…
Migrate deploy stagePort a deploy stage from another CI to a gated GitHub Actions deploy job using needs, an if branch guard, and…
Docker build/pushPort a Docker build and registry push from another CI system to GitHub Actions using docker/login-action, set…
Shared lib to reusableReplace a Jenkins shared library with a GitHub Actions reusable workflow (workflow_call) or a composite actio…
Manual approval gateReplace a manual approval step from GitLab, Jenkins, or Azure with a GitHub Actions protected environment tha…
Migrate branch databasesTest migrations against a throwaway branch database in CI (Neon, PlanetScale) so each pull request migrates a…
Migrate cache configTranslate cache keys and paths from Travis, CircleCI, GitLab, or Bitbucket into GitHub Actions using actions/…
Incremental migrationCut over from another CI to GitHub Actions safely by running both pipelines in parallel, comparing results, a…
Migrate servicesPort database and cache sidecars from GitLab, CircleCI, or Bitbucket to GitHub Actions service containers wit…
Azure to ActionsConvert an azure-pipelines.yml to GitHub Actions, mapping stages and jobs, pool to runs-on, tasks to actions,…
Bitbucket to ActionsConvert a bitbucket-pipelines.yml to GitHub Actions, mapping pipelines and steps to jobs, image to container,…
CircleCI to ActionsMove a .circleci/config.yml to GitHub Actions, mapping orbs to actions, workflows to jobs with needs, and exe…
Drone to ActionsConvert a .drone.yml to GitHub Actions, mapping pipeline steps to jobs, image plus commands to run, when cond…
GitLab CI to ActionsConvert a .gitlab-ci.yml to GitHub Actions, mapping stages to jobs with needs, script to run, artifacts to up…
Travis CI to ActionsConvert a .travis.yml to a GitHub Actions workflow, mapping language, script, matrix, cache, and deploy stage…
Migrate to self-hostedMove GitHub Actions jobs from hosted to self-hosted runners by changing runs-on labels, then reconciling pre-…
GitLab cache/artifactsTranslate GitLab CI cache keys and artifacts paths into GitHub Actions using actions/cache and upload-artifac…
Jenkins creds to secretsMove Jenkins credentials and the withCredentials block to GitHub Actions repository or environment secrets re…
Reusable patternsReplace GitLab templates, CircleCI orbs, and YAML anchors with GitHub Actions reusable workflows and composit…
Migrate cron buildsMove scheduled or nightly builds from Jenkins triggers, GitLab schedules, or Travis cron to GitHub Actions on…
Migrate secretsMove CI secrets from Travis, GitLab, CircleCI, or Jenkins into GitHub Actions repository, environment, and or…
Agents to runnersMove Jenkins agents or GitLab runners to GitHub Actions self-hosted runners, mapping labels and tags to runne…
Migrate test reportsPort JUnit test reporting from GitLab or Jenkins to GitHub Actions by uploading JUnit XML and surfacing resul…
Use a GitHub App tokenReplace a personal access token in GitHub Actions with a short-lived GitHub App installation token from actio…
Mint a temp DB passwordGenerate a short-lived database credential inside a GitHub Actions job with HashiCorp Vault dynamic database…
Mirror across registriesPush the same Docker image to GHCR and Docker Hub from one GitHub Actions release job by logging into both an…
Mirror repo to remoteMirror a GitHub repository to another remote on every push in GitHub Actions, doing a full-history checkout a…
Mock and replay webhooksMock and replay webhooks in tests by saving a real delivery payload and its headers to a fixture, then feedin…
Mock external APIsStub third-party APIs during API tests in GitHub Actions with WireMock, Prism, MSW, or nock, so tests stay de…
Mock external servicesReplace flaky third-party APIs in GitHub Actions tests with a WireMock service container, so tests hit a dete…
Mock flags in testsReplace the flag backend with an in-memory provider in CI tests so each test forces exact flag values without…
Model environmentsCreate named environments in the Pact Broker such as test, staging, and production so record-deployment and c…
Monitor runner queue timeMonitor queue time on self-hosted GitHub Actions runners by measuring the gap between a job being queued and…
Monitor runner healthMonitor self-hosted GitHub Actions runner health by watching online status via the REST API and alerting on d…
Monitor runner utilizationTrack self-hosted runner utilization and queue wait with ARC listener metrics or the runners API, so you can…
Monitor for anomaliesDetect compromised GitHub Actions jobs by monitoring self-hosted runners for unexpected outbound connections,…
Run heavy jobs nightlyRun expensive suites like full end-to-end or fuzzing on a nightly schedule instead of every push, cutting red…
Dynamic group by inputBuild a GitHub Actions concurrency group name from a workflow_dispatch input so manual runs targeting the sam…
Dynamic artifact nameGive each matrix leg a unique GitHub Actions artifact name by interpolating matrix values into the name input…
Negate a conditionNegate a GitHub Actions if with the ! operator, and quote the whole expression so YAML does not misread a lea…
Nest reusable workflowsChain reusable GitHub Actions workflows that call other reusable workflows, staying within the four-level nes…
Container networksPut multiple Testcontainers on a shared Network and give them aliases so one container reaches another by nam…
Networking test runnerConnect a CI test runner to Compose services correctly by choosing service-name networking inside the stack o…
Notarize a macOS appSign and notarize a macOS app on a GitHub Actions runner with codesign, xcrun notarytool submit --wait, and x…
Notify a Teams channelSend a GitHub Actions build notification to a Microsoft Teams channel by posting an Adaptive Card to an incom…
Notify on sync statusSend a Slack message when an Argo CD app finishes syncing using Argo CD Notifications triggers and templates,…
Self-service deployLet teams deploy on demand while keeping guardrails by using a protected environment with required reviewers,…
Self-service environmentsLet teams spin up their own preview or staging environment from CI by parameterizing a deploy job on a namesp…
Crossplane claimsLet teams claim infrastructure through Kubernetes with Crossplane, so a developer applies a claim manifest an…
Cross-repo dependency PRsUse a GitHub App installation token to open dependency update pull requests across several repos from one wor…
Order jobs by graphOrder monorepo CI jobs so dependencies build before dependents in GitHub Actions, using needs to encode the p…
Overwrite an artifactReplace an artifact of the same name within a run using the overwrite input of actions/upload-artifact@v4, wo…
Tauri packagingBuild Tauri bundles for macOS, Windows, and Linux in a GitHub Actions matrix using tauri-apps/tauri-action, i…
Electron packagingBuild Electron installers for macOS, Windows, and Linux in one GitHub Actions matrix using electron-builder,…
Parallelize by packageFan out one job per package in a large repository using a dynamic matrix built from the changed packages, so…
Parallelize wiselySplit a slow CI suite across shards to finish faster, weighing the honest tradeoff that more parallel machine…
Parallelize CypressRun Cypress specs across multiple CI machines with cypress run --parallel and --record, letting Cypress Cloud…
Parallelize the pipelineRun lint, test, and build as separate jobs that start at the same time in GitHub Actions, so the slowest job…
Matrix per packageRun each monorepo package in its own parallel GitHub Actions job with a matrix dimension listing package name…
Split tests by fileSplit a suite across CI jobs by dividing the list of test files, using a shard index to pick a deterministic…
Parallel tests by schemaRun test shards in parallel against one Postgres service in GitHub Actions by giving each worker its own sche…
Parameterize the loadParameterize virtual users and duration in CI by reading them from environment variables, so one script runs…
Parse command argsParse slash command arguments in GitHub Actions from a comment body when you are not using a dispatch action,…
Build output to deployHand a compiled build to a separate deploy job in GitHub Actions by uploading it as an artifact and downloadi…
Pass a JSON inputSend structured data into a reusable GitHub Actions workflow by encoding it as a JSON string input, then pars…
Output a multiline valueWrite a multiline value to GITHUB_OUTPUT in GitHub Actions using a heredoc delimiter, so newlines survive ins…
Docker --secret in buildFeed a secret into a Docker image build in GitHub Actions using BuildKit secret mounts via docker/build-push-…
Pass env between stepsCarry a value computed in one GitHub Actions step into later steps by appending name=value to the GITHUB_ENV…
Pass artifacts between jobsHand files from one GitHub Actions job to another with actions/upload-artifact and download-artifact across a…
Artifacts to deploy workflowHand a build artifact from one GitHub Actions workflow to a separate deploy workflow by downloading it via th…
Build args vs secretsUse build-args for non-sensitive build values and BuildKit secrets for tokens in GitHub Actions, so credentia…
Pass data between jobsPass values between GitHub Actions jobs using job outputs and the needs context, wiring a step output up to a…
Env and secrets to ComposeFeed CI secrets into docker compose safely using the shell environment and env_file, and mount real secrets w…
Pass inputs to an actionParameterize a composite GitHub Actions action by declaring inputs in action.yml and reading them through the…
Pass inputs to a workflowSend typed values into a reusable GitHub Actions workflow by declaring workflow_call.inputs and supplying the…
Dispatch inputsSend a client_payload with a repository_dispatch event in GitHub Actions and read its structured fields insid…
Pass matrix to reusableForward GitHub Actions matrix values into a reusable workflow through the with block, mapping each matrix key…
Secrets and env for E2ESupply API keys, test logins, and base URLs to E2E tests in GitHub Actions through repo secrets and env, keep…
Secrets in a Docker actionPass a secret into a Docker container action by forwarding it as an env var from the workflow step, then read…
Pass secrets to a workflowForward named secrets into a reusable GitHub Actions workflow by declaring workflow_call.secrets and mapping…
Pass secrets safelyPass a GitHub Actions secret into a script through the step env instead of the command line, so the value sta…
pass variablesSupply Terraform input variables in CI through TF_VAR_ environment variables, -var-file, and secrets, keeping…
Auth-protect a previewKeep preview environments private by adding HTTP basic auth via an ingress annotation deployed from GitHub Ac…
Runner for Docker buildsChoose a runner for Docker builds by matching architecture to your image, ensuring enough disk and privileges…
Pin base image by digestMake Docker builds reproducible in CI by pinning the FROM base image to an immutable sha256 digest instead of…
Pin by tag or SHAVersion a reusable GitHub Actions workflow by pinning the caller @ref to a tag, branch, or full commit SHA, t…
Pin actions to a SHAPin third-party GitHub Actions to a full commit SHA so each run resolves a fixed, audited version, removing t…
Pin actions to a SHADefend against supply-chain tampering in GitHub Actions by pinning third-party actions to a full 40-character…
Pin an action to a SHAHarden a GitHub Actions workflow by pinning third-party actions to a full commit SHA instead of a mutable tag…
lock and cache providersPin provider versions with required_providers and a committed .terraform.lock.hcl, then cache the plugin dire…
Pin actions by SHAProtect self-hosted runners from supply-chain attacks by pinning third-party GitHub Actions to a full commit…
Pin actions by SHAPin third-party GitHub Actions to a full commit SHA instead of a mutable tag so a compromised or retagged rel…
Image pinningPin Testcontainers images to a specific tag or digest so CI runs stay reproducible, and configure asCompatibl…
Pin the Xcode versionPin the Xcode version on a macOS runner in CI with xcode-select or maxim-lobanov/setup-xcode, so image update…
Poll /healthz until 200Poll a health check endpoint after deploy in GitHub Actions, retrying curl until it returns 200 or a timeout…
Benchmark comment on PRsRun benchmarks in GitHub Actions and post the results as a sticky comment on the pull request, so reviewers s…
Post a bundle size deltaReport how a pull request changes the JavaScript bundle size in GitHub Actions using the preactjs compressed-…
Coverage report PR commentAdd a coverage summary comment to each pull request in GitHub Actions using a Jest coverage report and the je…
Post a benchmark deltaCompare benchmark results against the base branch in GitHub Actions and post the delta as a pull request comm…
Slack on failureSend a Slack notification when a GitHub Actions workflow fails by adding a step guarded with if failure() tha…
Post a Slack notificationPost a Slack notification from GitHub Actions with the official slackapi action or an incoming webhook, inclu…
Post external statusSend build and deploy status from GitHub Actions to an external dashboard via an authenticated HTTP POST so n…
post plan to a PRRender a Terraform plan into a collapsible pull request comment in GitHub Actions with actions/github-script,…
PR comment with diffSurface visual test results on the pull request by posting a comment with a link to the diff report using act…
Post results backPost the result of a chat-triggered command back to the pull request or Slack in GitHub Actions, so the reque…
Test results as check runPublish JUnit test results as a GitHub check run from GitHub Actions so failures show up annotated on the pul…
Comment the preview URLComment a deployed preview URL on the pull request from GitHub Actions with actions/github-script, updating a…
Serialize deploysSerialize GitHub Actions deploys to one environment with a concurrency group and cancel-in-progress false, so…
One migrator at a timeStop two CI runners applying migrations at once with a Postgres advisory lock, so only one migrator holds the…
Avoid duplicate deploysUse a per-PR concurrency group in GitHub Actions so rapid pushes cancel the in-progress preview deploy instea…
Prevent duplicate runsStop overlapping GitHub Actions runs for the same ref with a concurrency group, so a new run replaces the que…
Prevent duplicate version publishStop CI from failing on a duplicate publish by checking whether the version already exists first, or using a…
Prevent script injectionStop script injection in GitHub Actions run steps by passing untrusted context values through env vars instea…
Stop script injectionStop GitHub Actions script injection by never interpolating untrusted github context directly into a run bloc…
Prevent secret exfiltrationStop a compromised GitHub Actions job from stealing secrets by scoping which workflows get them, masking dyna…
Prevent fork PR leaksStop GitHub Actions from exposing secrets to fork pull requests by keeping untrusted code on the pull_request…
Dump a context with toJSONDump an entire GitHub Actions context (github, env, job, steps, runner) to the log with toJSON so you can see…
Reproducible buildsMake CI builds reproducible in GitHub Actions with pinned toolchains and SOURCE_DATE_EPOCH, then verify by re…
Profile a slow buildFind where build time goes in GitHub Actions by enabling your bundler profiler, such as esbuild metafile or w…
Profile a slow workflowFind the slowest part of a GitHub Actions run by reading per-step durations in the timing graph and adding a…
Promote dev to prodPromote a single GitHub Actions build artifact through dev, staging, and production with chained jobs that sh…
Promote build by branchPromote the same tested artifact from staging to production by merging between environment branches, avoiding…
Promote prerelease to stableGraduate a next or beta line to a stable release by exiting Changesets prerelease mode, versioning, and movin…
Promote to stableFlip a GitHub pre-release to a stable release in GitHub Actions with gh release edit --prerelease=false and -…
Promote env by PRPromote a release from staging to production in GitOps by opening a pull request that copies the image tag in…
Promote by digestPromote a container image from staging to production by its immutable digest in GitHub Actions with crane or…
Propagate a version bumpWhen a shared library releases a new version, open update pull requests in every consuming repo automatically…
Dependency confusionDefend CI builds against dependency confusion by scoping internal packages and pinning the registry, so a pub…
Protect registration tokensKeep GitHub Actions runner registration tokens short-lived and out of source control by minting them at provi…
MySQL fixture in CISpin up a throwaway MySQL for CI tests with docker compose, gate the suite on a mysqladmin ping healthcheck,…
Postgres fixture in CIStand up a disposable Postgres for CI tests with docker compose, seed it via an init script, and gate the tes…
Redis fixture in CIRun a disposable Redis for CI with docker compose, gate tests on a redis-cli ping healthcheck, and connect th…
Team-scoped runnersGive teams dedicated capacity by grouping self-hosted runners into runner groups scoped to specific repos, so…
Provision with modulesGive teams self-service infrastructure with reusable Terraform modules they call from CI, so a standard datab…
Prune removed resources on applyDelete resources removed from your manifests during a GitHub Actions deploy with kubectl apply --prune and a…
Publish to MarketplaceRelease a composite GitHub Actions action to the Marketplace by placing action.yml at the repo root, tagging…
Publish to the MarketplacePublish a custom action to the GitHub Marketplace by adding a name, description, and branding to action.yml,…
Tag image by releaseBuild and push a Docker image tagged with the release version in GitHub Actions using docker/metadata-action…
Push to Docker HubBuild and push a Docker image to Docker Hub from GitHub Actions with docker/login-action and build-push-actio…
Publish a Docker image to GHCRBuild and push a multi-tag Docker image to the GitHub Container Registry from GitHub Actions using docker/bui…
Publish an Action to MarketplacePublish a GitHub Action to the Marketplace by tagging a release with a valid action.yml, then optionally movi…
Publish GitHub PagesBuild a static site and deploy it to GitHub Pages with the official Pages actions, uploading the build direct…
Publish a Go modulePublish a Go module by pushing a semantic version tag from CI, which the Go module proxy indexes on first req…
Publish Gradle to GitHub PackagesPublish a Gradle artifact to GitHub Packages from CI using the maven-publish plugin, a maven.pkg.github.com r…
Publish a Helm chartPublish a Helm chart from CI either as an OCI artifact with helm push to a registry, or as a chart repository…
Publish Helm chartPackage and push a Helm chart to an OCI registry like GHCR from GitHub Actions, logging in with the built-in…
Publish a Lambda layerBuild and publish a new AWS Lambda layer version from GitHub Actions with aws lambda publish-layer-version, t…
Publish a Lighthouse reportRun Lighthouse CI in GitHub Actions and upload the generated HTML and JSON performance report as an artifact…
Publish Maven to GitHub PackagesPublish a Maven artifact to GitHub Packages from CI by adding a distributionManagement repository and a serve…
Publish to Maven CentralPublish a Maven artifact to Maven Central from CI by GPG-signing the artifacts and deploying through the Sona…
Publish to a registryPush a trained model to the Hugging Face Hub or an MLflow registry from GitHub Actions using a token secret,…
Publish a monorepoPublish only the changed packages in a monorepo from CI with changesets, lerna, or nx release, versioning and…
Publish NuGet to GitHub PackagesPublish a NuGet package to GitHub Packages from CI by adding a source pointing at nuget.pkg.github.com and pu…
Prerelease and canary buildsShip prerelease or canary versions of monorepo packages from a branch with changeset pre enter, or snapshot r…
Publish to PyPI via OIDCPublish a Python package to PyPI from GitHub Actions without an API token using Trusted Publishing (OIDC) and…
Publish to PyPIPublish a Python package to PyPI from GitHub Actions using trusted publishing (OIDC) and pypa/gh-action-pypi-…
Publish to PyPI with twinePublish a Python package to PyPI from CI by building sdist and wheel with python -m build, then uploading wit…
TestPyPI firstPublish a Python package to TestPyPI from GitHub Actions before the real index so you validate the upload and…
Publish a Ruby gemPublish a Ruby gem to RubyGems from CI by building the gem and running gem push, authenticating with a RubyGe…
Publish a Rust cratePublish a Rust crate to crates.io from CI with cargo publish, authenticating using a CARGO_REGISTRY_TOKEN sec…
Publish a VS Code extensionPublish a VS Code extension from CI with vsce publish, authenticating using an Azure DevOps personal access t…
Publish to marketplacePrepare a custom GitHub Action for the Marketplace with required action.yml metadata, branding, and a tagged…
Release a Marketplace actionCut a Marketplace-ready release for a GitHub Action by tagging a version and moving the floating major tag in…
JUnit API reportEmit a JUnit XML report from any API test runner in GitHub Actions and publish it, so passed and failed reque…
Publish an internal packageShare code across repositories by publishing an internal npm package to GitHub Packages on release, so other…
Publish an npm packagePublish an npm package from CI with npm publish and an NPM_TOKEN automation token, setting registry auth in .…
Publish an npm packagePublish an npm package from GitHub Actions on a release - set up the registry with the auth token, run npm pu…
Publish npm to GitHub PackagesPublish a scoped npm package to GitHub Packages from CI by pointing the registry at npm.pkg.github.com and au…
npm to GitHub PackagesPublish a scoped npm package to GitHub Packages from GitHub Actions by configuring the registry in setup-node…
Publish npm with provenancePublish an npm package with provenance by adding --provenance and id-token: write permission, letting the OID…
Publish npm with provenancePublish an npm package with build provenance from GitHub Actions by setting id-token write and running npm pu…
Upload coverage to CodecovGenerate a coverage report in GitHub Actions and upload it to Codecov with codecov/codecov-action, using a re…
Publish dbt artifactsGenerate dbt docs and upload manifest.json and catalog.json from CI so slim CI and lineage tools have a fresh…
Publish TechDocsPublish per-service docs alongside the code with TechDocs, building Markdown from an mkdocs.yml in CI so docu…
Publish docs on releaseBuild and deploy documentation to GitHub Pages when a release is published in GitHub Actions, using the relea…
Publish JUnit as a checkTurn JUnit XML test output into a GitHub check with pass/fail counts and inline annotations using the dorny t…
Topological publish orderPublish packages in dependency-first (topological) order so a dependent never lands on the registry before th…
npm provenance with OIDCPublish monorepo packages with a signed provenance attestation by running publish from GitHub Actions with id…
npm provenancePublish npm packages with a verifiable provenance statement from GitHub Actions using npm publish --provenanc…
One summary from many shardsTurn many sharded JUnit files into a single pass/fail summary in the CI job summary, so reviewers see one res…
Publish only on tag or releaseGate a publish job to run only on a Git tag or GitHub release event, so packages never ship from an in-progre…
Publish only changed packagesPublish just the packages whose version increased by letting the tool compare local package.json versions aga…
Publish starter workflowsOffer teams ready-made CI starter workflows in the org .github repo under workflow-templates, so new repos ge…
Publish pactsPublish generated pact files to a Pact Broker or PactFlow from CI with the pact-broker CLI, tagging each cont…
Per-platform artifactsUpload one artifact per OS from a GitHub Actions matrix by suffixing the artifact name with matrix.os, then d…
Publish pnpm workspacesPublish selected pnpm workspace packages with pnpm publish -r and --filter, letting pnpm skip already-publish…
Publish to ChromaticBuild and publish Storybook to Chromatic from GitHub Actions for visual regression review on every pull reque…
Surface results as a checkTurn a JUnit XML test report into a GitHub Actions check run with dorny/test-reporter, so failures appear inl…
Publish to GitHub PackagesPublish an npm package to GitHub Packages from GitHub Actions using setup-node with a scoped registry and the…
Publish npm with provenancePublish a package to npm when a GitHub Release is published, attaching signed provenance with npm publish --p…
Publish to PyPI via OIDCPublish to PyPI from CI without a stored token using trusted publishing, where PyPI verifies the workflow OID…
Publish to TestPyPI firstPublish to TestPyPI first to rehearse a release, pointing twine or gh-action-pypi-publish at the test index b…
Publish Yarn workspacesPublish Yarn Berry workspace packages with yarn workspaces foreach and yarn npm publish, or apply version bum…
Pull a private base imageAuthenticate to a private registry before a Docker build in CI so a FROM line referencing a private base imag…
Pull DVC-tracked dataFetch DVC-tracked datasets and models in GitHub Actions with dvc pull against a remote, authenticated by a se…
Pull Vault secretsFetch secrets from HashiCorp Vault in a GitHub Actions job using hashicorp/vault-action, mapping KV v2 paths…
Purge the CDN after deployPurge the CDN cache after a static site deploy so the edge stops serving the old build, using CloudFront inva…
Push to Artifact RegistryBuild and push a Docker image to Google Artifact Registry from GitHub Actions, configuring Docker auth with g…
Push to Amazon ECRAuthenticate to Amazon ECR in CI with the amazon-ecr-login action, then build and push a Docker image to your…
Push to Docker HubLog in to Docker Hub in CI with a scoped access token and push a built image, avoiding anonymous pull rate li…
Push multi-arch imageBuild a multi-architecture image (amd64 and arm64) in GitHub Actions with QEMU, Buildx, and the platforms opt…
Multi-arch image to ECRBuild and push a multi-arch (amd64 + arm64) Docker image to Amazon ECR in GitHub Actions using OIDC to authen…
Push SBOMGenerate a software bill of materials in GitHub Actions and attach it to a container image in an OCI registry…
Digest push + manifest listBuild each architecture in a separate CI job, push it by digest, then merge the digests into one multi-arch m…
Push to a protected branchLet a workflow commit to a protected branch by minting a GitHub App token and adding the App to the branch pr…
Keyless push to ECRBuild and push a container image to Amazon ECR from GitHub Actions using OIDC for AWS auth and amazon-ecr-log…
GHCR / Packages tokenAuthenticate to the GitHub Container Registry and GitHub Packages from CI using a GitHub App installation tok…
Keyless push to GHCRPush container images to GitHub Container Registry from Actions using the built-in GITHUB_TOKEN and packages:…
Quarantine a flaky testQuarantine a flaky test in CI by tagging it and excluding it from the blocking suite while a separate non-blo…
Quarantine a flaky testIsolate a known-flaky test in GitHub Actions by tagging it and running the quarantined set as a non-blocking…
Queue deploys, no cancelPrevent concurrent deploys to an environment in GitHub Actions by using a concurrency group with cancel-in-pr…
Non-overlapping releasesQueue GitHub Actions release jobs so two publishes never overlap by sharing one concurrency group across tag…
Ratchet coverage upwardPrevent coverage from slipping in CI by using a ratchet, where the gate compares against the current level so…
Ratchet from a baselinePrevent quality regressions on a legacy codebase by baselining current issues and failing CI only when new vi…
Rate limit a webhook endpointProtect a webhook handler from bursts and abuse by rate limiting after signature verification, returning 429…
Rate limit chat commandsRate limit chat-triggered commands in GitHub Actions with a concurrency group so a flood of /deploy comments…
Rate-limit an APIUse a GitHub Actions concurrency group to serialize jobs that call a rate-limited external API, so only one r…
Re-run with debug loggingRe-run a GitHub Actions run with debug logging enabled directly from the web UI using the Enable debug loggin…
Re-run only failed jobsRe-run just the failed jobs of a GitHub Actions run instead of the whole workflow, from the web UI or with gh…
React to a command commentAcknowledge a slash command in GitHub Actions by adding an emoji reaction to the comment with the reactions A…
Ephemeral portsTestcontainers maps each exposed container port to a random free host port; read it with getMappedPort and ge…
Read GCP Secret ManagerFetch secrets from Google Cloud Secret Manager in GitHub Actions with google-github-actions/get-secretmanager…
Gate on a PR labelRun a GitHub Actions job or step only when a pull request carries a given label by checking github.event.pull…
Pull from Secrets ManagerPull runtime secrets from AWS Secrets Manager in GitHub Actions with OIDC and the official action, exporting…
Compatibility matrixUnderstand the Pact Broker matrix that maps every consumer version against every provider version, which is t…
Get the changed filesCompute the files changed in a push or pull request inside a GitHub Actions step with a git diff against the…
Read webhook payloadsRead a webhook payload correctly by routing on the event header first, then accessing the action and object f…
Rebase Dependabot PRsKeep Dependabot PRs up to date with the base branch using rebase-strategy and the @dependabot rebase command,…
Receive GitHub App webhooksReceive webhooks for a GitHub App by setting a webhook URL and secret in the App settings, verifying the sign…
Record deployment in brokerRecord a verified deployment in the Pact Broker from GitHub Actions after post-deploy checks pass, so can-i-d…
Record deploymentsTell the Pact Broker which version is live in each environment using record-deployment and record-release, so…
Reduce artifact sizeShrink GitHub Actions artifacts from a large repository by scoping upload paths, excluding junk, compressing,…
Shallow checkoutSpeed up checkout in a large repository by setting fetch-depth on actions/checkout so the runner pulls only t…
Fewer jobs, less overheadCut GitHub Actions cost by merging tiny jobs, since every job pays fixed runner startup and checkout overhead…
Cut minutes with cachingCut billed GitHub Actions minutes by caching dependency installs and build output with actions/cache, so unch…
Trim artifact storageLower GitHub Actions storage cost by shortening artifact retention and keeping caches under the per-repo limi…
Cut CI data egressCut the data CI moves across networks by co-locating caches and registries, shallow-cloning, and pruning down…
Shrink with multi-stageCut Docker image size with a multi-stage build that compiles in a builder stage and copies only the runtime a…
Reduce npm ci timeSpeed up npm ci in GitHub Actions by combining the built-in setup-node cache with prefer-offline and skipping…
Read a reusable outputSurface a value from a called reusable workflow in GitHub Actions by declaring on.workflow_call.outputs and r…
Use the vars contextRead configuration variables in GitHub Actions through the vars context, which exposes organization, reposito…
Reference matrix valuesRead strategy.matrix values inside a GitHub Actions step through the matrix context, using them in run comman…
Tune the OS matrixDrop unsupported OS and version pairs with exclude and add targeted combinations with include, keeping a cros…
Register a self-hosted runnerRegister a self-hosted GitHub Actions runner by downloading the actions/runner package, running config.sh wit…
Register in the catalogAdd a catalog-info.yaml so a service appears in the Backstage software catalog with its owner, lifecycle, and…
Use JIT registrationRegister ephemeral self-hosted GitHub Actions runners with just-in-time (JIT) config tokens from the API, so…
Rein in cron costKeep cron-triggered GitHub Actions workflows from quietly burning minutes by right-sizing their frequency and…
Relay webhooks to localhostRelay production webhooks to a handler on localhost during development using smee.io, ngrok, or cloudflared,…
Lerna version and publishBump and publish workspace packages with lerna version and lerna publish, choosing conventional commits and i…
Changesets release flowRun the full Changesets flow in CI for a monorepo: contributors add changesets, a version job consumes them t…
Turborepo with ChangesetsCombine Turborepo build orchestration with Changesets versioning: turbo run build to produce artifacts, then…
semantic-release monorepoRun semantic-release per package in a monorepo with multi-semantic-release so each package version, tag, and…
Cargo, Go, Maven workspacesRelease multi-package non-JavaScript monorepos in CI: cargo-release or cargo workspaces for Rust, per-module…
nx release version and publishVersion, changelog, and publish monorepo packages with nx release in one command, or split the steps with nx…
Remove a flag safelyRetire a fully rolled-out feature flag safely by confirming it is 100% on, deleting the dead branch in code,…
Remove a combo with excludeDrop specific combinations from a GitHub Actions matrix with strategy.matrix.exclude, pruning pairs the cross…
Rename via four stepsRename a column with zero downtime using add, backfill, switch, and drop across several releases, since an in…
Render a job summary tableWrite a Markdown table to the run summary page in GitHub Actions by appending to the GITHUB_STEP_SUMMARY file…
Render manifests in CIRender Helm or Kustomize output to plain YAML in CI and commit the result to a rendered branch, so GitOps app…
Stop polling loopsReplace busy sleep-and-poll loops in CI with health-check waits and webhooks so a job stops burning idle CPU…
Report CI efficiencyTurn CI usage and energy estimates into a recurring report to the team, so machine-hours, cost, and carbon tr…
Reproduce a workflow with actRun a GitHub Actions workflow on your own machine with nektos/act to reproduce CI failures fast, using Docker…
Require a PR title formatAdd a required check that validates a pull request title against the Conventional Commits format, so squash-m…
Require a deployment firstGate a pull request on a successful deployment to a preview environment by exposing the deploy as a required…
Require linear historyEnforce a linear commit history on a protected branch so only squash or rebase merges are allowed, keeping th…
Require a linked issueFail a pull request that does not reference an issue by scanning the PR body for a closing keyword with actio…
Approve flag changesGate risky feature flag changes behind review and approval by routing them through pull requests and protecte…
Require up-to-date branchesForce a pull request branch to include the latest base commits before merge with the up-to-date branch protec…
Require code owner reviewsAdd a CODEOWNERS file and enable code owner review in branch protection so changes to a path require approval…
Lint PR titles (conventional)Enforce a Conventional Commits format on pull request titles with amannn/action-semantic-pull-request, failin…
Require approval before deployRequire manual approval before a GitHub Actions deploy with environment protection rules and required reviewe…
Require manual approvalGate a GitHub Actions deploy behind human sign-off using a protected environment with required reviewers, pau…
Protected branches and required checksMake specific CI checks required on a protected branch so a pull request cannot merge until those exact jobs…
Require pull request reviewsRequire a minimum number of approving reviews before merge with a GitHub branch protection rule, and combine…
Require signed commitsEnforce signed commits through branch protection and verify signatures in CI, so only commits with a trusted…
Require signed commitsRequire signed commits with a GitHub ruleset and verify signatures in CI, so every change in the audit trail…
Require signed commitsTurn on required signed commits in GitHub branch protection so only verified, signed commits can land on the…
Require signed commitsEnforce verified commit signatures before merge by enabling the require signed commits branch rule, and verif…
Require status checksRequire passing status checks before merging by adding them to a branch protection rule, and understand why a…
Require tests with sourceEnforce that any pull request touching source also updates tests using dorny/paths-filter to detect changed g…
Rerun only failed testsRerun only the failed tests in CI with pytest --lf, jest onlyFailures, or Go by name, so a second attempt con…
Resolve branch-behind blocksFix a pull request blocked because its branch is behind the base while up-to-date branches are required, by u…
Incident responseFollow a rotate-first incident response when a secret scan finds a real credential: revoke and reissue the ke…
Restart a deploymentTrigger a rolling restart of a Kubernetes Deployment from GitHub Actions with kubectl rollout restart, useful…
Gate a deploy with approvalsRequire human approval before a Kubernetes production deploy in GitHub Actions by targeting a protected envir…
Filter trigger branchesLimit when a GitHub Actions workflow runs with an on.push.branches filter, including glob patterns and branch…
Restrict env to branchesRestrict a GitHub Actions environment to specific branches with deployment branch rules, so only main or rele…
Least-privilege GITHUB_TOKENLock down the automatic GITHUB_TOKEN in GitHub Actions with a top-level permissions block, defaulting to read…
Scope GITHUB_TOKENLock down the automatic GITHUB_TOKEN in GitHub Actions by setting a default of contents read and granting wri…
Restrict with runner groupsUse GitHub Actions runner groups to control which repositories and workflows can schedule jobs on your self-h…
Restrict network egressLock down outbound network traffic from a GitHub Actions runner using step-security/harden-runner in block mo…
Restrict allowed workflowsLimit a self-hosted GitHub Actions runner group to specific approved workflow files, so only vetted pipelines…
Restrict who can run commandsRestrict who can run chat-triggered CI commands in GitHub Actions by checking the commenter repository permis…
Restrict workflow_dispatchLimit who can manually run a GitHub Actions workflow_dispatch by checking the actor permission level with the…
Retain logs for auditSet GitHub Actions log and artifact retention to match audit requirements and archive exports to long-term st…
Retry a failed Cypress testRetry a failing Cypress test in CI with the retries config, setting runMode retries higher than openMode so f…
Retry a failed Go testRetry a failing Go test in CI with go test -count to force reruns and -run to target one test, since Go has n…
Retry a failed Jest testRetry a failing Jest test in CI with jest.retryTimes so a transient failure gets another attempt, while you s…
Retry a failed JUnit testRetry a failing JUnit test in CI with a JUnit 4 RetryRule or Surefire rerunFailingTestsCount, re-running only…
Retry a failed Playwright testRetry a failing Playwright test in CI with the retries option, capping retries in CI only and using the trace…
Retry a failed pytest testRetry a failing pytest test in CI with pytest-rerunfailures using --reruns and --reruns-delay, or a flaky mar…
Retry a failed RSpec exampleRetry a failing RSpec example in CI with the rspec-retry gem, configuring retry count globally and tagging in…
Retry a failing stepRetry a flaky step in GitHub Actions with a retry action or a bash loop with backoff, so transient network an…
Retry a flaky scriptAutomatically re-run a flaky script in GitHub Actions with nick-fields/retry, retrying the command with backo…
Auto-retry flaky stepAutomatically retry a flaky step in GitHub Actions with nick-fields/retry, setting attempt limits and timeout…
Retry a flaky stepAutomatically retry a flaky step in GitHub Actions with nick-fields/retry, re-running a command on failure wi…
Retry flaky E2E testsReduce flaky E2E failures in GitHub Actions by enabling framework-level retries in Playwright or Cypress so a…
Retry with backoffRetry flaky network steps in GitHub Actions with an exponential backoff so transient failures like registry t…
Retry infra errors onlyRetry only on infrastructure errors in CI by matching transient error types, so network and timeout failures…
Retry failed matrix legsRe-run only the failed legs of a GitHub Actions matrix using fail-fast false and a per-step retry action, so…
Return action outputsExpose a value from a composite GitHub Actions action by declaring outputs in action.yml and mapping them to…
Return workflow outputsExpose values from a reusable GitHub Actions workflow with workflow_call.outputs, mapping a job output up so…
Reuse a build artifactBuild once and reuse the output across jobs in GitHub Actions by uploading it as an artifact and downloading…
Reuse a service containerAvoid pulling and starting a database per test step by declaring it once under services, so a single Postgres…
Reuse a workflowBuild a reusable GitHub Actions workflow with on.workflow_call, declaring inputs and secrets, then call it fr…
Reuse containersEnable testcontainers.reuse.enable and withReuse(true) to keep a container alive between runs for faster loca…
Reuse login with storageStateLog in once in a Playwright setup project and reuse the saved storageState across E2E tests in GitHub Actions…
Security hotspots gateRequire all new security hotspots to be reviewed before merge with a SonarQube quality-gate condition on secu…
Right-size cost & timeRight-size CI runners per job so each uses just enough vCPU, memory, and disk, cutting wasted spend on oversi…
Right-size runnersPick the smallest runner that meets a job deadline instead of defaulting to a large one, cutting the idle CPU…
Roll back a releaseRoll back a bad release in GitHub Actions by deleting the release and tag with the gh CLI, or by re-pointing…
Roll back on failureAutomatically undo a bad Kubernetes deploy in GitHub Actions by running kubectl rollout undo in an if: failur…
Roll back a deploymentRoll back a bad deploy from GitHub Actions with a workflow_dispatch input that redeploys a previous version o…
Roll back a deploymentRoll back a deployment from CI/CD with kubectl rollout undo or helm rollback, reverting to the previous healt…
Roll back a GitOps deployRoll back a GitOps deployment by reverting the offending commit in the config repo, so the controller syncs t…
Roll back on health checkAutomatically roll back a deploy in GitHub Actions when a post-deploy health check fails, using an if failure…
Org-wide scanningApply secret scanning consistently across an organization with a reusable workflow and org defaults, so every…
Rotate a leaked credentialAutomate credential rotation in GitHub Actions by minting a new secret at the provider and writing it back as…
Rotate a key on scheduleAutomate credential rotation in GitHub Actions with a scheduled workflow that mints a new key from the provid…
Rotate environment secretsRotate a GitHub Actions environment secret automatically with the gh CLI and a scheduled workflow, replacing…
Rotate tokens and keysRotate the credentials CI depends on, from PATs to GitHub App private keys, on a schedule and after any suspe…
Rotate registration tokensAutomate runner registration by generating short-lived registration tokens from the API at launch time, so a…
Rotate runner tokensRotate self-hosted GitHub Actions runner registration tokens by minting short-lived tokens from the REST API…
Right-size each jobRight-size GitHub Actions runners per job so lint and formatting checks run on the smallest runner while only…
Route jobs with labelsUse custom runner labels and array runs-on to route jobs to the right self-hosted fleet, sending heavy or GPU…
Run a .bat or cmd stepRun legacy batch scripts on a windows-latest runner in GitHub Actions using shell: cmd, calling a .bat or .cm…
Blue-green deploymentRun a blue-green deployment from CI/CD by standing up a second identical environment, health-checking it, the…
Matrix across OSRun a GitHub Actions build across Linux, macOS, and Windows with strategy.matrix on runs-on, including includ…
Bundle-size checkGate pull requests on bundle size in GitHub Actions with size-limit so a PR that bloats the JavaScript payloa…
Canary with Argo RolloutsDrive a progressive canary from GitHub Actions using Argo Rollouts by updating the Rollout image with the plu…
Canary on AWS (CodeDeploy, Lambda)Run a canary on AWS from CI/CD using CodeDeploy canary deployment configs for ECS and weighted Lambda alias r…
Canary traffic shiftRun a canary release from CI/CD by sending a small percentage of traffic to the new version, watching health…
Canary + manual promoteDeploy a canary, then gate the full rollout behind a manual approval in GitHub Actions using a protected envi…
Canary with Argo RolloutsRun an automated canary with Argo Rollouts from CI/CD using setWeight steps and an AnalysisTemplate that quer…
Canary with FlaggerAutomate a canary with Flagger and a service mesh from CI/CD, defining a Canary resource whose metric checks…
Run a Cloud SQL migrationRun database migrations against Cloud SQL from GitHub Actions using the Cloud SQL Auth Proxy and Workload Ide…
Containerized smoke gateRun a smoke suite inside the deploy image itself in GitHub Actions before promoting, so the test exercises th…
Dependency auditRun npm audit in GitHub Actions and fail the build on high-severity vulnerabilities so a known CVE in a depen…
Pod per jobGive every CI job its own container or Kubernetes pod so state never leaks between jobs, using ARC container…
Hotfix branch and cherry-pickBranch a hotfix from main or a release tag, ship it fast through CI, then cherry-pick the fix back to develop…
Run after another workflowTrigger a GitHub Actions workflow after another workflow finishes using workflow_run, gating on the upstream…
Job in custom containerRun a whole GitHub Actions job inside a custom Docker container with the container key, pulling a private ima…
Run a job in a containerRun a GitHub Actions job inside a Docker container with the container: key - custom image, credentials for pr…
Weekday scheduleUse a cron expression in GitHub Actions on: schedule to run a job Monday through Friday only, skipping weeken…
Scheduled job with timezoneSchedule a GitHub Actions job with cron and handle timezones correctly, since schedule cron is always UTC, by…
Run on self-hosted labelTarget a self-hosted runner by label in GitHub Actions using a runs-on array, so a job lands only on runners…
Self-hosted GPU runnerRoute a GitHub Actions job to a self-hosted runner that has an NVIDIA GPU by labeling the runner and selectin…
Matrix Python versionsTest against several Python versions in GitHub Actions using a matrix and actions/setup-python so each interp…
Run a job on a conditionGate an entire GitHub Actions job with a job-level if so every step is skipped when the condition is false, u…
Run a job only on mainRestrict a GitHub Actions job to the main branch with an if condition on github.ref, so deploys and releases…
Default-branch-only jobRestrict a GitHub Actions job to the default branch so steps like publishing or deploys never run from a feat…
Run on label addedTrigger a GitHub Actions job only when a specific label is added to a pull request by listening on the labele…
On release publishedTrigger a GitHub Actions job when a release is published so packaging, publishing, or notifications fire exac…
Elevated permissions safelyScope elevated GITHUB_TOKEN permissions to a single job in GitHub Actions so write access is granted narrowly…
Run a k6 load testRun a k6 load test in GitHub Actions with grafana/setup-k6-action, defining thresholds in the script so the j…
License checkScan dependency licenses in GitHub Actions with license-checker and fail the build when a disallowed license…
Lighthouse a11y auditRun a Lighthouse accessibility audit in GitHub Actions with the Lighthouse CI action, collecting the accessib…
Long job with heartbeatKeep a long-running GitHub Actions job alive and observable with a background heartbeat that prints progress,…
Manual approval gateAdd a manual approval gate before a sensitive job in GitHub Actions using a protected environment with requir…
Manual rollbackBuild a workflow_dispatch rollback workflow in GitHub Actions that takes a target version input and redeploys…
Matrix across versionsTest one job against several Node versions in parallel in GitHub Actions with a single-dimension strategy.mat…
Matrix across OSesRun the same GitHub Actions job on Ubuntu, macOS, and Windows at once by driving runs-on from an os dimension…
Matrix across DB versionsTest against several Postgres versions at once in GitHub Actions by driving the service image tag from a stra…
matrix of stacksPlan and apply many Terraform stacks or modules in parallel from one workflow using a GitHub Actions matrix o…
Matrix per eventVary a GitHub Actions matrix by event, running a small matrix on pull requests and the full one on push to ma…
Run a memory leak checkDetect a growing heap in GitHub Actions by running a Node script under --expose-gc that takes heap snapshots…
Monorepo path filtersBuild only the changed packages in a monorepo with GitHub Actions by detecting changed paths with dorny/paths…
Run a multi-line scriptWrite a multi-line inline script in a GitHub Actions run step with a YAML block scalar, so several shell comm…
Clean up stale branchesDelete merged or long-idle branches on a nightly GitHub Actions schedule using the gh CLI, keeping the branch…
Nightly dep updateSchedule a nightly GitHub Actions job that bumps dependencies, runs tests, and opens a pull request with the…
Run nightly testsRun a long or full test suite on a nightly schedule in GitHub Actions with on.schedule and cron, keeping slow…
Run a Node script stepRun a Node.js script in GitHub Actions with actions/setup-node, installing dependencies with npm ci, then inv…
Broker in Docker vs hostedCompare running the open-source Pact Broker as a Docker service container in CI against using hosted PactFlow…
Perf regression testRun a benchmark in GitHub Actions and fail when performance regresses past a threshold so a slow change is ca…
Post-deploy perf smoke testRun a quick performance smoke test against a freshly deployed URL in GitHub Actions, failing the deploy job w…
Postgres container in CIStart a throwaway PostgreSQL container with Testcontainers in CI, reading the mapped JDBC URL, username, and…
Run a service containerRun a Postgres (or Redis) service container in GitHub Actions with services:, health checks, and port mapping…
Run a PowerShell script stepRun inline PowerShell or a .ps1 file on a windows-latest runner in GitHub Actions using shell: pwsh, passing…
Run pre-commit checksEnforce the same pre-commit hooks in GitHub Actions that developers run locally by installing pre-commit and…
Prettier checkRun `prettier --check` in GitHub Actions to fail CI when files are not formatted, so style stays consistent w…
Preview with feature flagsWire per-PR feature flag context into a preview environment from GitHub Actions so reviewers see the exact fl…
Run a Python script stepRun a Python script in GitHub Actions by setting up Python with actions/setup-python, installing dependencies…
Release trainRun a release train that cuts a release branch on a fixed cadence, so features that miss the cut simply ride…
Reusable workflow across reposCall a reusable workflow that lives in another repository from GitHub Actions, referencing it by owner/repo/p…
Reusable + matrixCall a reusable workflow once per matrix combination in GitHub Actions by putting the strategy matrix on the…
Ring-based deploymentRun a ring-based deployment from CI/CD, rolling a new version through internal, early-adopter, and general ri…
Run a scheduled canary checkProbe a production endpoint on a recurring GitHub Actions schedule with curl and open an issue on failure, gi…
Scheduled cleanupRun a periodic cleanup job in GitHub Actions with a cron schedule trigger, for example pruning old artifacts…
Run a scheduled backupBack up a database or bucket on a nightly GitHub Actions cron, dumping the data and uploading it to object st…
Run on weekdays onlyLimit a GitHub Actions cron schedule to Monday through Friday using the day-of-week field, so business-hours…
Run a scheduled link checkerCatch broken links in docs on a weekly GitHub Actions schedule with lycheeverse/lychee-action, since external…
Run a scheduled security scanAudit dependencies and code on a recurring GitHub Actions schedule with npm audit or Trivy, catching newly di…
Close stale issues on a scheduleMark and close inactive issues and pull requests on a daily GitHub Actions schedule with actions/stale, confi…
Screen-reader smoke testDrive a real screen reader in GitHub Actions with guidepup and @guidepup/playwright, asserting on the spoken…
Run a script in a containerRun a GitHub Actions script inside a Docker container with the job container key, so it executes against a pi…
Run only on one OSRun a GitHub Actions script on just one operating system in a matrix build with a step-level if on runner.os,…
Choose an interpreterRun a GitHub Actions script under a specific interpreter with the step shell key, choosing bash, sh, pwsh, py…
Secrets scanScan pull requests for leaked credentials in GitHub Actions with gitleaks so an accidentally committed key fa…
Run a security scanRun a SAST and dependency security scan in GitHub Actions with CodeQL and a dependency audit, uploading SARIF…
Run a runner as a serviceInstall a self-hosted GitHub Actions runner as a systemd service with the bundled svc.sh script so it starts…
Self-hosted shields serverRun a self-hosted shields.io badge server with the official Docker image for private repos or rate-limit cont…
Run a script from the repoRun a committed shell script in GitHub Actions by checking out the repo, making the file executable, and invo…
Smoke test after deployRun a post-deploy smoke test in GitHub Actions that hits critical endpoints and fails the job on a non-2xx re…
Smoke test after deployRun a post-deploy smoke test in GitHub Actions as a job that needs the deploy, polling a health endpoint and…
Smoke test then promoteRun a smoke test after deploying to a staging slot from CI/CD, then promote to production only if the critica…
Post-deploy prod smoke testRun a smoke test against production right after a deploy in GitHub Actions in a dependent job, so a bad relea…
Container smoke testBuild an image, run it in GitHub Actions, and curl a health endpoint so a broken container fails CI before it…
SonarCloud scan + gateRun a SonarCloud analysis in GitHub Actions with the official scan action and block the job on the quality ga…
SpellcheckRun a spellcheck over docs and code comments in GitHub Actions with codespell so typos fail CI before they re…
Step on file changeDetect which files changed in a push or PR with a paths-filter action in GitHub Actions, then run a step only…
Run a job in a containerRun an entire GitHub Actions job inside a Docker container with the container key, so every step executes in…
Run step for a labelRun a GitHub Actions step only when a pull request carries a given label by testing contains on the labels ar…
Run a step on a conditionGuard a single GitHub Actions step with a step-level if expression so it runs only when the condition evaluat…
Run step if secret setSkip a GitHub Actions step when a secret is missing by copying the secret into an env var first, then testing…
Run a step on failureRun a cleanup or diagnostic step in GitHub Actions only when an earlier step failed by combining the failure(…
Run a step on PRs onlyLimit a GitHub Actions step to pull request runs by checking github.event_name, so PR-only checks like previe…
Run a step on main onlyRestrict a GitHub Actions step to the main branch by checking github.ref against refs/heads/main, so branch-s…
Run a step on a tagRun a GitHub Actions step only for tag pushes by testing startsWith(github.ref, refs/tags/), ideal for releas…
success/failure/alwaysControl when a GitHub Actions step runs using the status functions success(), failure(), always(), and cancel…
Trigger a synthetic checkTrigger a synthetic monitoring check from GitHub Actions right after deploy and gate on its result, so an ext…
Run a test database sidecarSpin up Postgres as a GitHub Actions service container with a health check and port mapping, so your tests co…
Run a Trivy scanScan a container image or filesystem for vulnerabilities in GitHub Actions with Aqua Trivy, failing the build…
Typecheck jobAdd a dedicated TypeScript typecheck job to GitHub Actions with `tsc --noEmit` so type errors fail CI separat…
Run WebPageTest in CIRun a WebPageTest from GitHub Actions with the webpagetest CLI and an API key, then read first byte, Speed In…
Call another workflowCall one GitHub Actions workflow from another with workflow_call, passing inputs and reusing a shared pipelin…
Fork PRs run safelyRun CI on fork pull requests without leaking secrets in GitHub Actions by splitting untrusted build from priv…
Run on a cron scheduleTrigger a GitHub Actions workflow on a recurring timetable with on.schedule and a five-field POSIX cron expre…
Run fork PRs safelyRun GitHub Actions on fork pull requests without leaking secrets by splitting untrusted build from a privileg…
Comment commandsBuild a slash-command bot in GitHub Actions that triggers on issue_comment, parses a command like /deploy, an…
Run only for file typesTrigger a GitHub Actions workflow only when files of a given type change using path filters with globs, so do…
Run on changed pathsRun GitHub Actions only when certain files change using paths and paths-ignore filters, plus path-based job f…
Run only on tagsTrigger a GitHub Actions workflow only when a Git tag is pushed using on.push.tags, ideal for release pipelin…
Access reviews for secretsPerform periodic access reviews of GitHub Actions secrets and their consumers using the gh CLI, so stale or o…
Run accessibility testsRun automated accessibility checks in GitHub Actions with axe-core against a built site or running app so WCA…
Alembic / Rails in CIRun Alembic (Python) and Active Record (Rails) migrations in CI with upgrade and db:migrate, including how ea…
Run Alembic migrationsApply SQLAlchemy Alembic migrations in GitHub Actions with alembic upgrade head against the CI database befor…
A/B test with flagsSplit traffic between a control and a variant with a feature flag and log the assigned variation, so an A/B t…
A/B testing deployRun an A/B testing deployment from CI/CD by routing cohorts to two live versions on a header or cookie match,…
k6 load smokeRun a short k6 load smoke against an API in GitHub Actions, setting a p95 latency and error-rate threshold so…
Run an ephemeral runnerConfigure a self-hosted GitHub Actions runner with the --ephemeral flag so it runs exactly one job, then dere…
Run Expo EAS BuildTrigger an Expo EAS Build from CI with eas build --non-interactive, authenticating with an EXPO_TOKEN so buil…
Internal action registryGive teams a trusted source of internal actions and modules by keeping them in an org registry and allowing o…
Run a Collector in CIRun an OpenTelemetry Collector as a service container in a GitHub Actions job so pipeline steps can send OTLP…
RDS migration via LambdaRun a database migration against RDS in a VPC from GitHub Actions by invoking a migration Lambda with aws lam…
Run schema migrationsApply and verify analytics schema migrations in CI with Alembic or Flyway against a throwaway database, catch…
Run Android emulator testsRun Android instrumented tests on an emulator in CI with reactivecircus/android-emulator-runner, booting an A…
Test a preview deployRun API tests against a per-PR preview deployment in GitHub Actions by reading the preview URL into the base…
Run Artillery in CIRun an Artillery test in CI with artillery run and an ensure block so p95 latency and error-rate SLOs fail th…
Run Artillery load testsRun an Artillery load test in GitHub Actions and fail the build on a breached SLO using ensure thresholds on…
Atlas / Prisma in CIRun Atlas and Prisma migrations in CI with atlas migrate apply and prisma migrate deploy, the declarative and…
Automated compliance checksRun automated compliance checks in GitHub Actions with tfsec for Terraform and a CIS benchmark scan, failing…
Run axe-core in CIRun automated accessibility checks in GitHub Actions with @axe-core/cli, scanning a served URL for WCAG viola…
black + isortCheck Python formatting in GitHub Actions with black and isort in check mode so unformatted code or unsorted…
Chrome + Firefox testsRun Playwright browser tests across Chromium and Firefox in GitHub Actions with a matrix so cross-browser reg…
Run headless Chrome testsRun browser-based unit tests in GitHub Actions using headless Chrome with Karma or a similar runner, since th…
Run Bruno collectionsRun a Bruno API collection in GitHub Actions with the Bruno CLI, selecting an environment and emitting a JUni…
Chromatic for StorybookPublish Storybook to Chromatic from CI with the chromatic CLI and --project-token, capturing a snapshot per s…
Pick greener regionsPlace self-hosted CI runners and deploys in cloud regions with a cleaner electricity grid, so the same comput…
Run CI on spotRun self-hosted CI runners on spare cloud capacity (spot or preemptible instances) to cut cost and use otherw…
Spot and preemptible runnersRun self-hosted CI runners on spot or preemptible instances to cut cost, and handle the interruption notice b…
Codacy analysisRun the Codacy Analysis CLI in GitHub Actions to scan for issues and upload SARIF results, using a project AP…
Codegen once, shareGenerate code once in a GitHub Actions job and hand the output to downstream package jobs with upload-artifac…
Run CodeQLSet up CodeQL static analysis in GitHub Actions with the github/codeql-action steps to find security bugs and…
Compose on self-hostedRun docker compose on self-hosted CI runners reliably by cleaning stale state between jobs, pinning the Compo…
Pact contract testsRun Pact consumer and provider contract tests in GitHub Actions, publishing pacts to a broker and verifying t…
Container structure testsValidate a built image in GitHub Actions with container-structure-test, asserting files, commands, and metada…
Run Pact contract testsRun Pact consumer contract tests in GitHub Actions and publish the resulting pacts to a Pact Broker, so provi…
Verify provider contractsRun Pact provider contract verification against a deployed service in GitHub Actions, confirming the release…
Run Cypress e2e testsRun Cypress end-to-end tests in GitHub Actions with cypress-io/github-action, starting your app server, waiti…
Cypress parallel with CloudRecord and parallelize Cypress runs across GitHub Actions machines using Cypress Cloud with the record and pa…
Run Cypress in CIRun Cypress end-to-end tests on GitHub Actions with the official cypress-io/github-action, which installs, ca…
Dagster CI checksValidate a Dagster code location in CI by loading definitions with dagster definitions validate and running a…
Data-driven testsRun the same API test over many input rows in GitHub Actions with pytest parametrize or a Newman CSV data fil…
Migrate vs service DBRun database migrations against a Postgres service container in GitHub Actions, waiting on a health check bef…
Run migrations as a JobRun schema migrations as a one-shot Kubernetes Job in GitHub Actions before rolling out new app pods, waiting…
Migrations before deployRun database migrations as a gating job before the deploy in GitHub Actions, so the new schema is in place fi…
Migrations before testsApply Flyway or Liquibase migrations against a Testcontainers database before tests run, or use init scripts,…
Run migrations before testsApply schema migrations against the CI database in a step that runs before your test command, so the test sui…
Run database migrationsRun database migrations in GitHub Actions as a gated deploy step - connect with a secret DATABASE_URL, run th…
Run migrations on deployRun database migrations as a dedicated deploy step in CI/CD, deciding whether to migrate before or after the…
Run migrations on deployRun database migrations as a gated step before a deploy in GitHub Actions, applying schema changes with a mig…
Run dbt build on PRsRun dbt build on every pull request in GitHub Actions so models compile, run, and pass their tests against a…
Fork vs internal PRBranch your GitHub Actions logic on whether a pull request comes from a fork so internal PRs get secret-using…
Per-OS steps in a matrixRun OS-specific steps inside a GitHub Actions matrix by gating each on runner.os or matrix.os, so Windows and…
Distributed k6 operatorRun distributed k6 load across multiple runners with the k6 Operator on Kubernetes, splitting virtual users o…
Wait for healthy servicesStart a Compose stack in CI with docker compose up -d and block until every service is healthy using the --wa…
Parallel dotnet testsRun .NET tests in parallel with xUnit collection parallelism and split assemblies across CI jobs with dotnet…
E2E against deployed previewRun end-to-end tests against a live per-PR preview deployment in GitHub Actions, gating the test job on the d…
Test against a preview URLPoint Playwright or Cypress at a deployed preview URL in GitHub Actions instead of a local server, passing th…
E2E against the previewRun Playwright end-to-end and smoke tests against a deployed preview URL in GitHub Actions, waiting for the e…
Real devices in the cloudRun E2E tests against real browsers and devices in GitHub Actions using BrowserStack or Sauce Labs, tunneling…
Playwright e2e tracesRun Playwright end-to-end tests in GitHub Actions and upload traces and reports as artifacts on failure so yo…
Run e2e after deployRun Playwright end-to-end tests against a freshly deployed staging URL in GitHub Actions, verifying real user…
Cross-repo E2E testsRun integration tests that touch services owned by separate repositories by checking out each service into on…
Use ephemeral runnersConfigure self-hosted GitHub Actions runners as ephemeral with the --ephemeral flag so each runner processes…
One job per runnerConfigure a self-hosted GitHub Actions runner as ephemeral with the --ephemeral flag so it runs exactly one j…
ESLint PR annotationsRun ESLint in GitHub Actions and surface violations as inline PR annotations so reviewers see each problem on…
Gate e2e to mainKeep PRs fast in GitHub Actions by running the full end-to-end suite only on the default branch and a smoke s…
Run fastlane lanesRun fastlane beta and release lanes in CI by installing fastlane via Bundler and invoking bundle exec fastlan…
Flyway / Liquibase in CIRun Flyway and Liquibase migrations in a CI/CD pipeline with their migrate and status commands, the standard…
Run Flyway migrationsApply Flyway SQL migrations against the CI database in GitHub Actions with the official Flyway Docker image,…
Run Gatling in CIRun a Gatling simulation in CI with the Maven or Gradle plugin, using assertions in the simulation so a faile…
Dispatch with gh CLIRun gh workflow run from a chat command handler to start a workflow_dispatch in GitHub Actions, passing typed…
Parallel Go testsParallelize Go tests with t.Parallel() inside tests and go test -p to control how many packages compile and r…
gofmt + goimportsVerify Go formatting in GitHub Actions with gofmt and goimports so unformatted or unsorted-import Go code fai…
Run GPU/large jobsRun GPU or memory-heavy GitHub Actions jobs on self-hosted runners by labeling GPU machines and targeting the…
Great Expectations gateAdd a Great Expectations checkpoint to CI so a pull request fails when data does not meet its expectation sui…
Lint with hadolintLint a Dockerfile in CI with hadolint to catch unpinned versions, missing flags, and bad practices, failing t…
Run headed via xvfbRun headed browser tests on a headless GitHub Actions runner by wrapping the command in xvfb-run, which provi…
Run Hurl testsRun plain-text Hurl files in GitHub Actions to send HTTP requests and assert on status, headers, and JSON bod…
Integration tests with a DBWire a GitHub Actions service container, migrations, and seed data together so your integration suite runs ag…
Integration tests on ComposeBoot a real backend with docker compose in CI, wait for it to be healthy, run your integration suite against…
Integration tests with ComposeSpin up a multi-container stack with Docker Compose in CI, wait for health, run integration tests against it,…
Integration tests via ComposeStand up a multi-service stack with Docker Compose in GitHub Actions, wait for it to be healthy, run integrat…
docker-compose testsStand up a full service stack with docker-compose in GitHub Actions and run integration tests against it so r…
Run iOS simulator testsRun iOS unit and UI tests on a simulator in CI with xcodebuild test, targeting a named device and OS via the…
Run iOS tests on a simulatorRun XCTest/XCUITest on a GitHub Actions macOS runner with xcodebuild test and a -destination that targets an…
Run jest-axe in CIAdd component-level accessibility assertions in GitHub Actions with jest-axe, running axe against rendered ma…
Run JMeter non-GUIRun Apache JMeter in CI with the -n non-GUI flag, generating a JTL results file, then evaluate thresholds wit…
Run jobs in parallelRun independent GitHub Actions jobs in parallel by simply not declaring needs, so lint, test, and build all s…
Use self-hosted runnersRun GitHub Actions jobs on a self-hosted runner pool by targeting runner labels in runs-on, with group routin…
Jobs per changed pathRun individual GitHub Actions jobs only when their area changed by feeding paths-filter outputs into a job-le…
Run k6 cloud from CITrigger a Grafana Cloud k6 test from CI with k6 cloud run, authenticating with an API token secret so large d…
Run k6 in CIRun a k6 load test in CI with the grafana/setup-k6-action, letting the script thresholds decide pass or fail…
Run k6 load testsRun a k6 load test in GitHub Actions and fail the build when latency or error-rate thresholds are breached, u…
Kafka, Mongo, ES in CIUse Testcontainers modules to start Kafka, MongoDB, and Elasticsearch in CI, reading each container bootstrap…
kubeconform manifestsValidate Kubernetes manifests against the API schemas in GitHub Actions with kubeconform so invalid YAML is r…
Lighthouse CI budgetsRun Lighthouse CI against a built site in GitHub Actions and fail the build when performance, accessibility,…
Lint and test in parallelRun lint and tests as separate parallel jobs in GitHub Actions so both start at once and fail independently,…
Run Liquibase migrationsApply Liquibase changelog migrations in GitHub Actions using the official liquibase Docker image, running liq…
Run Locust headlessRun Locust without the web UI in CI using --headless with -u, -r, and --run-time, and fail the job on errors…
Parallel Maven and Gradle testsParallelize JVM tests with Maven Surefire forkCount and Gradle --parallel plus maxParallelForks, using multip…
Migrations as a CI jobRun migrations in a dedicated CI job with a scoped migration role and secret, separate from the app deploy, s…
Migrate for blue-greenRun migrations for a blue-green or canary rollout where two app versions share one database, which forces eve…
CPU and GPU model testsSplit fast CPU model tests from GPU-only tests in GitHub Actions using pytest markers, so most tests run on c…
Run mutation testingRun mutation testing with Stryker in GitHub Actions to measure how well your tests actually catch bugs, faili…
Run mutation testsRun Stryker mutation testing in GitHub Actions to measure how well your tests catch injected bugs, and fail t…
Run only affected E2ESkip unaffected E2E specs in GitHub Actions using Playwright --only-changed against the base branch, running…
Run only affected jobsSkip unrelated work in a monorepo by detecting which paths changed with a filter action, then gating each dow…
turbo --filterUse turbo run with a git-based --filter to build only the packages changed since a base ref in a Turborepo, s…
Run on changed pathsTrigger a GitHub Actions workflow only when specific files change using on.push.paths, avoiding wasted runs i…
Test only what changedRun only the tests affected by a diff using test-impact selection, so CI stops re-running the whole suite for…
Only latest PR commitEnsure a GitHub Actions PR pipeline runs only the newest commit by canceling superseded runs with a per-PR co…
Run pa11y in CIRun pa11y-ci in GitHub Actions to test multiple URLs against WCAG2AA, using a .pa11yci config so the build fa…
Scope tests to a packageRun tests for a single workspace package in GitHub Actions with pnpm --filter or npm workspace flags, so a fo…
Parallel stacks per jobRun isolated Compose stacks in parallel CI jobs by giving each a unique project name with -p or COMPOSE_PROJE…
dorny/paths-filter jobsGate per-package jobs in a monorepo with dorny/paths-filter, which outputs a boolean per filter so each packa…
Run Pester testsRun Pester PowerShell tests on a windows-latest runner in GitHub Actions, installing the module, invoking Inv…
Playwright + axe in CIRun accessibility assertions inside Playwright tests with @axe-core/playwright in GitHub Actions, scanning re…
Component testing in CIRun Playwright component tests in GitHub Actions with test-ct, mounting components in a real browser without…
Run Playwright e2e testsRun Playwright end-to-end tests in GitHub Actions, installing browsers with their system dependencies and upl…
Shard Playwright testsSplit a Playwright suite across parallel runners in GitHub Actions with the built-in sharding flag and a matr…
Run Playwright in CIRun Playwright end-to-end tests on GitHub Actions by installing browsers with their OS dependencies, running…
Run Postman with NewmanRun a Postman collection in GitHub Actions with the Newman CLI, passing an environment file and emitting a JU…
postUpgradeTasksRegenerate lockfiles, snapshots, or generated code after a Renovate bump with postUpgradeTasks, running allow…
Run Prisma migrationsApply Prisma migrations in GitHub Actions with prisma migrate deploy against the CI database, the non-interac…
Parallel pytest with xdistSpeed up a Python suite on a single CI runner with pytest-xdist, using -n auto to spread tests across every a…
Qlty analysisRun the Qlty CLI in GitHub Actions to check code smells, duplication, and complexity across many languages us…
Self-hosted RenovateRun Renovate yourself with the renovatebot/github-action on a schedule, using a token instead of the hosted a…
pytest API testsRun integration tests against a REST API in GitHub Actions using pytest and the requests library, with a JUni…
supertest API testsRun HTTP integration tests for a Node API in GitHub Actions with supertest, driving the Express app directly…
REST Assured testsRun Java REST Assured API tests in GitHub Actions with Maven, asserting on status codes and JSON paths and pu…
Parallel Rust tests with nextestRun Rust tests faster in CI with cargo-nextest, which executes each test in its own process and supports part…
rustfmt + clippyCheck Rust formatting and lints in GitHub Actions with rustfmt and clippy so unformatted code or clippy warni…
Scan for leaked secretsAdd a gitleaks secrets-scanning step to GitHub Actions so a self-hosted runner fails the build when a credent…
Security scanning on PRsScope a security scan to pull requests in GitHub Actions so the scanner runs on proposed changes, not on ever…
Label-based CILet pull request labels opt jobs in or out in GitHub Actions, so heavy suites like e2e run only when a review…
Run Selenium Grid in CIStand up a Selenium browser node as a GitHub Actions service container, then point your WebDriver tests at th…
Run runners in DockerRun a self-hosted GitHub Actions runner inside a Docker container with a JIT or ephemeral token, so each job…
ShellCheck scriptsRun ShellCheck over your shell scripts in GitHub Actions so quoting bugs and unsafe patterns fail CI before t…
Smoke before promoteRun a smoke test suite against a freshly deployed staging build in GitHub Actions and only promote to product…
Run Soda checks in CIRun Soda Core scans in a GitHub Actions job so data quality checks written in SodaCL fail the build when a me…
Source freshness checksRun dbt source freshness in a scheduled CI job so stale upstream data is caught early, with warn and error th…
Conditional steps per OSRun a step only on a specific operating system in a GitHub Actions matrix with if: runner.os == Windows, so p…
Run SwiftLintLint Swift code on a GitHub Actions macOS runner with SwiftLint, installing it via Homebrew and failing the j…
apply on mergeApply Terraform only after a merge to main in GitHub Actions, gated by a protected environment with required…
fmt and validate gateGate every Terraform pull request on formatting and validity by running terraform fmt -check -recursive and t…
terraform fmt + validateCheck Terraform formatting and config validity in GitHub Actions with terraform fmt and validate so bad HCL f…
Terraform reusable workflowWrap terraform plan and apply in a reusable workflow_call workflow so every environment calls the same audite…
plan on pull requestsProduce a Terraform plan for every pull request in GitHub Actions with terraform plan -out, using read-only c…
Test across operating systemsRun the same test suite on Linux, macOS, and Windows in GitHub Actions with an os matrix driving runs-on, cat…
Multi-database matrixRun your test suite against Postgres, MySQL, and SQLite in GitHub Actions with a matrix so database-specific…
Run tests in random orderRun tests in random order in CI with pytest-randomly or Jest to surface order-dependent flakes, printing the…
Scheduled tests + alertRun your test suite nightly with a cron schedule in GitHub Actions and post a Slack alert only when the run f…
Test on Windows and LinuxRun the same test job on Windows and Linux in GitHub Actions with an os matrix driving runs-on, and a portabl…
Test only changed filesRun only the tests affected by a pull request in GitHub Actions using Jest --changedSince against the base br…
OpenSSF ScorecardScore your repository security posture in CI with the OpenSSF Scorecard action, which checks for pinned depen…
Storybook a11y in CIRun accessibility checks across every Storybook story in GitHub Actions with the a11y addon and the test-runn…
Run visual regression testsRun Playwright visual regression tests in GitHub Actions, comparing screenshots against committed baselines a…
Visual snapshots in E2ERun Playwright visual comparison snapshots in GitHub Actions, committing Linux baselines and uploading the di…
Only on relevant changesSkip visual tests when only backend or docs change by adding a paths filter to the workflow trigger, cutting…
Run WebdriverIO in CIRun WebdriverIO end-to-end tests on GitHub Actions headless, booting the app first with start-server-and-test…
Run xcbeautify on xcodebuildPipe xcodebuild output through xcbeautify on a GitHub Actions macOS runner for readable logs and GitHub annot…
Zero-downtime DB migrationsRun zero-downtime database migrations from CI/CD with the expand and contract pattern, so old and new code bo…
Use pull_request_target safelyUse the pull_request_target event to run trusted automation on fork PRs in GitHub Actions with write access,…
Inject context safelyAvoid script injection in GitHub Actions by passing untrusted context values like PR titles into a run step t…
Save on default branchWrite caches only from default-branch runs in GitHub Actions using the save sub-action with an if on github.r…
Restrict cache writesKeep the GitHub Actions cache clean by restoring everywhere but saving only on the default branch, using the…
Scaffold a new serviceGenerate a new service from a template using cookiecutter or copier so the repo ships with the paved-road CI…
Scale a deploymentChange the replica count of a Kubernetes Deployment from GitHub Actions with kubectl scale, useful for schedu…
Scale to zero when idleEliminate idle self-hosted runner cost by scaling the fleet to zero when no jobs are queued, using an autosca…
Scale runners to zeroConfigure ephemeral self-hosted GitHub Actions runners that scale to zero when no jobs are queued, so idle ma…
Scale to zero when idleCut idle CI cost by scaling self-hosted runners to zero when no jobs are queued, using ARC minRunners 0 or an…
Scan an image with TrivyBuild then scan a Docker image in GitHub Actions with aquasecurity/trivy-action, failing the run on HIGH and…
Scan with Trivy, fail on HIGHScan a built Docker image with Aqua Trivy in CI and fail the job when HIGH or CRITICAL vulnerabilities are fo…
Scan image on pushScan a container image for CVEs in GitHub Actions with aquasecurity/trivy-action, failing the build on high o…
Scan build logsCatch secrets that leak into CI build logs by masking known values and scanning captured log output, so a pri…
Scan image layersScan a built container image for secrets baked into its layers using Trivy, catching credentials copied in du…
Scan cloud keysDetect cloud provider credentials in CI, covering AWS access keys, GCP service account JSON, and Azure connec…
PII and secret scanningScan a repository for secrets and PII in GitHub Actions with gitleaks and a custom pattern set, failing the b…
Scan for secrets (TruffleHog)Catch committed credentials in GitHub Actions with trufflehog, scanning the commit range on each push or PR a…
Scan full historyScan the entire commit history for leaked secrets in CI by checking out with fetch-depth 0, so a credential d…
Checkov IaC scanScan Terraform and other IaC in GitHub Actions with Checkov so misconfigurations like public buckets fail CI…
Scan the PR diffScan only the commits a pull request adds by pointing the scanner at the range between the base and head, giv…
TruffleHog filesystemUse the TruffleHog filesystem source to scan the checked-out working tree for secrets in CI, catching credent…
Warm the cache on a scheduleKeep the GitHub Actions dependency cache fresh by rebuilding it on a cron schedule on the default branch, so…
Schedule a Cloud Run JobDeploy a Cloud Run Job from GitHub Actions and wire a Cloud Scheduler cron trigger that invokes it on a sched…
Schedule dependency updatesRun a recurring dependency bump on a GitHub Actions cron that opens a pull request, using npm-check-updates o…
Schedule a jobSchedule a GitHub Actions workflow with on.schedule and cron syntax - UTC timing, multiple schedules, and why…
Schedule a monthly jobRun a GitHub Actions workflow once a month by setting the day-of-month field in cron, with a note on why the…
Schedule a nightly buildRun a nightly GitHub Actions build with on.schedule and a cron expression, useful for regression suites, depe…
Schedule and email a reportGenerate a report on a GitHub Actions cron and send it by email with an SMTP action such as dawidd6/action-se…
Scheduled retrainingRun a scheduled retraining pipeline in GitHub Actions with on.schedule cron, pulling fresh data, training, ev…
Schedule in a timezoneWork around the UTC-only cron in GitHub Actions by converting your local time to UTC, and guard against DST d…
Carbon-aware schedulingShift deferrable CI jobs to hours when the local grid is cleaner using a carbon-intensity signal, so the same…
Clean up old artifactsDelete artifacts past a cutoff on a nightly GitHub Actions schedule using the REST API through the gh CLI, re…
Schedule nightly loadSchedule heavier load tests to run nightly with on.schedule and cron, keeping long or expensive runs off the…
Scheduled scansRun a full-history secret scan on a schedule with on.schedule and a cron expression, catching secrets in old…
Renovate scheduleLimit when Renovate opens PRs with schedule and timezone, using presets like "before 6am on monday" so update…
Scope a cache by branchUnderstand GitHub Actions cache scoping by branch and warm a shared cache on the default branch, so feature b…
Concurrency group per envGive each GitHub Actions deployment environment its own concurrency group keyed on the environment name, so s…
git diff to scope a buildScope a monorepo build to changed packages in GitHub Actions using plain git diff against the base ref, mappi…
Scope trust to a branchRestrict which GitHub Actions runs can assume an AWS role by matching the sub claim on a branch, tag, pull re…
Seal secrets with kubesealEncrypt a Kubernetes Secret into a SealedSecret in GitHub Actions with kubeseal so the ciphertext can be comm…
Keep runners off fork PRsStop untrusted fork pull requests from running on self-hosted GitHub Actions runners by avoiding them on publ…
Secure a webhook endpointSecure a webhook endpoint by requiring a verified signature, serving only over TLS, and optionally restrictin…
Secure runners at scaleKeep a scaled self-hosted runner fleet safe by never attaching runners to public repos and by making every ru…
Seed DB before testsStand up a Postgres service container in GitHub Actions, run migrations and a seed script, then run integrati…
Seed test data firstRun migrations and seed fixtures into a GitHub Actions service-container database before the test job runs, s…
Seed a test databaseLoad fixture data into the CI database after migrations and before tests in GitHub Actions, so integration te…
Seed data into a previewLoad migrations and seed data into a fresh preview database from GitHub Actions so each per-PR environment st…
Seed sample dataLoad deterministic sample data into a CI database with dbt seed or COPY from CSV so transformation and qualit…
Seed data before E2ESeed a deterministic dataset before browser tests run in GitHub Actions by running migrations and a seed scri…
Segregate prod credentialsKeep production credentials out of build and test jobs in GitHub Actions by binding them to a protected envir…
Select an Xcode versionPin a specific Xcode version on a GitHub Actions macOS runner with xcode-select against /Applications/Xcode_<…
Test impact analysisRun only the tests affected by a change using test impact analysis, mapping changed files to the tests that e…
Deployment status to SlackNotify a Slack channel of deploy success or failure from GitHub Actions using an incoming webhook and an alwa…
Send a Discord webhookPost a build notification to a Discord channel from GitHub Actions by sending a JSON payload to a Discord cha…
Dispatch with gh CLIFire a repository_dispatch event from a script or another workflow using gh api, which handles authentication…
Slack build status messagePost a Slack message that reports the overall build status from GitHub Actions using the official slackapi ac…
Send a webhook on deployNotify downstream systems on a successful deploy by POSTing a webhook from the final workflow step with the v…
Email on build failureEmail the team when a GitHub Actions build fails using the dawidd6 send-mail action over SMTP, gated with if:…
Send an outbound webhookSend an outbound webhook from a CI workflow with a curl POST, failing the step on a non-2xx response so a dro…
Ephemeral command responsesSend ephemeral responses to Slack ChatOps commands so acknowledgements and errors are visible only to the inv…
Notify chat from CIPost CI build results to Slack, Discord, or Microsoft Teams by POSTing JSON to an incoming webhook URL stored…
Split data and schemaKeep data migrations separate from schema migrations so a slow backfill never blocks a fast schema change and…
Separate dev/prod targetsRoute CI runs to a dev warehouse and deploys to prod using dbt targets and GitHub environments, so pull reque…
Major vs minor updatesTreat major, minor, and patch updates differently in Renovate with matchUpdateTypes packageRules, so majors g…
Split prod and non-prodRun production deploys on a dedicated, restricted set of self-hosted GitHub Actions runners kept separate fro…
Queue deploys, do not cancelEnsure only one GitHub Actions deploy runs at a time and queued runs are not cancelled by using a concurrency…
Serialize prod deploysSerialize production deploys in GitHub Actions with a single static concurrency group so two release runs can…
Cache key basicsConfigure actions/cache with an exact key and a restore-keys fallback list so a lockfile change still restore…
Coverage plus perf gateRequire both a coverage floor and a performance budget before a GitHub Actions PR can merge by running each c…
Set commit statusSet a custom commit status from a GitHub Actions script using the API so an external check or report shows up…
Set a commit statusSet a custom commit status from GitHub Actions with the GITHUB_TOKEN and the statuses API, so an external che…
Concurrency per branchScope a GitHub Actions concurrency group to each branch so runs on one branch never cancel or block runs on a…
Limit runner concurrencyControl how many GitHub Actions jobs run at once on self-hosted runners by capping runners per host and using…
Set a custom audienceRequest a GitHub Actions OIDC token with a specific aud claim, either through an action input or the ACTIONS_…
Set retention windowControl how long a single GitHub Actions artifact is kept with the retention-days input of actions/upload-art…
Set a DATABASE_URL secretStore a database connection string as a GitHub Actions secret and inject it as DATABASE_URL via env, keeping…
Default env for all jobsSet a workflow-level env block in GitHub Actions so a variable is available to every job and step, with job-l…
Set a workflow-wide envDefine an environment variable once for every job and step in a GitHub Actions workflow with a top-level env…
Aggregate matrix outputsEmit a per-leg job output from a matrix in GitHub Actions and collect every leg into one aggregated result in…
Set a job timeoutCap how long a GitHub Actions job can run with timeout-minutes so hung steps are killed instead of burning th…
Set a job timeoutSet a timeout in GitHub Actions with timeout-minutes at the job and step level to kill hung jobs before they…
Matrix from job outputBuild a dynamic GitHub Actions matrix from a previous jobs output by emitting a JSON array to GITHUB_OUTPUT a…
Set a pending commit statusMark a commit as pending then success or failure from GitHub Actions with the Statuses API via github-script,…
Bound a single stepCap one slow GitHub Actions step with step-level timeout-minutes so a hung command is killed quickly instead…
Set an output conditionallyWrite a GitHub Actions step output only under certain conditions by branching in shell before appending to GI…
Set a step outputSet a step output in GitHub Actions by writing name=value to GITHUB_OUTPUT, then read it from later steps via…
Timeout per stepSet a per-step timeout in GitHub Actions with timeout-minutes on an individual step so a single hung command…
Set a wait timerAdd a wait timer to a GitHub Actions environment so any deploy that targets it is delayed for a set number of…
Set an env varSet environment variables in GitHub Actions at the workflow, job, or step level with env:, and export dynamic…
Set env from PowerShellSet environment variables from a PowerShell step on a windows-latest runner in GitHub Actions, using $env for…
Set and consume an outputWrite a value to GITHUB_OUTPUT in one GitHub Actions step and read it from a later step via the steps context…
Set a CI build time SLODefine an SLO for CI build time as a target percentile under a budget, then track the error budget with a Pro…
Set compression levelTune GitHub Actions artifact zip compression with the compression-level input of actions/upload-artifact@v4,…
Set artifact retention daysControl how long a GitHub Actions artifact is kept with the retention-days input on actions/upload-artifact,…
Budgets and alertsCatch runaway GitHub Actions spend early by setting spending limits and budget alerts, so a misconfigured mat…
Cache headers for assetsSet long immutable cache headers for fingerprinted static assets and a short or no-cache header for HTML so b…
CI triggers per branchControl which branches run CI using on.push.branches and on.pull_request.branches filters, so feature, develo…
Resource limits in CICap CPU and memory for Compose services in CI with the deploy.resources.limits block so a runaway service can…
Reusable + concurrencyControl concurrency for a reusable GitHub Actions workflow by declaring the concurrency block inside the call…
Concurrency for a workflowSerialize a reusable GitHub Actions workflow with a concurrency group so overlapping calls to the same target…
Cancel old runsCancel superseded GitHub Actions runs with a concurrency group keyed to the branch plus cancel-in-progress, s…
Set gate thresholdsDefine quality-gate conditions in SonarQube for minimum coverage, maximum duplicated lines, and a maintainabi…
Default input valuesGive a custom action input a default with the default key in action.yml, so callers can omit it and still get…
Env vars in an actionSet environment variables in a custom action with env on a step, or export them for later steps by writing to…
Environment-specific flagsGive a feature flag different values per environment so it can be on in staging and off in production, with C…
Per-environment variablesUse environment-scoped configuration variables in GitHub Actions so the same job reads different values for s…
fetch-depth for diffsConfigure actions/checkout fetch-depth and resolve the correct base ref for PR versus push so git-diff-based…
App permissions and installConfigure a GitHub App with least-privilege repository permissions and install it on the repos your CI needs,…
Set job dependenciesOrder GitHub Actions jobs with the needs keyword to build a dependency graph, so deploy waits for build and t…
Gate on Lighthouse scoresBlock a GitHub Actions merge when a Lighthouse category score drops below a threshold using assertions on cat…
Canary metric gatesSet metric gates on a canary release driven from GitHub Actions so each traffic increase proceeds only when e…
Outputs from bashSet step outputs from a bash command in GitHub Actions by appending name=value to the GITHUB_OUTPUT file, inc…
Set action outputsSet an output from a composite or container action by appending name=value to the GITHUB_OUTPUT file, then ex…
Set called-workflow permissionsControl the GITHUB_TOKEN scopes a reusable GitHub Actions workflow receives, since the caller permissions can…
Scope the GITHUB_TOKENRestrict or grant scopes for the automatic GITHUB_TOKEN in GitHub Actions with the permissions key, following…
Fail on PowerShell errorsMake PowerShell steps on a windows-latest runner in GitHub Actions fail the build on errors by setting $Error…
Limit a service containerPass Docker runtime flags like memory and CPU limits to a GitHub Actions service container through the option…
Semantic commitsStandardize update commit messages with Conventional Commits, using commit-message.prefix in Dependabot or se…
Set sensible timeoutsStop a hung job from burning the six-hour default ceiling in GitHub Actions by setting timeout-minutes at the…
Base URL from envDrive the API base URL from an environment variable in GitHub Actions so one test suite runs unchanged agains…
Configure a base pathConfigure the base path for a static site served from a subdirectory (like a project Pages URL) so asset and…
Set the default shellPin the shell for every run step in GitHub Actions with defaults.run.shell, so scripts behave consistently ac…
Choose shell on windows-latestControl which shell runs your steps on a windows-latest runner in GitHub Actions with defaults.run.shell, cho…
Set the image tag dynamicallyInject the freshly built image tag into Kubernetes manifests from GitHub Actions with kustomize edit set imag…
Set working directoryRun GitHub Actions steps from a subfolder with working-directory, or set defaults.run.working-directory for e…
Time budget and timeoutsBound E2E runtime in GitHub Actions with a job timeout plus per-test and expect timeouts in Playwright, so a…
Custom domain + DNSPoint a custom domain at a deployed static site with the right DNS records (CNAME or ALIAS for a subdomain, a…
Flux source + KustomizationWire Flux to a repo with a GitRepository source and a Kustomization that applies a path on an interval, the t…
Cache locally on a runnerCache dependencies on a self-hosted GitHub Actions runner by mounting a persistent host directory, avoiding r…
Matrix across OSTest on Linux, macOS, and Windows at once in GitHub Actions with an os matrix that drives runs-on, catching p…
Merge queue for a monorepoRun a GitHub merge queue for a monorepo so PRs are tested against the latest base before merging, triggering…
Set up a monorepo pipelineSet up a monorepo pipeline in GitHub Actions that builds only changed packages, using a change-detection job…
Changesets monorepo releaseAutomate versioning and publishing of a monorepo with Changesets in GitHub Actions, opening a version PR and…
Postgres + Redis servicesRun Postgres and Redis as service containers in a GitHub Actions job with health checks, so integration tests…
Configure a registry mirrorPoint the Buildx builder at a Docker Hub registry mirror in CI via a BuildKit config, cutting pull rate-limit…
Self-hosted runner setupRegister and use a self-hosted GitHub Actions runner by installing the runner agent, configuring it with a to…
Pin a .NET SDK versionPin one or more .NET SDK versions on a windows-latest runner in GitHub Actions with actions/setup-dotnet, inc…
Set up ARC on KubernetesInstall Actions Runner Controller (ARC) on Kubernetes with Helm to autoscale ephemeral GitHub Actions runner…
Set up an App Store Connect API keyProvide an App Store Connect API key (.p8) to a GitHub Actions runner as a base64 secret, then pass the key i…
App-of-apps patternManage many Argo CD Applications from one root Application that points at a directory of child Application ma…
Applitools Eyes in CIAdd Applitools Eyes visual AI checks to CI by wrapping test steps with eyes.open, eyes.check, and eyes.close,…
Bi-directional contractsCombine a provider OpenAPI spec with consumer Pact contracts in bi-directional contract testing on PactFlow,…
Cloud Run blue-greenRun blue-green deploys on Cloud Run from GitHub Actions using revision tags, deploying green with no traffic,…
Vercel branch previewsBuild and deploy a Vercel preview per branch from GitHub Actions using the Vercel CLI, then surface the uniqu…
Cache busting and fingerprintsFingerprint static assets with content hashes in their filenames so a new deploy ships new URLs, letting you…
Canary rolloutShip a canary slice first in GitHub Actions, verify health, then promote to a full rollout in a dependent job…
CI for .NETSet up GitHub Actions CI for a .NET solution: setup-dotnet installs the SDK with NuGet caching, dotnet restor…
CI for Django + PostgresSet up GitHub Actions CI for a Django app backed by Postgres: a postgres service container provides the test…
CI for a monorepoSet up GitHub Actions CI for a monorepo using dorny/paths-filter to detect which packages changed, then run e…
CI for a Next.js appSet up GitHub Actions CI for a Next.js app: setup-node caches npm, cache the .next/cache build cache, run nex…
CI for a React appSet up GitHub Actions CI for a Vite React app: setup-node caches npm, npm ci installs, ESLint lints, the app…
CI for Spring BootSet up GitHub Actions CI for a Spring Boot app: setup-java provides the JDK with Maven caching, a Postgres se…
CI for a Swift packageSet up GitHub Actions CI for a Swift Package Manager library: run on macOS, cache the .build directory, build…
CI for BunSet up GitHub Actions CI for a Bun project: install Bun with oven-sh/setup-bun, install dependencies with a f…
CI for C++ (CMake)Set up GitHub Actions CI for a CMake C++ project: cache the build directory, configure and build with cmake,…
CI for DenoSet up GitHub Actions CI for a Deno project: install the runtime with denoland/setup-deno, then run deno fmt…
CI for Elixir (Mix)Set up GitHub Actions CI for an Elixir project: erlef/setup-beam installs Elixir and OTP, cache deps and _bui…
GitHub Flow CIConfigure CI for GitHub Flow where every change is a branch off main, opens a pull request, gets checks, and…
GitLab Flow environment branchesUse GitLab Flow environment branches (main, staging, production) so a merge into each branch promotes the sam…
CI for GoSet up GitHub Actions CI for a Go module: setup-go caches the build and module caches, go build verifies comp…
CI for Java (Gradle)Set up GitHub Actions CI for a Gradle project: setup-java provides the JDK, gradle/actions/setup-gradle cache…
CI for Java (Maven)Set up GitHub Actions CI for a Maven project: setup-java caches the local ~/.m2 repository, mvn verify compil…
CI for KotlinSet up GitHub Actions CI for a Kotlin project built with Gradle: setup-java supplies the JDK, setup-gradle ca…
CI for Node.js (npm)Set up GitHub Actions CI for a Node.js project that uses npm, with setup-node caching the npm store, npm ci f…
CI for Node.js (pnpm)Set up GitHub Actions CI for a pnpm project: install pnpm with pnpm/action-setup, let setup-node cache the pn…
CI for Node.js (Yarn)Set up GitHub Actions CI for a Yarn project with setup-node cache: yarn, an immutable install via yarn instal…
CI for PHP (Laravel)Set up GitHub Actions CI for a Laravel app: shivammathur/setup-php installs PHP and extensions, Composer cach…
CI for Python (pip)Set up GitHub Actions CI for a pip-based Python project: setup-python caches the pip wheel cache keyed on req…
CI for Python (Poetry)Set up GitHub Actions CI for a Poetry project: install Poetry, let setup-python cache the Poetry virtualenv,…
CI for Python (uv)Set up GitHub Actions CI for a uv project with astral-sh/setup-uv, enable-cache for the uv cache, uv sync for…
Release branches CICut a release branch, run extended integration and packaging jobs on it, and deploy the tagged build, keeping…
CI for Ruby on RailsSet up GitHub Actions CI for a Rails app: ruby/setup-ruby installs Ruby and caches bundled gems, a Postgres s…
CI for RustSet up GitHub Actions CI for a Rust crate: install the toolchain with rustup, cache the cargo registry and ta…
Forking workflow for OSSRun CI safely for the forking workflow where external contributors open pull requests from forks, keeping sec…
Trunk-based development CIWire CI for trunk-based development where everyone commits to main behind short-lived branches, running the f…
Code Climate analysisRun Code Climate maintainability and duplication analysis in GitHub Actions and report test coverage with the…
Run CodeQL on a scheduleRun CodeQL code scanning on a weekly schedule in GitHub Actions with github/codeql-action, catching new vulne…
dbt slim CI with --deferRun only the dbt models a PR changed by combining --select state:modified+ with --defer against a production…
Set up DependabotEnable automated dependency update pull requests with a .github/dependabot.yml file, declaring package-ecosys…
detect-secrets baselineAdopt Yelp detect-secrets in CI by generating a .secrets.baseline of known findings, then failing the build o…
Set up Flagsmith in CIInitialize Flagsmith in GitHub Actions with an environment key stored as a secret so CI jobs read flags and r…
git-secrets in CIUse AWS Labs git-secrets in CI to scan a repository for AWS access keys and other credential patterns, regist…
ggshield in CIRun GitGuardian ggshield secret scanning in a GitHub Actions workflow, authenticating with a GITGUARDIAN_API_…
GitLab merge trainsConfigure GitLab merge trains, the GitLab equivalent of the GitHub merge queue, so merge requests are validat…
Gitleaks in CIAdd Gitleaks secret scanning to a GitHub Actions workflow with gitleaks/gitleaks-action, so every push and pu…
iOS signing with matchSet up iOS code signing in CI with fastlane match, syncing certificates and profiles from an encrypted git re…
Set up LaunchDarkly in CIWire LaunchDarkly into GitHub Actions by passing the SDK key as a secret and initializing the client so tests…
Percy setup in CIAdd Percy visual testing to CI by installing @percy/cli, wrapping your test command with percy exec, and pass…
Playwright toHaveScreenshot in CIRun Playwright visual regression tests in CI with expect(page).toHaveScreenshot(), committing baselines and g…
Progressive delivery + auto rollbackSet up progressive delivery from CI/CD that widens traffic to a new version in steps and automatically rolls…
Provider statesImplement provider states so the provider can seed data before each interaction is verified, matching the giv…
Set up Python on WindowsInstall a specific Python on a windows-latest runner in GitHub Actions with actions/setup-python, enabling pi…
Set up RenovateEnable Renovate by adding a renovate.json that extends config:recommended, then let the app open an onboardin…
Set up Ruby for fastlaneInstall a pinned Ruby and cache gems on a GitHub Actions macOS runner with ruby/setup-ruby and bundler-cache,…
Set up runner groupsOrganize self-hosted GitHub Actions runners into groups to control which repositories and workflows can use t…
Service scorecardsMeasure service health with scorecards that check for a required CI workflow, an owner, and TechDocs, nudging…
Set up Split in CIConfigure the Split SDK in GitHub Actions with an SDK key secret and block on the SDK_READY event so CI evalu…
Testcontainers .NET in CIRun Testcontainers for .NET with xUnit on GitHub Actions using IAsyncLifetime to start a container before tes…
Testcontainers Go in CIRun testcontainers-go integration tests on GitHub Actions, starting a container with GenericContainer inside…
Testcontainers Java in CIWire Testcontainers into a Java/JUnit 5 project and run it on GitHub-hosted runners, where Docker is already…
Testcontainers Node in CIUse testcontainers for Node.js with Jest or Vitest on GitHub Actions, starting a GenericContainer in a before…
Testcontainers Python in CIRun testcontainers-python under pytest on GitHub Actions using a fixture that starts a container and yields i…
TruffleHog in CIRun TruffleHog in CI and report only verified, live credentials with the --only-verified flag, cutting noise…
Set up Unleash in CIConnect Unleash to GitHub Actions by supplying the API URL and client token as secrets and initializing the c…
Shadow / mirror trafficMirror production traffic to a new version from CI/CD so it processes real requests without serving responses…
Shard tests across runnersCut Jest wall-clock time in GitHub Actions by splitting the suite across parallel runners with a matrix and t…
Shard Jest testsRun Jest across parallel CI jobs with the built-in --shard flag, giving each job an index/total so the suite…
Shard Playwright testsSplit a Playwright suite across parallel GitHub Actions jobs with --shard and a matrix, then merge the blob r…
Shard Playwright + merge reportsSplit Playwright tests across CI machines with --shard, upload each blob report, then combine them into one H…
Shard tests across jobsSplit a slow test suite across parallel GitHub Actions jobs with a matrix shard index, running each fraction…
Shard tests across runnersSplit a slow test suite across several GitHub Actions runners with a shard matrix, cutting wall-clock time by…
Shard tests with a matrixSplit a slow test suite into parallel shards in GitHub Actions with strategy.matrix, passing a shard index an…
Shard Vitest testsPartition a Vitest suite across CI machines with the --shard flag, running each index/total slice in a separa…
Shared monorepo cacheShare one actions/cache entry across every package in a monorepo by keying on the workspace lockfile hash and…
Share cache across workflowsShare a dependency cache across multiple GitHub Actions workflows by using a stable, identical cache key so e…
Docker image as artifactMove a built Docker image between GitHub Actions jobs without a registry by docker save to a tar, uploading i…
Central reusable workflowKeep one canonical CI workflow in a central repository and call it from every other repo with uses and workfl…
Share a script across jobsReuse the same script in multiple GitHub Actions jobs by committing it once and checking out the repo in each…
Share across an orgCentralize reusable GitHub Actions workflows and actions in one org repository and grant access under Actions…
Shared composite actionsKeep reusable composite actions in one repository and call them from any workflow with uses owner/actions-rep…
Share env across stepsShare a value computed in one step with later steps in GitHub Actions by appending name=value to the GITHUB_E…
Organization secretsDefine a secret once at the organization level and scope it to selected repositories, so many repos share the…
Org .github repoPublish organization-wide starter workflows and defaults from a special .github repository so new repos in th…
Aggregate CI logsAggregate CI logs by shipping them to Grafana Loki or the ELK stack, pushing structured build logs so failure…
Ship OTA updatesPublish over-the-air JavaScript updates from CI with EAS Update or App Center CodePush, pushing bundle change…
Badge for a branch or eventPin a GitHub Actions status badge to a single branch or trigger event with the branch and event query paramet…
README workflow badgeAdd a live build status badge for a GitHub Actions workflow to the README using the badge.svg endpoint, optio…
Kill idle CI resourcesCap job runtime and tear down service containers and preview environments after CI, so no runner, database, o…
Sign image with cosignSign a container image with Sigstore cosign in GitHub Actions using keyless OIDC signing, so consumers can ve…
Sign image with cosignSign a container image in GitHub Actions with cosign keyless signing over OIDC, producing a verifiable signat…
Sign with cosign (keyless)Sign a pushed Docker image with Sigstore cosign keyless signing in CI, using the GitHub OIDC token so no priv…
Code-sign with signtoolCode-sign a Windows executable on a windows-latest runner in GitHub Actions with signtool, decoding a base64…
Sign Android with a keystoreSign an Android release in CI by decoding a base64 keystore from a secret into a temp file, passing store and…
Cosign keyless signingSign container images and artifacts in CI using Cosign keyless signing backed by the workflow OIDC token, so…
Sign artifacts (cosign keyless)Sign a release artifact in GitHub Actions with cosign keyless signing, using the workflow OIDC token and Sigs…
Sign commits in automated PRCreate verified, signed commits from a GitHub Actions bot by committing through the GitHub API or a GitHub Ap…
Sign release artifactsKeyless-sign release files in GitHub Actions with Cosign and Sigstore using OIDC, producing signature and cer…
Size load generatorsSize the CI runner that generates load so the generator itself is not the bottleneck, using a larger runner o…
Skip CI from a commitSkip a GitHub Actions run with [skip ci] in the commit message, the supported skip keywords, and how to do pe…
Skip on forksStop a deploy or secret-using job from running on forked repositories in GitHub Actions by gating it on the r…
Skip a matrix legSkip individual GitHub Actions matrix legs at runtime with a step-level if that reads the matrix context, so…
Skip a scheduled runSkip a GitHub Actions cron run when a condition holds, such as a holiday or an unchanged repository, using an…
Skip step if file unchangedSkip a GitHub Actions step when a path did not change by computing a changed flag with a filter action, then…
Skip docs-only runsAvoid running full CI for documentation or comment-only changes using paths-ignore, so README and markdown ed…
Skip CI for docsAvoid running the full pipeline for documentation edits by adding a paths-ignore filter so commits touching o…
Skip CI by commit messageSkip a GitHub Actions run by adding [skip ci] to a commit message, or replicate the behavior with an if check…
Skip duplicate runsStop redundant GitHub Actions runs with a concurrency group that cancels superseded runs, and skip duplicate…
Cancel superseded runsCancel superseded GitHub Actions runs with a concurrency group and cancel-in-progress, so rapid pushes to a b…
Skip redundant CI runsStop CI from running work that no commit needs by using concurrency cancel-in-progress and paths filters, cut…
Skip unaffected e2eSkip slow end-to-end suites for apps a PR did not touch in GitHub Actions by gating each e2e job on a paths-f…
Skip safelyKeep incremental CI correct by including dependents when you skip, so a change to a shared module still re-te…
Smoke test key journeysSmoke test the critical user journeys (login, checkout) against a deployed environment in GitHub Actions, so…
Smoke-test after deployVerify a Kubernetes service is healthy after deploy from GitHub Actions by running a throwaway curl pod with…
Distributed training testSmoke-test multi-process distributed training in GitHub Actions with torchrun and a tiny model, verifying the…
Smoke-test trainingRun a fast training smoke test in GitHub Actions that executes a single step on tiny data, catching shape and…
Per-browser/viewport snapshotsCapture separate visual baselines for each browser and viewport in Playwright using projects, so responsive a…
Source a shared shell libReuse helper functions across GitHub Actions steps by sourcing a committed shell library within a single run…
Sparse-checkout a subdirCheck out only the directories a job needs in a large monorepo with the sparse-checkout input on actions/chec…
Sparse-checkout one packageCheck out only one package directory from a large monorepo in GitHub Actions with the sparse-checkout input o…
Sparse-checkout a subdirectoryCheck out only the folders you need from a large repository in GitHub Actions using the sparse-checkout input…
Speed up checkoutTune actions/checkout for a large repository with fetch-depth, filter, sparse-checkout, and fetch-tags to cut…
Performance and parallelismCut Testcontainers CI time by sharing containers per class, running tests in parallel, caching images, and av…
Spellcheck with cspellSpellcheck documentation in GitHub Actions with cspell, scanning Markdown for unknown words against a project…
Spin up MariaDB for testsRun MariaDB as a GitHub Actions service container with a healthcheck.sh readiness probe so tests connect to a…
Spin up MySQL for testsRun MySQL as a GitHub Actions service container with a mysqladmin ping health check and a connection string o…
Spin up Postgres for testsRun a real Postgres alongside your GitHub Actions tests using a service container with a pg_isready health ch…
Postgres service for CIRun integration tests against a real Postgres in GitHub Actions using a service container with a health check…
Spin up Redis for testsRun Redis as a GitHub Actions service container with a redis-cli ping health check so caches, queues, and rat…
Spin up MongoDB for testsRun MongoDB as a GitHub Actions service container with a mongosh ping health check so integration tests hit a…
Split the test suiteShard a large test suite across parallel GitHub Actions runners with a matrix and per-shard filtering, cuttin…
Split tests into parallel jobsSpeed up CI by splitting a test suite into independent GitHub Actions jobs (unit, integration, e2e) that run…
Split restore and saveUse actions/cache/restore and actions/cache/save as separate steps in GitHub Actions to control exactly when…
Split pytest by timingsBalance pytest shards by recorded duration using pytest-split, storing a durations file so each CI group fini…
Split by JUnit timing dataBalance CI test shards using per-test durations from JUnit XML reports, packing tests into groups so each sha…
Balance shards by timingBalance GitHub Actions test shards by recorded runtime instead of file count so every parallel job finishes a…
Split tests dynamicallyAssign tests to CI nodes at runtime with a shared work queue so a slow node simply takes fewer remaining test…
Weighted traffic splittingSplit traffic by weight from CI/CD using an Istio VirtualService, an Nginx Ingress canary annotation, or weig…
SSH into a runner with tmateOpen an interactive SSH session into a live GitHub Actions runner using mxschmitt/action-tmate, so you can po…
Stagger scheduled jobsSpread several GitHub Actions cron triggers across different minutes and hours to avoid the top-of-hour conge…
Stand up a portalGive developers one place to find services, docs, and templates by standing up a portal like Backstage, Port,…
Standard composite actionPackage your repeated CI setup steps into one composite action so every pipeline checks out, installs a toolc…
On-demand EC2 per jobSpin up a fresh EC2 runner for a single job with the machulav/ec2-github-runner action, run your work, then t…
Start API, then waitStart your API in the background and block until it is ready with wait-on before API tests run in GitHub Acti…
Stop secret log leaksPrevent GitHub Actions from printing secrets to logs by masking dynamic values, avoiding set -x with secret a…
Store the App key and idStore a GitHub App private key and App id safely for CI by putting the PEM in an Actions secret and the id in…
Store a multiline secretStore and use a multiline secret like a PEM key or service-account JSON in GitHub Actions by writing the secr…
Trend results over timeStore load test results over time by streaming k6 metrics to Prometheus or InfluxDB and viewing trends in Gra…
Store and use a secretAdd an encrypted repository secret in GitHub Actions and consume it safely by mapping it to an env var on the…
Artifacts 90 daysSet an explicit retention-days value on upload-artifact in GitHub Actions so build outputs survive the full 9…
reg-suit + S3Use reg-suit with the S3 publisher to keep visual baselines out of git, fetching the previous expected images…
Sync a folder to S3Publish a build directory to an S3 static website bucket from GitHub Actions with aws s3 sync, using --delete…
Sync an Argo CD app from CITrigger an immediate Argo CD sync from a GitHub Actions job with the argocd CLI, logging in with a token and…
Sync labels from configManage repository labels as code in GitHub Actions by syncing them from a YAML config on push, so label names…
Sync files via bot PRsKeep shared config files identical across repositories by running a workflow that writes the canonical file i…
Tag by git sha / semverGenerate Docker tags from the commit SHA, branch, and semver tags in CI with docker/metadata-action, so every…
Tag with metadata-actionGenerate consistent image tags in GitHub Actions with docker/metadata-action, deriving tags from the git SHA,…
Target runners by labelRoute GitHub Actions jobs to specific self-hosted runners with custom labels, listing every required label in…
Teardown and cleanupClean up after a Compose based CI job with docker compose down --volumes --remove-orphans so no stale data or…
Tear down on PR closeAutomatically destroy a per-PR preview environment when the pull request is closed or merged in GitHub Action…
Tear down preview on closeAutomatically destroy a per-PR preview environment when the pull request closes in GitHub Actions, so closed…
Status check vs check runUnderstand the difference between a GitHub commit status, a check run, and the required status checks list, s…
Security vs version updatesUnderstand the difference between Dependabot security updates (driven by advisories, on by default) and versi…
Test custom actionRun a custom GitHub Action against fixtures in its own repo CI, assert its outputs, and catch regressions bef…
Test a custom actionTest a custom action by adding a workflow that checks out the repo and runs the local action, asserting on it…
Test a GraphQL APITest a GraphQL endpoint in GitHub Actions by POSTing queries and mutations with curl or a client, asserting o…
Test gRPC with grpcurlTest a gRPC service in GitHub Actions by calling methods with grpcurl and running a load smoke with ghz, usin…
Test a webhook handler in CITest a webhook handler in CI by posting a saved payload with a correctly computed X-Hub-Signature-256 header,…
Chromium, Firefox, WebKitRun Playwright E2E tests across Chromium, Firefox, and WebKit in parallel GitHub Actions jobs with a project…
Matrix of API levelsRun Android instrumented tests across several API levels in CI with a matrix that drives the emulator api-lev…
Matrix of databasesRun the same GitHub Actions test suite against Postgres and MySQL by pairing a database matrix with per-leg s…
Test multiple DB enginesRun the same suite against Postgres and MySQL in GitHub Actions using a matrix that selects the service image…
Node + OS matrixRun tests across multiple Node versions and operating systems in GitHub Actions with a matrix so version- and…
Test both flag statesRun your CI test suite twice, once with a feature flag on and once off, using a GitHub Actions matrix so both…
Test incremental modelsVerify dbt incremental models in CI by running a full refresh then an incremental run over new data, assertin…
Test migrations in CITest every migration in CI against a throwaway database by applying it up, rolling it down, and reapplying it…
Mixed precision checkRun a mixed precision (AMP) training step in GitHub Actions with autocast and GradScaler, asserting the loss…
Test inference and servingStart a model server in a GitHub Actions job, wait for its health endpoint, then send a request and assert th…
Test multiple viewportsTest mobile and desktop viewports in a single Playwright E2E run on GitHub Actions by defining device project…
Test notebooks in CIExecute analytics notebooks in CI with pytest nbmake or papermill so a notebook that errors on run fails the…
Test across JDK versionsRun a JVM test suite across several JDK versions in GitHub Actions with a matrix on java-version and actions/…
Test across Node versionsRun your test suite across several Node.js versions in GitHub Actions with a strategy.matrix on node-version,…
Native arm testingRun tests natively on arm64 by targeting the Linux arm runner labels (ubuntu-24.04-arm) or Apple silicon macO…
Test changed modulesTest only the modules a change touches by mapping changed files to their owning module and running that modul…
Pants changed targetsUse the Pants build system --changed-since flag in CI to test only targets affected by a diff, with --changed…
Test Prefect flowsUnit-test Prefect flows in CI by calling the flow function directly and asserting on results, plus validate d…
Test SQL with DuckDBUnit-test SQL transformation logic in CI with an in-process DuckDB database, loading fixtures and asserting o…
Test webhooksTest inbound webhook handlers in GitHub Actions by POSTing a signed sample payload to the endpoint and assert…
Trace a failed buildTrace a failed build by marking the failing span with an error status and recording the exception, so the fai…
Track benchmarks over timeChart benchmark results across commits in GitHub Actions with github-action-benchmark, which stores history o…
Track failure rate and MTTRCompute change failure rate as the share of deploys that trigger an incident, and MTTR as the mean time to re…
Monorepo coverage flagsSplit coverage by package in a monorepo using Codecov flags and components, so each workspace has its own tar…
Track deploy frequency and lead timeTrack deployment frequency and lead time for changes by counting deploy events and measuring commit-to-deploy…
Track job duration and successTrack per-job duration, queue time, and success rate in CI by emitting a histogram and a counter labeled by j…
Track retry and failure rateTrack how often CI steps retry and fail by emitting a retry counter and a failure counter, then computing the…
Trigger a dbt Cloud jobKick off a dbt Cloud job from a GitHub Actions workflow via the dbt Cloud Administrative API and poll the run…
Deploy from a PR commentTrigger a deploy from a /deploy pull request comment in GitHub Actions using the issue_comment event, parsing…
Deploy when a label is addedRun a deployment or preview job only when a specific label is added to a pull request by gating a workflow on…
Deploy on releaseKick off a deploy when a GitHub Release is published in GitHub Actions, either in the same repo on the releas…
Trigger manuallyTrigger a GitHub Actions workflow manually with workflow_dispatch - add an input form, run from the UI or gh…
Dispatch a named workflowStart a specific workflow file in another repository by calling the workflow_dispatch API with gh workflow ru…
Trigger a build hookTrigger a Netlify or Vercel deploy from CI by POSTing to the provider build hook URL, decoupling a rebuild fr…
Schedule on weekdays onlyRun a scheduled GitHub Actions workflow only Monday through Friday with a cron day-of-week field, so weekend…
Trigger after another workflowRun a GitHub Actions workflow after another one finishes with the workflow_run event, filtering on the source…
Slack slash command to CITrigger a GitHub Actions workflow from a Slack slash command by sending a repository_dispatch from a small we…
Trigger from an external systemKick off a GitHub Actions workflow from an outside system with the repository_dispatch event, sending a custo…
Webhook triggerFire a GitHub Actions workflow from any external system by POSTing a repository_dispatch event to the GitHub…
Trigger a workflow elsewhereDispatch a workflow in a different repository from GitHub Actions using a GitHub App installation token, beca…
Trigger another repoKick off a workflow in a different repository from GitHub Actions by sending a repository_dispatch event with…
Trigger another repoFire a workflow in a different repository from GitHub Actions by sending a repository_dispatch event with a c…
Trigger manually with inputsAdd a manual Run workflow button in GitHub Actions with workflow_dispatch and typed inputs, then read the cho…
Trigger on a discussionRun a GitHub Actions workflow when a GitHub Discussion is created or answered using the discussion event, for…
Trigger on a milestoneRun a GitHub Actions workflow when a milestone is created, closed, or edited using the milestone event, for r…
Trigger on a pull requestRun GitHub Actions checks on pull requests with the pull_request event, filtering on activity types like open…
Trigger on a scheduleRun a GitHub Actions workflow on a timetable with on.schedule and a POSIX cron expression in UTC, for nightly…
Trigger on a tag pushFire a GitHub Actions workflow when a Git tag is pushed using on.push.tags, the standard trigger for building…
Trigger on a commentRun a GitHub Actions workflow when someone comments on an issue or pull request using the issue_comment event…
Trigger on a deployment statusRun a GitHub Actions workflow when a deployment status changes using the deployment_status event, so smoke te…
Trigger on push to branchesRun a GitHub Actions workflow only when commits are pushed to named branches using on.push.branches, so featu…
Trigger for a specific actorRestrict a GitHub Actions job to a specific user or bot with an if check on github.actor, so only trusted act…
Trigger on a merge to mainRun a GitHub Actions deploy only when a pull request is merged into main by combining the pull_request closed…
Trigger on a file globFire a GitHub Actions workflow only when changed files match a specific glob, such as SQL migrations or Terra…
Trigger on a label addedRun a GitHub Actions workflow when a specific label is added to a pull request using the labeled activity typ…
Trigger on a published releaseRun a GitHub Actions workflow when a GitHub Release is published using on.release with the published type, id…
Trigger on review requestedRun a GitHub Actions workflow when a reviewer is requested on a pull request using the review_requested activ…
Trigger on a forkRun a GitHub Actions workflow when someone forks your repository using the fork event, for maintainer notific…
Trigger CI from a webhookTrigger a GitHub Actions workflow from an external system by POSTing a repository_dispatch event to the REST…
Registry push webhooksReact to a new image push by wiring a Docker Hub or registry webhook to a handler that verifies the payload a…
paths trigger filterLimit when a GitHub Actions workflow even starts using on.push.paths and paths-ignore, so unrelated commits n…
Mattermost / Discord ChatOpsTrigger GitHub Actions from Mattermost or Discord slash commands by verifying the inbound request and firing…
Trigger on changed pathsRun a GitHub Actions workflow only when files under specific paths change using on.push.paths and paths-ignor…
Webhooks to verifyConfigure a Pact Broker webhook so a newly published or changed consumer contract automatically triggers the…
HCP / TFC runsDrive remote plan and apply on HCP Terraform (Terraform Cloud) from GitHub Actions with a cloud block and a T…
Fix a stale or wrong badgeTroubleshoot a stale or wrong status badge by checking the source value, the wrong branch parameter, camo cac…
Entropy vs regexBalance high-entropy detection against regex rules in a secret scanner, using regex for known token shapes an…
Tune batching + concurrencySet the merge queue group size and build concurrency so the queue batches pull requests efficiently without o…
Tune workers and parallelismControl Playwright parallelism in GitHub Actions with the workers setting, balancing local files against the…
Kill dead schedulesFind and disable scheduled GitHub Actions workflows that no one relies on anymore, so cron jobs stop burning…
Cache scope rulesLearn the branch scope rules for GitHub Actions caches: a branch reads its own caches, its base branch, and t…
Test PySpark in CIUnit-test PySpark transformations in CI with a local[*] SparkSession fixture, asserting on small DataFrames w…
Update image tag from CIDrive a GitOps deploy by having CI write the new image tag into a config repo with yq and push a commit, so A…
Upgrade runner versionKeep a self-hosted runner fleet current by baking the pinned runner version into your image or ARC chart and…
Upload a build artifactUpload a build output as an artifact in GitHub Actions with actions/upload-artifact@v4, naming it and pointin…
Upload a coverage artifactAttach the generated HTML coverage report to a GitHub Actions run as a downloadable artifact with actions/upl…
Upload a dSYMCollect debug symbols from an Xcode archive on a GitHub Actions runner and upload the .dSYM as a build artifa…
Upload a large artifactUpload big outputs as a GitHub Actions artifact reliably by tarring first, excluding junk, and tuning compres…
Upload SARIFUpload a SARIF report in GitHub Actions so security findings from any scanner appear inline on the PR and in…
Upload a single fileUpload one file as a GitHub Actions artifact by pointing the path input of actions/upload-artifact@v4 at that…
Upload a Windows artifactUpload a Windows build output such as an .exe or .msi from a windows-latest runner in GitHub Actions with act…
Upload with a globMatch files with a glob pattern in the path input of actions/upload-artifact@v4, so a single upload step capt…
Upload artifactsUpload and download build artifacts in GitHub Actions with actions/upload-artifact and download-artifact - pa…
Upload to CodecovSend a coverage report to Codecov from CI with codecov/codecov-action, providing the token so private repos a…
Upload to CodecovUpload test coverage to Codecov from GitHub Actions with codecov/codecov-action, using a token so coverage re…
Upload to CoverallsReport coverage to Coveralls from CI with the coverallsapp/github-action, sending an lcov file with the GITHU…
Build binaries per OSBuild binaries for Linux, macOS, and Windows with a matrix in GitHub Actions and attach each to one GitHub Re…
Upload logs on failureCapture and keep log files, screenshots, or core dumps from a failing GitHub Actions job by uploading them wi…
Multiple paths, one artifactBundle several directories into a single GitHub Actions artifact by listing each path on its own line under t…
Upload traces on failureCapture Playwright traces, videos, and screenshots only on failed retries, then upload them as GitHub Actions…
Screenshots on failureCapture and upload screenshots only when a GitHub Actions job fails by gating the upload-artifact step with i…
SARIF to code scanningPublish secret scanner findings to the GitHub Security tab by writing SARIF and uploading it with github/code…
Snapshot artifacts on failureSave the expected, actual, and diff images on a failing visual run by uploading the Playwright report as an a…
Upload test resultsSave JUnit XML or other test output as a downloadable GitHub Actions artifact with actions/upload-artifact, k…
Toolkit core and execRun shell commands from a JavaScript action with @actions/exec and capture output, using @actions/core for in…
Bazel remote cache in CISpeed up a Bazel monorepo in GitHub Actions with a remote cache by pointing --remote_cache at an HTTP or gRPC…
Boolean input in ifGate a GitHub Actions step on a workflow_dispatch boolean input, handling the fact that inputs arrive as stri…
Cloud GPU runnerRun GitHub Actions jobs on ephemeral cloud GPU instances with an autoscaling runner provider, so GPU capacity…
Composite action DRYReduce duplicated steps in GitHub Actions by extracting them into a local composite action, then calling that…
Concurrency per environmentSerialize deploys per environment in GitHub Actions with a concurrency group keyed on the environment so two…
Concurrency per PRGive each pull request its own GitHub Actions concurrency lane keyed on the PR number or head ref, so pushing…
Per-repo deploy keysGrant CI access to a single private repo with a deploy key, a per-repo SSH key that avoids a broad token when…
Role per environmentAssume a different AWS role per deployment environment in GitHub Actions by selecting the role ARN from the e…
Use a flake detection serviceUse a flaky test detection service in CI such as GitHub flaky-test detection, BuildPulse, Trunk, or Datadog C…
Use a JIT runnerCreate a just-in-time GitHub Actions runner with the REST API generate-jitconfig endpoint, so the runner is a…
Use a larger runnerCut build time for CPU-bound jobs by sending runs-on to a larger GitHub-hosted runner label, giving the job m…
Larger runner for test parallelismUse a larger runner to run a test suite in parallel across more cores, and compare that against sharding acro…
Use a local actionReference an action stored in your own repository with uses and a relative path starting with dot slash, afte…
Use a local actionReference a composite action stored in the same repository from a GitHub Actions workflow with a relative use…
Use a Makefile in CIDrive GitHub Actions with a Makefile so CI calls the same make targets developers run locally, keeping build…
Manifest repoKeep a manifest repository that records the pinned version of every service, so a release means updating one…
Use a matrix buildUse a build matrix in GitHub Actions to run one job across many versions in parallel with strategy.matrix, fa…
Matrix of environmentsDeploy to several GitHub Actions environments in parallel with a matrix dimension that drives the environment…
Partial (blobless) cloneClone a large repository in CI without downloading every file blob using git clone --filter=blob:none, fetchi…
Proxied package registryRoute CI package installs through a private or proxied registry so builds pull vetted, cached artifacts from…
Pull-through cache mirrorConfigure a pull-through cache (registry mirror) for base images in CI so repeated pulls hit a local cache in…
Use a reusable workflowShare CI logic across repos with a reusable GitHub Actions workflow - define workflow_call inputs and secrets…
Reusable workflow per envCall one reusable GitHub Actions deploy workflow once per environment, passing the target name as an input an…
Reusable with secrets inheritPass all caller secrets to a reusable GitHub Actions workflow with secrets: inherit, avoiding the need to for…
Singleton via static groupGuarantee only one instance of a job runs at a time across the whole repo in GitHub Actions by giving it a co…
Use a task runner in CIRun tasks in GitHub Actions with the just command runner by installing it with extractions/setup-just, then i…
Throwaway DB per jobGive every GitHub Actions job its own disposable database by relying on the per-job service container, which…
Warm pool for cold startsKeep a small warm pool of idle runners ready so jobs start immediately instead of waiting for a machine to bo…
Use a warm poolKeep a small pool of pre-booted self-hosted GitHub Actions runners idle so jobs start immediately instead of…
Call the API with github-scriptCall the GitHub REST and GraphQL API inline from a workflow with actions/github-script, using the pre-authent…
Allow and ignore rulesControl which dependencies Dependabot touches with allow and ignore rules, pinning a package to a major line…
App Store Connect API keyAuthenticate to App Store Connect in CI with a .p8 API key, passing the key ID, issuer ID, and base64 key con…
Env var in an ifReference a GitHub Actions environment variable inside an if using the env context, and know that step-level…
Env var across jobsPromote a value computed in one GitHub Actions job to a job output so every downstream job can read it as an…
Argo CD Image UpdaterLet Argo CD Image Updater watch a registry and write new tags back to Git via annotations, so a CI image push…
Argo Rollouts canaryReplace a Deployment with an Argo Rollouts Rollout to ship a canary that shifts traffic in weighted steps wit…
Run CI on ARMRun CI on ARM runners, which often do more work per watt than x86, cutting energy and frequently cost, using…
Artifacts in reusable workflowShare artifacts between a caller and a reusable GitHub Actions workflow by uploading in one and downloading i…
README vs docs badgesPlace badges correctly in a README versus a docs site, using Markdown image syntax on GitHub and HTML img tag…
Branch protection controlConfigure GitHub branch protection as a documented compliance control, blocking force pushes, deletions, and…
Use inline cacheEmbed Docker layer cache metadata inside the pushed image with BuildKit inline cache, so later CI builds can…
CalVer versioningTag releases with calendar versioning (CalVer) in GitHub Actions by deriving a YYYY.MM.PATCH version from the…
Compose profiles in CIGroup optional services under Compose profiles so CI can start only what a given job needs with --profile, ke…
Conditionals in compositeRun a step conditionally inside a composite action with a step-level if, using the inputs context and status…
Continue on errorLet a GitHub Actions step or job fail without failing the run using continue-on-error, ideal for non-blocking…
DB and services for E2EBack E2E tests with real Postgres and Redis service containers in GitHub Actions, using health checks so the…
dbt tests as a gateEnforce data quality in CI with dbt tests by running dbt test and generic tests like not_null, unique, and re…
GCP direct WIFAuthenticate GitHub Actions to Google Cloud with direct Workload Identity Federation, granting IAM roles to t…
Dispatch types and named argsConfigure dispatch types and named arguments in peter-evans/slash-command-dispatch so a slash command carries…
Use environment secretsScope secrets per deployment target in GitHub Actions with environment secrets, so a job that names an enviro…
Environment-scoped secretsBind secrets to a single GitHub Actions environment so a job only sees that target credentials when it declar…
Environment-scoped variablesDefine non-secret configuration per environment in GitHub Actions with environment variables read through the…
Ephemeral runnersRegister self-hosted GitHub Actions runners as ephemeral so each machine runs exactly one job and is destroye…
Use fastlane match for signingSync signing certificates and provisioning profiles in CI with fastlane match readonly on a GitHub Actions ma…
Flags for trunk-based devMerge unfinished work to main safely with feature flags so trunk-based development keeps CI green while incom…
Free minutes by planStretch the free GitHub Actions minutes included with your plan by keeping jobs on Linux, right-sizing runner…
GenericContainerRun any Docker image in tests with GenericContainer, setting exposed ports, env vars, and a wait strategy, th…
Actions Importer toolUse the gh actions-importer CLI extension to audit and dry-run convert Jenkins, GitLab, CircleCI, Azure, Trav…
setup-terraformInstall a pinned Terraform with hashicorp/setup-terraform, control its command wrapper, and pass -no-color so…
Helm charts in Argo CDDeploy a Helm chart through Argo CD by setting source.helm with values and parameter overrides, so Argo CD re…
Immutable vs mutable tagsPush a unique immutable tag per build (git SHA or version) plus a moving latest tag in GitHub Actions, so eve…
jest-image-snapshot in CIAdd pixel diffing to Jest tests with jest-image-snapshot and toMatchImageSnapshot, tuning failureThreshold so…
Just-in-time runnersCreate a just-in-time GitHub Actions runner with the generate-jitconfig REST endpoint, so each runner is prov…
Kustomize overlays per envStructure a GitOps repo with a Kustomize base and per-environment overlays that patch replicas, image tags, a…
Nx Cloud distributed tasksDistribute Nx tasks across agents in GitHub Actions with Nx Cloud, starting agents with nx-cloud start-ci-run…
OIDC for warehouse credsAuthenticate CI to a cloud warehouse with short-lived OIDC tokens instead of long-lived passwords, using conf…
OIDC on self-hosted runnersUse keyless OIDC auth from self-hosted GitHub Actions runners the same way as hosted ones, since the OIDC tok…
OIDC per environmentAssume a different cloud IAM role per GitHub Actions environment over OIDC by reading the role ARN from an en…
OIDC to Google CloudAuthenticate to Google Cloud from GitHub Actions with OIDC and Workload Identity Federation, so jobs get shor…
OIDC + VaultAuthenticate a GitHub Actions job to HashiCorp Vault with the OIDC JWT auth method and pull secrets at runtim…
Use OpenFeature in CIAdopt the vendor-neutral OpenFeature API in GitHub Actions by registering a provider once, so CI code evaluat…
Use actions inside compositeCall published actions such as actions/checkout and actions/setup-node from inside a composite action by addi…
Collect matrix outputsCollect results from matrix jobs in GitHub Actions by writing per-leg artifacts, since matrix job outputs col…
Filter CI by pathTrigger CI only when relevant files change with on.push.paths, so a monorepo does not rebuild every service o…
Pending and WIP pactsEnable pending pacts and work-in-progress pacts so a new or unverified consumer contract does not fail the pr…
Per-OS cache keysPrevent cache clashes across a multi-OS GitHub Actions matrix by including runner.os in the actions/cache key…
QEMU emulation for armRegister QEMU binfmt handlers with docker/setup-qemu-action so an amd64 GitHub Actions runner can build and r…
Required status checksMake security and compliance jobs required status checks in GitHub so a pull request cannot merge until the s…
Use restore-keysUse restore-keys in GitHub Actions actions/cache to fall back to the most recent matching prefix when the exa…
Runner groupsOrganize self-hosted runners into runner groups to control which repositories and workflows can use which fle…
Runner groupsOrganize self-hosted and larger runners into runner groups, control which repositories can use each group, an…
runs-on and labelsMaster runs-on syntax in GitHub Actions: single labels, arrays of labels that must all match, and how self-ho…
Scalar and git maintenanceUse git scalar and background maintenance to keep a very large repository fast on self-hosted CI runners, ena…
Sealed Secrets in GitOpsEncrypt Kubernetes secrets into SealedSecret resources with kubeseal so they are safe to commit, and the clus…
Use secrets in an actionPass a secret into a custom action as an input or env var from the calling workflow, because actions cannot r…
Use service containersSpin up Postgres or Redis alongside a GitHub Actions job with services, including health checks and port mapp…
Use set -euo pipefailMake GitHub Actions bash scripts fail loudly by starting them with set -euo pipefail, so unset variables and…
Route slash commandsRoute pull request slash commands to dedicated workflows in GitHub Actions with peter-evans/slash-command-dis…
Spot instance runnersCut self-hosted GitHub Actions runner cost with cloud spot instances, which are much cheaper than on-demand b…
workspaces per envIsolate dev, staging, and prod state with Terraform workspaces in CI by selecting the workspace from a matrix…
Testcontainers CloudOffload Testcontainers container execution to Testcontainers Cloud from CI using the setup action and a token…
BackstopJS reference/test/approveRun BackstopJS in CI with the reference, test, and approve commands, generating baselines once and comparing…
setup-node built-in cacheEnable dependency caching with one line using the cache input of actions/setup-node, which auto-detects your…
Skip work on a hitRead the cache-hit output of actions/cache in GitHub Actions to conditionally skip a rebuild or reinstall ste…
Enable the commit-graphWrite a git commit-graph in CI so log, merge-base, and history walks on a large repository run fast, cutting…
Compose moduleStart a multi-service stack from an existing docker-compose file in tests with the Testcontainers Compose mod…
LocalStack moduleEmulate AWS services in tests with the Testcontainers LocalStack module, reading its endpoint and using dummy…
Merge queue with matrix buildsMake a matrix build work as a required check in the GitHub merge queue by adding a summary job so branch prot…
Use the merge_group triggerAdd the merge_group event to a GitHub Actions workflow so required checks run against the temporary merge que…
Recreate strategyUse the Kubernetes Recreate strategy from CI/CD to stop all old pods before starting new ones, the safe choic…
Rekor transparency logQuery the Sigstore Rekor transparency log to independently confirm that a Cosign signature was recorded, givi…
Dependency dashboardTrack all pending and rate-limited updates in one place with the Renovate dependency dashboard issue, and tri…
tsc --incrementalEnable TypeScript incremental type checking in CI with tsc --incremental and a cached .tsbuildinfo so only ch…
Turbo remote cache in CIWire Turborepo remote caching into GitHub Actions by setting TURBO_TOKEN and TURBO_TEAM so CI reuses task out…
Turborepo remote cacheSkip unchanged tasks in a Turborepo monorepo on GitHub Actions by enabling the remote cache, so runs reuse ha…
Use VS Build ToolsLocate and use Visual Studio Build Tools on a windows-latest runner in GitHub Actions with vswhere, or instal…
Validate Helm chartLint and template a Helm chart in GitHub Actions, then run chart-testing, so syntax errors and bad values are…
Validate a webhook payloadValidate a webhook payload against a JSON schema after verifying the signature, rejecting malformed bodies be…
Validate Airflow DAGsCatch broken Airflow DAGs in CI by parsing every file with DagBag and failing on import errors, so a syntax o…
Dredd contract testRun Dredd in GitHub Actions to check that a live API matches its API Blueprint or OpenAPI description, catchi…
Validate ARIAValidate ARIA roles and attributes in GitHub Actions with the jsx-a11y aria rules for JSX, or axe aria-* rule…
Validate data firstRun schema and quality checks on a dataset in GitHub Actions before training, failing the run on nulls, out-o…
Validate data contractsEnforce data contracts in CI by linting the contract spec and checking that a producing model still matches i…
Validate i18n filesValidate that every i18next locale JSON parses and the locales stay in sync in GitHub Actions, failing the bu…
Validate action inputsValidate custom action inputs at runtime by checking allowed values and formats, then failing with ::error::…
Validate JSON schemasValidate JSON config files against JSON Schema in GitHub Actions with ajv so malformed or out-of-spec config…
Validate manifests with kubeconformCatch invalid Kubernetes manifests before they reach the cluster by running kubeconform in strict mode in Git…
Validate with kubeconformCatch broken Kubernetes YAML in CI before a GitOps sync by rendering with kustomize and validating against th…
Validate reversible migrationsVerify a new migration can roll back cleanly in GitHub Actions by applying it, rolling it back one step, and…
Validate OG meta tagsAssert required Open Graph and meta tags exist in GitHub Actions by parsing built HTML with cheerio, failing…
Validate OpenAPI contractsValidate and lint OpenAPI contracts in CI using Optic to catch breaking changes against captured traffic and…
Validate OpenAPI specsLint and validate an OpenAPI spec on every pull request in GitHub Actions with Redocly or Spectral so a broke…
Validate orchestrator configLint orchestrator config such as dbt project YAML, Airflow connections, and Dagster definitions in CI so a ma…
Validate sitemap.xmlValidate a generated sitemap.xml in GitHub Actions by checking it is well-formed XML and that every listed UR…
Verify blue-green cutoverVerify the green environment in GitHub Actions before switching traffic in a blue-green deploy, then confirm…
Canary analysis with ArgoDrive an Argo Rollouts canary from GitHub Actions and let its AnalysisTemplate gate each step on metrics, so…
Verify CDN cache purgedVerify a CDN cache purge took effect after a deploy in GitHub Actions by checking cache headers and asset has…
Verify the author is a maintainerVerify a chat command author is a maintainer in GitHub Actions by checking team membership or an explicit all…
Verify Cosign signatureVerify a keyless Cosign signature in CI with cosign verify, pinning the expected OIDC issuer and identity so…
Verify before deployVerify a SLSA provenance attestation in GitHub Actions with gh attestation verify before deploying, confirmin…
Verify the providerRun provider verification in CI so the provider fetches consumer pacts from the broker, replays each interact…
Verify a webhook signatureVerify an incoming GitHub webhook by computing an HMAC SHA-256 over the raw body with your secret and compari…
Verify build provenanceVerify a GitHub artifact attestation before trusting an artifact using gh attestation verify, checking that t…
Verify checksumsVerify the SHA-256 checksum of any binary or archive you download in CI with sha256sum -c before executing it…
Verify CUDA availableConfirm a GitHub Actions GPU job actually sees the GPU by checking nvidia-smi and torch.cuda.is_available bef…
Verify migrations appliedVerify that database migrations actually applied after a deploy in GitHub Actions by checking the migration t…
Verify DNS and SSLVerify DNS resolution and TLS certificate validity after a deploy or cutover in GitHub Actions using dig and…
Verify feature flag stateVerify that the expected feature flags are in the intended state after a deploy in GitHub Actions by querying…
Verify /version matches SHAConfirm the running release is the exact commit you deployed in GitHub Actions by comparing a /version endpoi…
Verify third-party integrationsVerify that third-party integrations (payments, email, auth) are reachable and configured after a deploy in G…
Version an actionVersion a custom action with a semantic tag per release plus a moving major tag like v1, so consumers can pin…
Version a monorepoVersion and publish independent packages in a monorepo with Changesets and changesets/action in GitHub Action…
Major version tagsMaintain a moving v1 major tag alongside immutable patch tags for a custom GitHub Action so consumers get fix…
Version from git tagDerive a container image version from a pushed git tag in GitHub Actions, tagging the image with the semver v…
Changesets version + publishAutomate monorepo versioning and npm publishing in GitHub Actions with changesets/action, which opens a versi…
Rush version and publishRelease a Rush monorepo with rush change to record bumps, rush version to apply them, and rush publish to shi…
Upgrade templatesKeep scaffolded repos current by versioning your templates and reusable workflows, then letting Renovate open…
Version with branches/tagsVersion Pact contracts by the git sha and attach branch and tag metadata so the broker can reason about mainl…
Wait for a databaseMake GitHub Actions wait until a database accepts connections using service health checks or a pg_isready ret…
Wait for a downstream runAfter dispatching a workflow in another repository, poll its run status with gh run watch or the runs API so…
Wait for rollout statusBlock a GitHub Actions job until a Kubernetes rollout finishes with kubectl rollout status, so verification r…
Wait for a rollout to finishMake a GitHub Actions deploy fail loudly when pods do not become ready by running kubectl rollout status with…
Boot server, then testBoot a local dev server and hold the E2E run until it responds in GitHub Actions using start-server-and-test…
Wait before load testingWait for a service to become healthy before a CI load test by polling its health endpoint with curl, so cold-…
Wait for fonts/network idlePrevent flaky visual diffs by waiting for document.fonts.ready and networkidle before capturing, so late font…
Warm the cache nightlyKeep a GitHub Actions cache warm on the default branch with a scheduled job that installs dependencies and sa…
Warm the cache on mainGive pull requests a warm dependency cache in GitHub Actions by populating it on pushes to the default branch…
Polyrepo vs monorepoAn honest comparison of polyrepo and monorepo for CI/CD, covering build scoping, shared code, releases, and a…
Larger runner tradeoffDecide when a larger GitHub Actions runner is worth it: more vCPUs finish faster but bill a higher per-minute…
Cost vs time of more shardsUnderstand why adding more test shards cuts wall-clock time but raises total CI minutes, since each shard rep…
Welcome first contributorsPost a friendly automated message on a contributor first issue or pull request with actions/first-interaction…
The 10GB cache budgetUnderstand the 10GB per-repository GitHub Actions cache limit and least-recently-used eviction, and trim cach…
Backstage software templateAuthor a Backstage software template so developers scaffold a new repo with CI from the portal, filling a for…
Write a composite actionBuild a composite action by creating an action.yml with runs.using composite and a steps list, then call the…
Docker container actionBuild a Docker container action with runs.using docker and a Dockerfile, passing inputs as arguments and read…
Write a JavaScript actionCreate a JavaScript action with runs.using node20 and an entry script that uses @actions/core and @actions/gi…
Write a consumer testWrite a Pact consumer test that defines expected requests and responses, then run it in CI so Pact generates…
Write a step summaryRender Markdown on the GitHub Actions run page by appending to GITHUB_STEP_SUMMARY, turning test results and…
Ternary-style expressionEmulate a ternary in GitHub Actions with the && and || short-circuit pattern to pick one of two values, and k…
Flag targeting rulesTarget a feature flag at specific users, plans, or attributes with rules so a feature reaches only the intend…
Safe-to-rerun migrationsWrite migrations that are safe to rerun using IF NOT EXISTS and guarded updates, so a retried CI job or a par…
GitHub Actions job summaryRender build metrics into the GitHub Actions run page by appending Markdown to the GITHUB_STEP_SUMMARY file,…
Rate-limit-aware testsKeep API tests from tripping rate limits in GitHub Actions by honoring Retry-After, backing off on 429s, and…
What contract testing isConsumer-driven contract testing verifies that a consumer and provider agree on an API by exchanging a contra…
When not to load in CIKnow when heavy load tests do not belong in per-PR CI because of cost, runner limits, and shared-environment…
Composite vs reusable workflowChoose between a composite action and a reusable workflow by scope: a composite action bundles steps inside o…
App token over a PATCompare a GitHub App installation token with a personal access token for CI: scoped to specific repos, short-…
Machine users (discouraged)Understand the downsides of using a machine user account and its PAT for CI, and why a GitHub App is the reco…
Why OIDC beats static keysReplace long-lived cloud access keys stored as CI secrets with OIDC federation, so each job exchanges a short…
GitLab CI
Task how-tos for GitLab CI.
Add a manual jobRequire a human click before a GitLab CI/CD job runs with when:manual, and use allow_failure to control wheth…
GitLab pipeline and coverage badgesAdd GitLab pipeline status and coverage badges using the project badge endpoints, and configure coverage pars…
OIDC to AWSAuthenticate GitLab CI to AWS with OIDC - request an ID token with the id_tokens keyword and assume an IAM ro…
GitLab Runner AutoscalerAutoscale GitLab CI runners with the GitLab Runner Autoscaler and fleeting plugins, the replacement for the d…
Kubernetes executor scalingRun GitLab CI jobs as ephemeral pods with the Kubernetes executor, letting the cluster autoscaler add nodes o…
Build a DAG with needsRun GitLab CI/CD jobs out of stage order with needs, letting a job start as soon as its specific dependencies…
Build a multi-arch imageBuild a multi-architecture Docker image in GitLab CI with Buildx inside docker:dind, creating a builder and p…
Build a multi-arch imageBuild and push a multi-architecture container image in GitLab CI using docker buildx with QEMU emulation so o…
Deploy services via child pipelinesDeploy several services in parallel from GitLab CI/CD by triggering a child pipeline per service with trigger…
Build & push a Docker imageBuild and push a Docker image in GitLab CI with docker:dind or Kaniko, logging in to the built-in container r…
Push to the GitLab registryBuild an image and push it to the GitLab Container Registry from CI/CD, authenticating with the built-in CI_R…
Build with Docker-in-DockerBuild Docker images in GitLab CI/CD using the docker:dind service and a docker client image, configuring DOCK…
Cache in GitLab CIConfigure the cache keyword in GitLab CI with key, paths, and policy so jobs reuse dependency directories, an…
Cache dependenciesCache dependencies in GitLab CI with the cache: keyword - key:files for lockfile-based keys, paths, policy, a…
Cache dependenciesSpeed up GitLab CI/CD by caching package directories with a cache key tied to the lockfile via cache:key:file…
Cache Docker layersCache Docker build layers in GitLab CI with Buildx and a registry-backed cache (cache-from/cache-to), or use…
Cache Go modulesCache Go modules and the build cache in GitLab CI by setting GOPATH/GOCACHE into the project dir and caching…
Cache Maven dependenciesSpeed up GitLab CI Java builds by caching the Maven local repository (.m2) keyed on pom.xml so dependencies a…
Cache node_modulesCache node_modules in GitLab CI keyed on package-lock.json so npm ci reuses dependencies across jobs and pipe…
Cache Rust buildCache Rust dependencies and the target dir in GitLab CI by redirecting CARGO_HOME into the project dir and ca…
Cancel redundant pipelinesCancel redundant GitLab CI pipelines with interruptible jobs plus auto-cancel redundant pipelines, and use re…
Cancel redundant pipelinesAuto-cancel superseded GitLab CI/CD pipelines by marking jobs interruptible, so a new push cancels older runn…
Conditionally skip a jobConditionally run or skip a GitLab CI job with rules: and when: never - branch, variable, and merge-request c…
Create review appsSpin up a per-merge-request review app in GitLab CI/CD with a dynamic environment name and an on_stop job tha…
Deploy a Docker image to Docker HubBuild and push a Docker image to Docker Hub from GitLab CI/CD using docker:dind, logging in with a Docker Hub…
Deploy a serverless functionDeploy an AWS Lambda function from GitLab CI/CD by packaging the code and calling aws lambda update-function-…
Deploy to GitLab PagesPublish a static site to GitLab Pages by producing a public/ directory in a job named pages and declaring it…
Deploy static site to S3 + CloudFrontDeploy a built static site to an S3 bucket and invalidate the CloudFront cache from GitLab CI/CD with aws s3…
Deploy on a Git tagTrigger a production deploy in GitLab CI/CD only when a version tag is pushed by gating the job on CI_COMMIT_…
Deploy on a tagTrigger a GitLab CI deploy only on a tag with rules and $CI_COMMIT_TAG, reading the tag name for versioned re…
Deploy to a VPS over SSHDeploy to a Linux VPS from GitLab CI/CD over SSH by loading a private key from a CI variable into ssh-agent a…
Deploy to Amazon ECSDeploy a new image to Amazon ECS from GitLab CI/CD by forcing a new deployment on the service with aws ecs up…
Deploy to AWS via OIDCDeploy to AWS from GitLab CI/CD without long-lived keys by minting an OIDC id_token and exchanging it for sho…
Deploy to AWS with OIDCAuthenticate GitLab CI to AWS without long-lived keys by exchanging the GitLab ID token for temporary credent…
Deploy to Azure via OIDCDeploy to Azure from GitLab CI/CD without a client secret by logging in with az login --federated-token using…
Deploy to GitLab PagesPublish a static site to GitLab Pages from CI/CD with a pages job that outputs to public/ and declares a publ…
Deploy to Cloud RunDeploy a container to Google Cloud Run from GitLab CI/CD with gcloud run deploy, pointing the service at your…
Deploy to KubernetesDeploy to Kubernetes from GitLab CI with a kubectl image, a masked kubeconfig variable, and kubectl rollout s…
Deploy to Kubernetes with kubectlDeploy to a Kubernetes cluster from GitLab CI using kubectl and a base64 kubeconfig stored as a CI/CD variabl…
Deploy to Kubernetes with kubectlDeploy to Kubernetes from GitLab CI/CD using kubectl set image and kubectl rollout status, updating a Deploym…
Deploy with the K8s agentDeploy from GitLab CI/CD to a cluster using the GitLab agent for Kubernetes, getting a kubeconfig context fro…
Deploy to Kubernetes (GitLab agent)Deploy to a cluster from GitLab CI/CD through the GitLab agent for Kubernetes by selecting its context with k…
Deploy to multiple environmentsDeploy to staging then production in GitLab CI/CD with one reusable job template extended per environment, ke…
Deploy with environmentsDeploy with GitLab CI environments using the environment: keyword to track deployments, link to live URLs, an…
Deploy with HelmDeploy a Helm chart from GitLab CI/CD with helm upgrade --install, passing the image tag from the pipeline an…
Fail on lint errorsMake a GitLab CI pipeline fail on lint errors with a dedicated lint job that exits non-zero, and surface find…
Gate deploy on environment approvalRequire an approval before a production deploy in GitLab CI/CD by protecting the environment and adding a req…
Gate prod deploy (when: manual)Require a human click before a production deploy in GitLab CI/CD with when: manual, optionally making the job…
Generate a dynamic pipelineGenerate GitLab CI/CD YAML at runtime in one job, save it as an artifact, and run it as a child pipeline with…
Include external YAMLPull configuration into a GitLab CI/CD pipeline from other files with include, supporting local files, anothe…
Actions to GitLab CIConvert a GitHub Actions workflow to a .gitlab-ci.yml, mapping jobs and needs to stages, uses actions to scri…
Pass artifacts between jobsHand build output from one GitLab CI/CD job to a later stage with artifacts:paths, and pull in only what you…
Pass variables between jobsPass variables between jobs in GitLab CI with dotenv report artifacts, so a value computed in one job becomes…
Publish to GitLab registryBuild and push a container image to the GitLab Container Registry from CI using the built-in CI_REGISTRY cred…
Publish an npm packagePublish an npm package from GitLab CI to npmjs or the GitLab Package Registry - write .npmrc with the CI job…
Publish to the package registryPublish an npm package to the GitLab Package Registry from CI using CI_JOB_TOKEN auth and a scoped .npmrc, so…
Require approval before deployRequire manual approval before a GitLab CI deploy with a protected environment, deployment approvals, and a b…
Retry a failing jobAutomatically retry a failing GitLab CI job with the retry keyword - set max attempts and scope retries to sp…
Retry flaky jobsAutomatically re-run a flaky GitLab CI/CD job with the retry keyword, capping attempts and scoping retries to…
Roll back a deploymentRoll back a deployment in GitLab CI/CD with a manual rollback job that redeploys a previous image tag passed…
Blue-green deployRun a blue-green deploy in GitLab CI/CD by releasing to the idle color, then switching the live pointer in a…
Canary deployRun a canary deploy in GitLab CI/CD by shipping to a small slice of traffic first, then promoting to 100% in…
Matrix across OSRun a GitLab CI job across Linux, Windows, and macOS by combining parallel:matrix with per-OS runner tags so…
Run a job in a containerRun a GitLab CI job in a custom container with the image: keyword, set an entrypoint override, and pull from…
Run a manual job with inputsTrigger a GitLab CI job by hand and let the operator supply values using a manual when:manual job plus pre-fi…
Run on changed pathsRun GitLab CI jobs only when certain files change using rules:changes and the compare_to option for accurate…
Run a job only on mainRun a GitLab CI job only on the main branch with rules: and the CI_COMMIT_BRANCH predefined variable, so depl…
Run a matrix buildRun parallel matrix builds in GitLab CI with parallel:matrix to fan out across versions, plus parallel: N for…
Run a parallel test matrixRun tests across multiple versions in GitLab CI with parallel:matrix, and split a single suite into shards wi…
Run a serviceRun a Postgres service in GitLab CI with the services: keyword - image, aliases, service variables, and how t…
Run on a scheduleRun a GitLab CI/CD pipeline on a cron schedule from the Pipeline schedules UI, and gate jobs to scheduled run…
Smoke test after deployRun a post-deploy smoke test in GitLab CI as a stage after deploy that polls a health endpoint and fails the…
Run a Trivy scanScan a container image for vulnerabilities in GitLab CI with Trivy, fail the pipeline on HIGH or CRITICAL fin…
Run database migrationsRun database migrations in GitLab CI as a gated stage before deploy, connecting with a masked DATABASE_URL an…
Run DB migrations on deployRun database migrations as a dedicated stage before the app deploy in GitLab CI/CD using a resource_group so…
Run docker-in-dockerRun docker-in-docker (dind) in GitLab CI to build and push images, using the docker:dind service, the TLS-ena…
Use private runnersRun GitLab CI jobs on your own private runner pool by matching runner tags with the tags: keyword, and reserv…
Run a matrix of jobsFan one GitLab CI/CD job into many parallel runs across variable combinations with parallel:matrix, testing m…
Run MR pipelinesRun pipelines for merge requests in GitLab CI/CD with rules that match the merge_request_event source, exposi…
Run a security scanRun SAST and dependency scanning in GitLab CI by including the built-in security templates, which add scanner…
Run SAST scanningEnable static application security testing in GitLab CI by including the built-in SAST template so analyzers…
Schedule a nightly deployRun a deploy on a schedule in GitLab CI/CD by creating a pipeline schedule and gating the deploy job on CI_PI…
Schedule a pipelineSchedule a GitLab CI pipeline with pipeline schedules and the $CI_PIPELINE_SOURCE == "schedule" rule to run n…
Set a commit statusSet an external commit status from GitLab CI via the commit statuses API with CI_JOB_TOKEN, so a custom check…
Set a job timeoutSet a job timeout in GitLab CI with the timeout keyword, how it interacts with the project and runner timeout…
Set a job timeoutCap how long a GitLab CI/CD job can run with the timeout keyword, killing a hung job before it consumes the p…
Set an env varSet environment variables in GitLab CI with the variables: keyword at global and job scope, plus dotenv artif…
Set up a merge request pipelineConfigure merge request pipelines in GitLab CI with workflow:rules so jobs run on the MR context, avoiding du…
Set up a monorepo pipelineSet up a monorepo pipeline in GitLab CI with rules:changes per component and parent-child pipelines via trigg…
Set up environmentsTrack deployments in GitLab CI/CD with the environment keyword, recording deployed versions and exposing a li…
Set up review appsSet up review apps in GitLab CI with dynamic environments and on_stop jobs, so every merge request gets a dis…
Review apps per merge requestSpin up a temporary review app per merge request in GitLab CI/CD with a dynamic environment and on_stop job t…
Set up stagesSet up pipeline stages in GitLab CI with the stages: keyword so jobs run in ordered phases like build, test,…
Show a coverage reportSurface code coverage in GitLab CI with a coverage regex for the badge and a coverage_report artifact for the…
Coverage in GitLab CISurface coverage in GitLab CI with the coverage regex for the MR widget and a Cobertura artifact for the diff…
Skip CI from a commitSkip a GitLab CI pipeline with [skip ci] or ci.skip in the commit message or git push option, and how to skip…
Trigger manuallyTrigger a GitLab CI pipeline or job manually - when: manual jobs, manual gates with allow_failure, and the Ru…
Trigger another projectTrigger a downstream pipeline in another GitLab project from CI/CD with trigger:project, passing variables an…
Upload artifactsUpload build artifacts in GitLab CI with artifacts:paths, set expiration with expire_in, and pass artifacts t…
Use a CI/CD catalog componentReuse a published GitLab CI/CD catalog component with include:component and inputs so you pull in tested pipe…
Use a CI/CD componentReuse pipeline logic in GitLab CI with CI/CD Components via include:component, passing inputs, and how it dif…
Use a service containerRun a database or cache alongside a GitLab CI/CD job with the services keyword, connecting integration tests…
Use CI/CD componentsReuse versioned pipeline building blocks in GitLab CI/CD with components, including a component by its path a…
Use CI/CD variablesUse GitLab CI/CD variables for config and secrets, including predefined variables, masked and protected UI va…
Use dynamic child pipelinesGenerate a GitLab CI config at runtime and run it as a child pipeline with trigger:include:artifact, so the p…
Reuse config with extendsCut duplication in GitLab CI/CD with extends to inherit from a hidden template job, and YAML anchors to reuse…
Use includes / templatesUse include: in GitLab CI to compose pipelines from local files, other projects, and remote templates, plus e…
Use needs for a DAGUse needs: in GitLab CI to build a directed acyclic graph so jobs start as soon as their dependencies finish,…
GitLab CI OIDC tokensMint a JWT for keyless cloud auth in GitLab CI with the id_tokens keyword and a chosen aud, replacing the dep…
Use parent-child pipelinesSplit a large GitLab CI/CD config into a parent that triggers child pipelines from separate YAML files, keepi…
Protected and file variablesKeep secrets safe in GitLab CI/CD with protected variables scoped to protected branches, and use file-type va…
Protected variables for prod secretsKeep production secrets out of feature-branch pipelines in GitLab CI/CD by marking CI/CD variables protected…
Conditional jobs with rulesControl when a GitLab CI/CD job runs with rules, combining if conditions, changes filters, and when to add, s…
Use rules / only-exceptUse rules: in GitLab CI to control when jobs run and migrate off the deprecated only/except keywords, with br…
Use rules:if for branchesControl when GitLab CI jobs run using rules:if expressions on predefined variables so a job runs only on the…
Use secretsUse secrets in GitLab CI safely - masked and protected CI/CD variables, file-type variables, and the secrets:…
CircleCI
Task how-tos for CircleCI.
Manual approval before deployPause a CircleCI deploy workflow on a type: approval job so a human clicks Approve before the deploy job runs…
Add SSH keys for deploysAuthenticate SSH-based deploys and private git operations in CircleCI by adding a registered SSH key with the…
Approve a production deployGate a production deploy in CircleCI with a manual approval job, so the deploy waits for a human click in the…
OIDC to AWSAuthenticate CircleCI to AWS with OIDC - use the CIRCLE_OIDC_TOKEN in a context-scoped job to assume an IAM r…
Auto-cancel redundant buildsAuto-cancel redundant CircleCI builds when a newer commit lands on the same branch - enable the project setti…
Fan-in fan-out workflowModel fan-out and fan-in in a CircleCI workflow with the requires key, running independent jobs in parallel a…
Build a multi-arch imageBuild a multi-architecture Docker image in CircleCI using arm and amd resource classes or Buildx with QEMU, p…
Build & push a Docker imageBuild and push a Docker image in CircleCI with setup_remote_docker, log in to a registry, and tag at the comm…
Build and push an imageBuild a Docker image inside a CircleCI Docker executor using setup_remote_docker, then log in and push the ta…
Build with remote DockerBuild Docker images inside a CircleCI docker-executor job using setup_remote_docker, which provisions an isol…
Cache dependenciesCache dependencies in CircleCI with save_cache and restore_cache - checksum-based keys, restore-key fallbacks…
Cache Docker layersCache Docker layers in CircleCI with Docker Layer Caching (DLC) via setup_remote_docker, or with Buildx and a…
Cache Gradle dependenciesCache Gradle dependencies in CircleCI with save_cache and restore_cache keyed on the build.gradle checksum, c…
Cache with restore_keysUse CircleCI save_cache and restore_cache with layered keys so a partial cache hit on restore_keys still warm…
Docker vs machine executorPick the right CircleCI executor: the docker executor for fast containerized jobs, or the machine executor fo…
Conditionally run a jobConditionally run jobs and workflows in CircleCI with when/unless logic, filters:branches, and pipeline param…
Define reusable commandsFactor repeated steps into a named CircleCI command with parameters, then call it across jobs to keep config…
Static site to S3 + CloudFrontDeploy a built static site to an S3 bucket from CircleCI with aws s3 sync, then invalidate the CloudFront cac…
Deploy on a tagDeploy on a tag in CircleCI with filters:tags - including the required ignore-branches workaround so tag jobs…
Deploy on a version tagTrigger a CircleCI deploy only when a version tag like v1.2.0 is pushed using a tag filter plus ignore on bra…
Deploy only on mainRestrict a CircleCI deploy job to the main branch with a workflow branch filter so feature branches build and…
Deploy to S3Sync a built site to an Amazon S3 bucket from CircleCI using the aws-s3 orb with aws-s3/sync, gated to the ma…
Deploy to a VPS over SSHDeploy to a remote VPS from CircleCI by adding a deploy SSH key, then running a remote script over ssh to pul…
Deploy to ECSDeploy a new image to an Amazon ECS service from CircleCI by registering a fresh task definition revision and…
Deploy to EKS with kubectlDeploy to an Amazon EKS cluster from CircleCI by generating a kubeconfig with aws eks update-kubeconfig, then…
Deploy to AWS via OIDCDeploy to AWS from CircleCI without long-lived keys by exchanging the job OIDC token for short-lived credenti…
Deploy to EKS with an orbDeploy a Kubernetes manifest to Amazon EKS from CircleCI with the aws-eks orb, which configures kubectl and a…
Deploy to Cloud RunDeploy a container to Google Cloud Run from CircleCI by authenticating a service account, then running gcloud…
Deploy to HerokuDeploy to Heroku from CircleCI by pushing the container to the Heroku registry and releasing it, or by pushin…
Deploy to KubernetesDeploy to Kubernetes from CircleCI with the kubernetes orb or a kubectl image - configure access from a conte…
Multi-region deploy matrixFan a CircleCI deploy out across several AWS regions with a workflow matrix, running one parameterized deploy…
Deploy to Netlify via CLIDeploy a built site to Netlify from CircleCI using the Netlify CLI with netlify deploy --prod --dir, authenti…
Deploy with HelmDeploy a Kubernetes app from CircleCI with helm upgrade --install, pinning the chart, overriding the image ta…
Blue-green deployRun a blue-green deploy from CircleCI by shipping the new version to the idle color, smoke testing it, then f…
Canary deployRoll out a canary from CircleCI by shipping the new version to a small slice of traffic, watching metrics, th…
Fail on lint errorsMake a CircleCI build fail on lint errors with a dedicated lint job that exits non-zero, run early in the wor…
Filter a workflow by branchRestrict which branches trigger a CircleCI job using workflow branch filters with only and ignore globs, so d…
Filter a workflow by tagsRun a CircleCI job only on Git tags using filters.tags, remembering to set branches.ignore so the job stops t…
Gated production deployProtect a CircleCI production deploy with both a manual approval job and a context restricted to a security g…
Store a coverage reportGenerate a code-coverage report in CircleCI and store it with store_artifacts, or upload it to Codecov with t…
Use the node orbInstall and cache Node dependencies in CircleCI with the official node orb, which detects your package manage…
Pass data between jobsPass data between CircleCI jobs - files via persist_to_workspace/attach_workspace and computed values via a w…
Persist to a workspacePersist files between CircleCI jobs with persist_to_workspace and attach_workspace, so build output flows fro…
Post a Slack notificationPost a Slack notification from CircleCI with the official slack orb - notify on fail or pass using a context-…
Publish a packagePublish an npm package from CircleCI on tagged builds by writing an auth token to .npmrc and gating the publi…
Publish an npm packagePublish an npm package from CircleCI on a tag - authenticate with an NPM_TOKEN from a context and run npm pub…
Push an image to ECRBuild and push a Docker image to Amazon ECR from CircleCI using the aws-ecr orb, authenticating with OIDC or…
Require approval before deployRequire manual approval before a CircleCI deploy with an approval job type in the workflow, pausing the pipel…
Roll back a deployRoll back a bad release from CircleCI with a manually triggered rollback job that redeploys the previous know…
Matrix across OSRun a CircleCI build across Linux, macOS, and Windows by defining per-OS executors and a matrix over a parame…
Run a security scanRun a dependency and SAST security scan in CircleCI with the Snyk orb or a plain npm audit step, failing the…
Run a job locallyRun a single CircleCI job on your own machine with circleci local execute, reproducing a docker-executor job…
Run on a branch patternRun a CircleCI job only on matching branches with filters:branches:only and a regex, plus ignore patterns to…
Run a job only on mainLimit a CircleCI deploy or release job to the main branch with a branches.only filter, keeping tests on every…
Run on success or failureOrder CircleCI jobs with requires so a job runs only after another succeeds, and run cleanup or alerting rega…
Run a serviceRun a Postgres service in CircleCI with multiple Docker images in a job - the secondary image binds to localh…
Scheduled deployRun a CircleCI deploy on a schedule with a scheduled pipeline trigger and a pipeline parameter, so a nightly…
Run a Windows executor jobRun a CircleCI job on a Windows machine executor using the windows orb so you can build and test on Windows w…
Run Cypress testsRun Cypress end-to-end tests in CircleCI using the official cypress orb, which installs the binary, caches it…
Migrate before deployRun database migrations in a CircleCI job that the deploy job requires, so schema changes apply and pass befo…
Run database migrationsRun database migrations in CircleCI as a context-scoped job that runs before deploy, using a secret DATABASE_…
Run Docker ComposeStand up a multi-container test environment in CircleCI by running docker compose on a machine executor so yo…
Use a self-hosted runnerRun CircleCI jobs on your own machines with self-hosted runners - target a runner resource class by its names…
Run on a self-hosted runnerRun a CircleCI job on your own self-hosted runner by targeting a resource class with the machine executor, so…
Run parallel testsRun tests in parallel in CircleCI with parallelism and circleci tests split for timing-based test balancing a…
Schedule a nightly pipelineRun a CircleCI pipeline on a nightly cron with a scheduled trigger, passing pipeline parameters so the schedu…
Schedule a pipelineSchedule a CircleCI pipeline with scheduled pipeline triggers and config parameters - replacing the deprecate…
Set a job timeoutSet timeouts in CircleCI with no_output_timeout on a run step and the project-level step timeout, to kill hun…
Set an env varSet environment variables in CircleCI with the environment: key at job and step scope, and pass dynamic value…
Set up a monorepo pipelineSet up a monorepo pipeline in CircleCI with the path-filtering orb plus setup workflows to run only the confi…
Set up SSH deployDeploy over SSH from CircleCI by adding a registered SSH key with add_ssh_keys, then running rsync or a remot…
Set up workflowsSet up workflows in CircleCI to orchestrate jobs with requires dependencies, fan-in and fan-out, and branch f…
Size with resource_classTune CPU and memory per CircleCI job with resource_class, picking small for cheap linting and large/xlarge fo…
Skip CI by commit messageSkip a CircleCI build by adding [skip ci] or [ci skip] to a commit message, or gate individual jobs on the co…
Split tests by timingSplit a test suite across parallel CircleCI containers using circleci tests split with timing data, so each s…
SSH into a failed jobDebug a CircleCI failure interactively by rerunning the job with SSH enabled, then connecting over SSH to ins…
Store artifactsStore build artifacts in CircleCI with store_artifacts, and hand files to later jobs with persist_to_workspac…
Store test insightsUpload JUnit results in CircleCI with store_test_results to power the Tests tab and Insights, surfacing flaky…
Store test resultsStore test results in CircleCI with store_test_results so the UI shows pass/fail breakdowns, flaky test detec…
Context for deploy secretsInject production deploy secrets into a CircleCI job with a context instead of project env vars, sharing cred…
Use a context for secretsShare secrets across CircleCI projects with a context, attach it to a workflow job, and restrict it with secu…
Custom Docker image executorRun CircleCI jobs in your own prebuilt Docker image instead of a convenience image, pulling from a private re…
Authenticate the docker executorAuthenticate the CircleCI docker executor to a private registry with auth: under the image, using project env…
Use a matrixUse a matrix in CircleCI to run a parameterized job across multiple values, like Node versions, by expanding…
Use approval jobsUse approval jobs in CircleCI to pause a workflow for manual sign-off with type: approval, gating production…
Use conditional stepsUse conditional steps in CircleCI with the when step and pipeline parameters, so a job runs or skips logic ba…
Use contextsUse contexts in CircleCI to share secrets across projects with restricted access, attaching a context to jobs…
Use dynamic config with a setup workflowEnable dynamic config in CircleCI with a setup workflow that generates a continuation config at runtime, so t…
Use executorsUse executors in CircleCI to define reusable execution environments (docker, machine, macos) and share them a…
Use orbsUse orbs in CircleCI to pull in reusable commands, jobs, and executors from the registry, cutting boilerplate…
Use parameters in a jobDefine typed parameters on a CircleCI job and pass values when invoking it from a workflow so one reusable jo…
Use pipeline parametersDeclare pipeline parameters in CircleCI and pass values through the API or the UI, then branch workflow behav…
pre-steps and post-stepsInject setup and teardown around a reusable CircleCI job using pre-steps and post-steps when invoking it in a…
Use secretsUse secrets in CircleCI safely - project environment variables, shared contexts with restricted access, and a…
Use setup_remote_dockerGet a real Docker daemon inside a CircleCI docker-executor job with setup_remote_docker, so you can run docke…
Use the macOS executorBuild and test iOS or macOS projects in CircleCI on the macOS executor, selecting an Xcode version with the x…
Use the path-filtering orbRun only the relevant CircleCI jobs in a monorepo with the path-filtering orb, which sets pipeline parameters…
Use YAML anchorsReduce duplication in a CircleCI config with YAML anchors and aliases, defining a block once with & and reusi…
Validate the configCatch CircleCI config errors locally with circleci config validate and config process, expanding orbs and reu…
Jenkins
Task how-tos for Jenkins.
Abort older buildsCancel a superseded Jenkins build automatically with the milestone step, so when a newer commit starts the st…
Archive artifactsArchive build artifacts in a Jenkins declarative pipeline with archiveArtifacts, controlling fingerprinting,…
Archive build artifactsSave build outputs in Jenkins with archiveArtifacts so binaries, bundles, and reports attach to the build and…
Archive artifactsArchive build artifacts in a Jenkins pipeline with archiveArtifacts, publish test reports with junit, and pas…
Bind a credential with credentials()Inject a stored Jenkins credential into an environment variable with the credentials() helper, so secrets sta…
Build a multi-arch imageBuild a multi-architecture Docker image in a Jenkins pipeline with docker buildx and QEMU, pushing one amd64…
Build a multibranch pipelineSet up a Jenkins Multibranch Pipeline so every branch and pull request with a Jenkinsfile gets its own auto-d…
Build & push a Docker imageBuild and push a Docker image in a Jenkins pipeline with the Docker Pipeline plugin docker.build and withRegi…
Build and push a Docker imageBuild a Docker image in a Jenkins Declarative Pipeline and push it to a registry with docker.withRegistry, ta…
Dynamic parallel{} mapGenerate Jenkins parallel branches at runtime by building a map of closures and passing it to the parallel st…
Build a docker agentRun a Jenkins stage inside a Docker container with the docker agent, so each build gets a clean toolchain ima…
Cache dependenciesCache dependencies in a Jenkins declarative pipeline using stash/unstash or the Job Cacher plugin to persist…
Cache Gradle dependenciesCache Gradle dependencies in a Jenkins pipeline by pinning GRADLE_USER_HOME to a persistent path, or using th…
Get sh status and stdoutCapture a shell command exit code with returnStatus and its output with returnStdout in a Jenkins pipeline, s…
Clean the workspaceWipe the Jenkins workspace before or after a build with cleanWs from the Workspace Cleanup plugin or deleteDi…
Conditionally run a stageConditionally run a Jenkins stage with the when directive - branch, environment, expression, and changeset co…
Catch a step failureLet a Jenkins stage fail without aborting the whole pipeline using catchError, marking the build unstable whi…
Helm to many clustersDeploy one Helm chart to several Kubernetes clusters from a Jenkins Declarative Pipeline by looping over kube…
Deploy a static site to S3Deploy a built static site to an S3 bucket from a Jenkins Declarative Pipeline using aws s3 sync, then invali…
Deploy on a Git tagTrigger a Jenkins deploy stage only for Git tag builds with when { buildingTag } or a tag pattern, so release…
Deploy on a tagDeploy on a tag in a Jenkins multibranch pipeline with the buildingTag and tag when conditions so only tag bu…
Deploy only from mainRestrict a Jenkins deploy stage to the main branch with a when { branch } condition, so build and test run ev…
Deploy over SSHDeploy to a VPS from a Jenkins Declarative Pipeline using the sshagent step to load an SSH key, then rsync th…
Deploy to Amazon ECSDeploy a new container image to an Amazon ECS service from a Jenkins Declarative Pipeline by registering a ta…
Deploy to AWS with a roleDeploy to AWS from a Jenkins Declarative Pipeline by assuming an IAM role with sts assume-role, exporting tem…
Deploy to KubernetesDeploy to Kubernetes from a Jenkins pipeline by binding a kubeconfig credential with withKubeConfig, setting…
Deploy with kubectlDeploy to a Kubernetes cluster from a Jenkins Declarative Pipeline by binding a kubeconfig with withKubeConfi…
Deploy by parameterLet an operator pick the target environment for a Jenkins deploy with a choice parameter, then map that choic…
Deploy to regions in parallelDeploy the same release to several regions at once from a Jenkins Declarative Pipeline using parallel branche…
Deploy via shared libraryCentralize deploy logic in a Jenkins Shared Library and call it from any pipeline with a custom step, so ever…
Deploy with credentials bindingInject secrets into a Jenkins deploy stage with withCredentials, binding stored credentials to environment va…
Deploy with HelmDeploy a Helm chart from a Jenkins Declarative Pipeline using helm upgrade --install, passing the image tag a…
Blue-green deployRun a blue-green deploy from a Jenkins Declarative Pipeline by releasing to the idle color, smoke testing it,…
Canary deployRun a canary deploy from a Jenkins Declarative Pipeline by shifting a small traffic slice to the new version,…
Skip agent for skipped stageSet beforeAgent true so Jenkins checks a stage when condition before spinning up its agent, avoiding a wasted…
Gate prod with approvalGate a production deploy in Jenkins behind a manual approval that auto-aborts after a timeout, wrapping the i…
Branch on a fileRun a Jenkins step only when a file is present using the fileExists step inside a when expression or an if, s…
Discard old buildsCap how many Jenkins builds and artifacts are retained with the buildDiscarder option and logRotator, keeping…
Lock a resourceSerialize access to a shared resource like a staging environment in Jenkins using the lock step from the Lock…
warnError to mark unstableDowngrade a non-critical Jenkins step failure to UNSTABLE with the warnError step or catchError, separating y…
Move files with stash/unstashCarry build output from one Jenkins agent to another with stash and unstash, since parallel stages and differ…
Bind a secret fileExpose a stored Secret file credential as a temporary path with withCredentials in Jenkins, so tools like kub…
Pass data between stagesPass data between Jenkins pipeline stages with environment variables, script-scoped variables, and stash/unst…
Select a tool versionSelect a configured Node.js, JDK, or Maven install for a Jenkins pipeline with the tools block, so the build…
Pin to an agent poolPin a Jenkins pipeline stage to a specific agent pool with agent label expressions, including per-stage agent…
Post a Slack notificationPost a Slack notification from a Jenkins pipeline with the Slack Notification plugin slackSend step in a post…
Promote a buildPromote the exact artifact that passed staging to production in Jenkins by reusing the same build identifier…
Publish a coverage reportPublish a code-coverage report in a Jenkins pipeline with the Coverage plugin recordCoverage step, parsing Co…
Publish to a repo managerPublish a build artifact to Nexus or Artifactory from a Jenkins Declarative Pipeline using curl with a creden…
Publish HTML reportAttach a browsable HTML report such as coverage or Playwright output to a Jenkins build with the publishHTML…
Publish an npm packagePublish an npm package from a Jenkins pipeline - bind an NPM_TOKEN credential, write .npmrc, and run npm publ…
Publish JUnit + coveragePublish JUnit test results and a coverage report in Jenkins with the junit step and the Coverage plugin, so t…
Publish JUnit reportsPublish JUnit test reports in a Jenkins declarative pipeline with the junit step so test results, trends, and…
Publish test resultsPublish JUnit test results to the Jenkins UI with the junit step in a post-always block, so the trend graph a…
Parse readYaml/readJSONParse a YAML or JSON file from the workspace in a Jenkins pipeline with readYaml and readJSON from the Pipeli…
Require approval before deployRequire manual approval before a Jenkins deploy with the input step - pause for a confirm, restrict who can a…
Retry a failing stepRetry a failing step in a Jenkins pipeline with the retry step, combine it with timeout, and use retry(condit…
Roll back a deployRoll back a failed deploy from a Jenkins Declarative Pipeline using a post { failure } block, restoring the p…
Run a security scanRun a dependency security scan in a Jenkins pipeline with OWASP Dependency-Check, publishing the report and f…
Matrix across OSRun a Jenkins matrix across operating systems with the matrix directive and a PLATFORM axis that selects the…
Run a serviceRun a Postgres service in a Jenkins pipeline using docker.image().withRun via the Docker Pipeline plugin so i…
Smoke test after deployRun a post-deploy smoke test in a Jenkins pipeline as a stage after deploy that polls a health endpoint and f…
Use a Windows agentTarget a Windows Jenkins agent for one stage with an agent label and run commands with the bat step instead o…
Run on a branch patternRun a Jenkins pipeline stage only on matching branches with when { branch } using glob or regex comparators,…
Gate a stage by pathRun a Jenkins stage only when matching files changed using the when changeset condition, skipping unrelated w…
Run migrations before deployRun database migrations in a dedicated Jenkins stage before the deploy stage, so schema changes apply first a…
Run database migrationsRun database migrations in a Jenkins pipeline as a dedicated stage before deploy, injecting the DB URL from c…
Run on a Kubernetes agentRun Jenkins pipeline stages in ephemeral Kubernetes pods using the kubernetes plugin and an inline podTemplat…
Run parallel stagesRun parallel stages in a Jenkins declarative pipeline with the parallel block, executing independent test or…
Run parallel stagesRun parallel stages in a Jenkins declarative pipeline with the parallel block, plus matrix for fanning a stag…
Run stages in parallelRun independent Jenkins pipeline stages at the same time with a parallel block, so lint, unit, and integratio…
Run on success or failureRun steps conditionally on outcome in a Jenkins pipeline with the post section - success, failure, unstable,…
Schedule a jobSchedule a Jenkins pipeline with the triggers block - cron for fixed times, H hashing to spread load, and pol…
Schedule a deploySchedule a recurring deploy in a Jenkins Declarative Pipeline with the cron trigger, running a staging or off…
Send email on failureNotify your team when a Jenkins build breaks by sending an email from the post failure block using the Email…
Set a pipeline-wide variableSet a pipeline-wide variable in a Jenkins declarative pipeline with a top-level environment block, and overri…
Set a job timeoutSet a timeout in a Jenkins pipeline with the timeout option at pipeline scope and the timeout step around a s…
Time out one stageBound just one Jenkins stage with the timeout step so a hung deploy or flaky test is aborted without capping…
Set an env varSet environment variables in a Jenkins declarative pipeline with the environment block at pipeline and stage…
Set build retentionKeep Jenkins disk usage in check by setting build retention with buildDiscarder in the pipeline options so ol…
Rename a buildRename a Jenkins build and set its description from the pipeline with currentBuild.displayName and currentBui…
Set up a monorepo pipelineSet up a monorepo pipeline in Jenkins by gating each component stage with when:changeset so only the parts of…
Target agents by labelTarget Jenkins agents by label with agent { label }, pin stages to specific nodes, and run stages inside Dock…
Call another jobStart another Jenkins job from a pipeline with the build step, passing parameters and choosing whether to wai…
Trigger on cronTrigger a Jenkins declarative pipeline on a schedule with the triggers block - cron for timed builds and poll…
Trigger downstream jobsTrigger another Jenkins job from a pipeline with the build step, passing parameters and choosing whether to w…
Use a Jenkinsfile with a shared libraryReuse pipeline code across Jenkins repos with a shared library, loading it via @Library and calling custom st…
Use a matrixUse the matrix directive in a Jenkins declarative pipeline to run a set of stages across axis combinations li…
Use matrix in scripted pipelineFan out builds across combinations in a Jenkins scripted pipeline by generating a map of parallel branches wi…
Load an SSH keyLoad an SSH private-key credential into the agent for a block of steps with sshagent from the SSH Agent plugi…
Bind credentialsUse the credentials() helper and withCredentials block in a Jenkins pipeline to inject secrets as masked envi…
Use environment credentialsInject stored Jenkins credentials into pipeline steps with the credentials() helper in an environment block s…
Use parametersUse the parameters block in a Jenkins declarative pipeline to add a Build with Parameters form with string, c…
Use post conditionsUse the post {} block in a Jenkins declarative pipeline to run cleanup, notifications, and reporting on alway…
Use secretsUse secrets in a Jenkins pipeline with the Credentials plugin - the credentials() helper, withCredentials bin…
Use shared librariesUse Jenkins shared libraries to package reusable pipeline code, load them with @Library, and call custom step…
Use stages and stepsUse stages and steps in a Jenkins declarative pipeline to structure work into visible phases, each containing…
Inject prod secretsInject production secrets into a Jenkins deploy with the credentials() helper in an environment block, bindin…
Set env vars with environment{}Set environment variables in a Declarative Jenkins pipeline with the environment block at pipeline or stage s…
Use the input step for approvalPause a Jenkins declarative pipeline for human approval using the input directive so a deploy stage waits for…
Use when conditionsUse the when {} directive in a Jenkins declarative pipeline to run a stage only when branch, environment, exp…
Write a declarative JenkinsfileWrite a declarative Jenkinsfile with the pipeline, agent, and stages blocks - the structured, opinionated syn…
Azure Pipelines
Task how-tos for Azure Pipelines.
Approvals and checksProtect an Azure Pipelines environment with approvals and checks so any deployment job targeting it pauses un…
Add approvals and gatesRequire manual approval before a deploy in Azure Pipelines using environments and deployment jobs - configure…
OIDC / workload identityAuthenticate Azure Pipelines to Azure with a workload identity federation service connection - short-lived OI…
Build a multi-arch imageBuild a multi-architecture Docker image in Azure Pipelines with Docker Buildx and QEMU, pushing a single amd6…
Multi-stage CI/CDWire a full build, test, and deploy flow in Azure Pipelines as a multi-stage pipeline, publishing an artifact…
Build and push a containerBuild and push a Docker image from Azure Pipelines with the Docker@2 task, using a container registry service…
Build & push a Docker imageBuild and push a Docker image in Azure Pipelines with the Docker@2 task and a container registry service conn…
Cache build dependenciesCache npm, pip, or other dependencies in Azure Pipelines with the Cache@2 task using a lockfile-hashed key an…
Cache dependenciesSpeed up Azure Pipelines by caching a package store with the Cache@2 task, keyed on a lockfile hash so unchan…
Cache dependenciesCache dependencies in Azure Pipelines with the Cache@2 task - lockfile-based keys, restoreKeys fallbacks, and…
Cache Docker layersCache Docker layers in Azure Pipelines with Buildx and a registry-backed cache, or the Cache@2 task with Buil…
Cache npm dependenciesCache npm dependencies in Azure Pipelines with the Cache@2 task keyed on package-lock.json so node_modules in…
Conditionally run a stageConditionally run a job or stage in Azure Pipelines with the condition: key and expression functions like eq,…
Run a stage conditionallyRun an Azure Pipelines stage or job only when a condition holds using the condition key with expressions like…
Build a multi-stage pipelineBuild a build-test-deploy multi-stage pipeline in Azure Pipelines with dependsOn chaining and condition so de…
Use service connectionsAuthenticate to Azure, Docker registries, and other services in Azure Pipelines with service connections - cr…
Define stages and jobsStructure an Azure Pipeline with stages, jobs, and steps. Learn the hierarchy, dependsOn ordering, and when e…
Deploy a Bicep templateDeploy an ARM or Bicep template from Azure Pipelines with the AzureResourceManagerTemplateDeployment task, su…
Deploy to Container AppsDeploy a container image to Azure Container Apps from Azure Pipelines with the AzureContainerApps@1 task, pas…
Deploy a DACPAC to Azure SQLPublish a database schema to Azure SQL from Azure Pipelines with the SqlAzureDacpacDeployment task, deploying…
Deploy static site to StorageUpload a built static site to an Azure Storage static website and purge the CDN endpoint from Azure Pipelines…
Deploy to Azure Web AppDeploy a built package to Azure App Service from Azure Pipelines with the AzureWebApp@1 task, pointing it at…
Deploy a web appDeploy a built package to Azure App Service from Azure Pipelines with the AzureWebApp@1 task, pointing it at…
Deploy across stagesPromote a build through dev, staging, and prod stages in Azure Pipelines by chaining stages with dependsOn so…
Blue-green / canary deployRoll out a deployment gradually in Azure Pipelines with the canary strategy of a deployment job, using preDep…
Deploy infra with TerraformProvision Azure infrastructure from Azure Pipelines with Terraform by running init, plan, and apply through t…
Deploy on a Git tagTrigger a deploy in Azure Pipelines only when a version tag is pushed by filtering the CI trigger on refs/tag…
Deploy on a tagTrigger an Azure Pipelines deploy on a tag with trigger.tags and gate the deploy stage by checking Build.Sour…
Deploy to a VM over SSHCopy a build to a remote server and restart it from Azure Pipelines using the CopyFilesOverSSH and SSH tasks…
Deploy to AKSDeploy to Azure Kubernetes Service from Azure Pipelines using the KubernetesManifest task and a Kubernetes se…
Deploy to AKSDeploy Kubernetes manifests to Azure Kubernetes Service from Azure Pipelines with the KubernetesManifest@1 ta…
Deploy to an Azure Web AppDeploy a build to an Azure Web App from Azure Pipelines with AzureWebApp@1 - a service connection, the app na…
Deploy to App ServiceDeploy a web app to Azure App Service from Azure Pipelines with the AzureWebApp task using a service connecti…
Deploy to slots and swapDeploy to a staging deployment slot in Azure Pipelines with AzureWebApp, warm it up, then swap it into produc…
Deploy to AWS via OIDCDeploy to AWS from Azure Pipelines without static keys by federating with an AWS service connection that uses…
Deploy Azure FunctionsDeploy a function app to Azure Functions from Azure Pipelines with the AzureFunctionApp@2 task, supplying the…
Deploy to GCP via OIDCDeploy to Google Cloud Run or GKE from Azure Pipelines without service account keys by federating with Worklo…
Deploy to KubernetesDeploy to Kubernetes from Azure Pipelines with the KubernetesManifest@1 task using a Kubernetes service conne…
Multi-region deployDeploy the same build to several Azure regions at once in Azure Pipelines with a matrix strategy that fans a…
Deploy with environment approvalRun a deployment job against a pipeline environment in Azure Pipelines so an approval check on that environme…
Deploy with HelmInstall or upgrade a Helm chart to a Kubernetes cluster from Azure Pipelines with the HelmDeploy@0 task, sett…
Extend a templateStandardize pipelines by extending a base template in Azure Pipelines with the extends keyword and typed para…
Gate prod with manual validationPause an Azure Pipelines deploy for human sign-off with the ManualValidation task in an agentless job, so pro…
Gate production with approvalHold an Azure Pipelines production deploy until a person approves by targeting an environment that has an App…
Gate with manual approvalRequire a human approval before an Azure Pipelines deploy by adding an approval check to the target environme…
Order stages with dependsOnControl stage execution order in Azure Pipelines with dependsOn, chaining build, test, and deploy stages so e…
Pass a variable between jobsPass a variable between jobs in Azure Pipelines with an output variable (isOutput=true) and a dependsOn depen…
Publish a coverage reportPublish a code-coverage report in Azure Pipelines with the PublishCodeCoverageResults task, rendering Cobertu…
Publish a NuGet packagePack and push a NuGet package from Azure Pipelines to an Azure Artifacts feed using the NuGetCommand task, so…
Publish an npm packagePublish an npm package in Azure Pipelines with the npmAuthenticate task and npm publish, targeting an Azure A…
Publish and download artifactsPass files between jobs and stages in Azure Pipelines with PublishPipelineArtifact and DownloadPipelineArtifa…
Publish and download artifactsMove build output between jobs in Azure Pipelines with PublishPipelineArtifact and DownloadPipelineArtifact,…
Publish artifactsPublish build artifacts in Azure Pipelines with PublishPipelineArtifact and download them in a later job with…
Publish pipeline artifactsPersist build outputs in Azure Pipelines with the PublishPipelineArtifact task so later jobs and stages can d…
Publish test results and coverageSurface test outcomes and coverage in Azure Pipelines with PublishTestResults@2 and PublishCodeCoverageResult…
Publish test resultsPublish test results to the Azure Pipelines Tests tab with PublishTestResults@2, using JUnit format and condi…
Push to ACR and deployBuild and push a Docker image to Azure Container Registry with the Docker@2 task, then deploy it to App Servi…
Register self-hosted agentsSet up a self-hosted agent for Azure Pipelines - create an agent pool, register the agent with a PAT, and tar…
Require approval before deployRequire manual approval before an Azure Pipelines deploy with an environment that has approval checks and a d…
Retry a failing taskRetry a failing task in Azure Pipelines with retryCountOnTaskFailure, plus job-level retries via the strategy…
Reuse pipeline templatesAvoid copy-paste in Azure Pipelines with step, job, and stage templates - pass parameters, set defaults, and…
Run a script stepRun shell scripts in Azure Pipelines with the Bash@3 and PowerShell@2 tasks, choosing inline scripts or a fil…
Matrix across OSRun an Azure Pipelines build across Linux, macOS, and Windows by parameterizing vmImage from a strategy.matri…
Run a container buildBuild and push a container image in Azure Pipelines with the Docker@2 task and an Azure Container Registry se…
Run a container jobRun an Azure Pipelines job inside a Docker container with the container key so steps execute in a pinned imag…
Run a security scanRun a dependency security scan in Azure Pipelines with the dependency-check task or an npm audit step, failin…
Run a container jobRun every step of an Azure Pipelines job inside a Docker image with the container keyword, so the whole job u…
Run a job in a containerRun an Azure Pipelines job inside a container with the container property, including a private-registry endpo…
Run a matrix across OSRun a job across Linux, Windows, and macOS in Azure Pipelines with a strategy matrix that swaps the vmImage p…
Run a matrix buildRun a matrix build in Azure Pipelines with strategy:matrix to fan a job across versions, plus maxParallel and…
Run on changed pathsRun an Azure Pipeline only when certain files change using trigger paths include/exclude, and gate stages wit…
Run a service containerRun a Postgres service container in Azure Pipelines with the resources:containers and services: keys so integ…
Scheduled nightly deployDeploy on a schedule in Azure Pipelines with a YAML cron trigger, so a nightly build promotes to a staging en…
Run a script step with bashRun shell commands in Azure Pipelines with the Bash@3 task so scripts execute under bash on Linux and macOS a…
Run migrations before deployRun database migrations as a separate stage before the app deploy in Azure Pipelines, so the schema is update…
Run database migrationsRun database migrations in Azure Pipelines as a deployment job before app rollout, mapping a secret DATABASE_…
Run jobs in parallelFan one Azure Pipelines job out into parallel jobs with a matrix strategy, defining named legs that each set…
Use a self-hosted poolRun Azure Pipelines jobs on your own agents by targeting a self-hosted pool with pool.name and routing to spe…
Run on a self-hosted poolRoute Azure Pipelines jobs to your own machines with a self-hosted agent pool, naming the pool and using dema…
Run parallel jobsRun jobs concurrently in Azure Pipelines by declaring independent jobs without dependsOn, plus parallel slici…
Run az with a service connectionRun authenticated az commands in Azure Pipelines with the AzureCLI@2 task, passing an azureSubscription servi…
Schedule a pipelineSchedule an Azure Pipeline with the schedules: block - cron syntax, branch include/exclude, and the always fl…
Set a job timeoutSet a job timeout in Azure Pipelines with timeoutInMinutes, the zero-means-unlimited caveat, and cancelTimeou…
Set a variableSet variables in Azure Pipelines with the variables: block and dynamically at runtime via the logging command…
Set output variables between jobsPass a value from one Azure Pipelines job to another with an isOutput logging command and dependencies.<job>.…
Set pipeline-level variablesDefine variables at the pipeline level in Azure Pipelines so every job and step can read them with the $(Var)…
Set up a monorepo pipelineSet up a monorepo pipeline in Azure Pipelines with per-component pipelines using path filters, or one pipelin…
Sign in with OIDC to AWSAuthenticate Azure Pipelines to AWS with an OIDC workload identity service connection, assuming an IAM role w…
Matrix across versionsRun an Azure Pipelines test job against several language versions at once with a matrix that sets a version v…
PR triggersValidate pull requests in Azure Pipelines with a pr trigger that runs on PRs into target branches, the basis…
Filter CI triggersControl when an Azure Pipelines CI run starts with trigger filters on branches, tags, and paths, so unrelated…
Use a deployment job with environmentUse an Azure Pipelines deployment job targeting a named environment to get deployment history, approvals, and…
Deployment job with environmentTrack and gate releases in Azure Pipelines with a deployment job that targets a named environment, recording…
Use a matrix strategyFan a job out across versions or configurations in Azure Pipelines with strategy.matrix, named legs, maxParal…
Use a reusable templateReuse pipeline logic in Azure Pipelines with YAML templates - define a steps/jobs template with parameters an…
Use a rolling deploymentDeploy gradually across machines in Azure Pipelines using a deployment job with the rolling strategy so updat…
Use a template with parametersReuse pipeline logic in Azure Pipelines by defining a parameterized template and passing typed parameters whe…
Use a variable group (library)Share values across Azure Pipelines runs by linking a Library variable group with the group keyword, then ref…
Use conditions and expressionsControl when stages, jobs, and steps run in Azure Pipelines with condition expressions - succeeded, eq, and,…
Output variables across stagesPass a value from one Azure Pipelines job or stage to another with the isOutput logging command and dependenc…
Use secret variablesKeep credentials out of Azure Pipelines logs by marking variables secret in the UI or a variable group, then…
Use secretsUse secrets in Azure Pipelines safely - secret pipeline variables, variable groups linked to Key Vault, and m…
Filter triggers by branchControl which pushes and pull requests run an Azure Pipeline with trigger and pr branch include/exclude filte…
Use variable groups and secretsShare variables and secrets across Azure Pipelines with library variable groups - link them, mark secrets, an…
Use variable templatesShare variables across Azure Pipelines with a variable template file, including it under variables so many pi…
Federated (OIDC) auth to AzureAuthenticate Azure Pipelines to Azure without stored secrets using a workload identity federation service con…
Bitbucket
Task how-tos for Bitbucket Pipelines.
Add a manual stepPause a Bitbucket Pipelines run for human sign-off by adding trigger: manual to a step, so a deploy waits for…
OIDC to AWSAuthenticate Bitbucket Pipelines to AWS with OIDC - enable oidc: true on the step and use the BITBUCKET_STEP_…
Build a monorepo conditionallyBuild only the changed package in a Bitbucket Pipelines monorepo using step condition changesets includePaths…
Build a multi-arch imageBuild a multi-architecture Docker image in Bitbucket Pipelines with the docker service, Buildx, and QEMU, pus…
Build across versionsRun a Bitbucket Pipelines build across multiple versions with parallel steps and a YAML anchor, since Bitbuck…
Build and push an imageBuild a Docker image in Bitbucket Pipelines by enabling the docker service for a privileged daemon, then push…
Build & push a Docker imageBuild and push a Docker image in Bitbucket Pipelines by enabling the docker service and using docker build/pu…
Build + push Docker imageBuild and push a Docker image from Bitbucket Pipelines by enabling the docker service, logging in to the regi…
Build and push to a registryBuild a Docker image in Bitbucket Pipelines and push it to a registry, enabling the docker service so the bui…
Cache dependenciesCache dependencies in Bitbucket Pipelines with the caches key, reusing the built-in node cache or defining a…
Cache dependenciesSpeed up Bitbucket Pipelines by caching dependency directories with the caches key, so npm and other installs…
Cache dependenciesCache dependencies in Bitbucket Pipelines with the caches: keyword - built-in node/pip caches and custom cach…
Cache Docker layersCache Docker layers in Bitbucket Pipelines with the built-in docker cache, or push a registry-backed Buildx c…
Branch-specific pipelinesRun different Bitbucket Pipelines steps per branch with the branches section, matching exact names or glob pa…
Create custom manual pipelinesAdd on-demand pipelines in Bitbucket with the custom key - manual triggers from the UI, plus variables that p…
Define a basic pipelineDefine a minimal Bitbucket Pipelines build by adding a bitbucket-pipelines.yml at the repo root with a defaul…
Define a custom pipelineDefine an on-demand Bitbucket Pipelines workflow under the custom section, runnable from the Run pipeline men…
Define a custom pipeline triggerCreate a manually triggered Bitbucket Pipelines workflow under the custom: section so an operator can run a n…
S3 + CloudFront deployBuild a static site, sync it to an S3 bucket, and invalidate the CloudFront cache from Bitbucket Pipelines so…
Deploy on a tagDeploy on a tag in Bitbucket Pipelines with the tags: pipeline section and glob patterns so only matching tag…
Tag-triggered deployTrigger a release deploy in Bitbucket Pipelines only when a Git tag is pushed using the tags section with a g…
main-only deployRestrict deploys to the main branch in Bitbucket Pipelines by placing the deploy step under branches: main, s…
Test to staging to prodPromote a build through test, staging, and production in Bitbucket Pipelines using the deployment key on each…
VPS deploy over SSHDeploy to a VPS from Bitbucket Pipelines using the repository SSH key to run remote deploy commands over an a…
Amazon ECS deployDeploy to Amazon ECS from Bitbucket Pipelines by registering a new task definition revision and forcing a ser…
Deploy to AWSDeploy to AWS from Bitbucket Pipelines by configuring AWS credentials as secured repository variables and run…
AWS deploy via OIDCDeploy to AWS from Bitbucket Pipelines without static keys by enabling OIDC on a deployment step and assuming…
Azure Web App deployDeploy to an Azure App Service from Bitbucket Pipelines by logging in with a service principal and running az…
EKS / Kubernetes deployDeploy to an EKS or any Kubernetes cluster from Bitbucket Pipelines by writing a kubeconfig from a secured va…
Firebase Hosting deployDeploy a site to Firebase Hosting from Bitbucket Pipelines using the firebase-tools CLI with a service accoun…
GCP Cloud Run deployDeploy a container to Google Cloud Run from Bitbucket Pipelines by activating a service account key and runni…
Deploy to KubernetesDeploy to Kubernetes from Bitbucket Pipelines with a kubectl image and a base64 kubeconfig repository variabl…
Netlify deployDeploy a site to Netlify from Bitbucket Pipelines with the netlify-cli, using an auth token and site id to pu…
aws-s3-deploy pipeDeploy a folder to S3 from Bitbucket Pipelines with the official atlassian/aws-s3-deploy pipe, passing the bu…
Manual deploy stepMake a deploy step wait for a human click in Bitbucket Pipelines with trigger: manual, so the build runs auto…
Self-hosted runner deployRun a Bitbucket Pipelines deploy on a self-hosted runner with runs-on labels, so the deploy executes inside y…
Helm deployDeploy a Helm chart from Bitbucket Pipelines using helm upgrade --install with --atomic and --wait so a faile…
Deploy with pipesDeploy from Bitbucket Pipelines using a pipe, a prepackaged integration that wraps a deploy action behind a f…
Blue-green deployRun a blue-green deploy from Bitbucket Pipelines by releasing to the idle color, health-checking it, then swi…
Fail on lint errorsMake a Bitbucket Pipelines run fail on lint errors with a dedicated lint step that exits non-zero, placed bef…
Store a coverage reportGenerate code coverage in Bitbucket Pipelines and keep it with artifacts, or upload to Codecov so coverage sh…
Increase step memoryGive a Bitbucket Pipelines step more memory by setting size: 2x (or higher), doubling the RAM available for m…
Pass artifacts between stepsShare build output across Bitbucket Pipelines steps with the artifacts key - declare paths in the producing s…
Pass artifacts between stepsPass build output between Bitbucket Pipelines steps with the artifacts key, which uploads matching paths and…
Pass artifactsPass build artifacts between steps in Bitbucket Pipelines with the artifacts: keyword and glob paths so a lat…
Publish an npm packagePublish an npm package in Bitbucket Pipelines from a tag pipeline - write .npmrc with a secured NPM_TOKEN and…
Require approval before deployRequire manual approval before a Bitbucket Pipelines deploy with a manual-trigger step plus deployment enviro…
Retry a failing stepRetry a failing step in Bitbucket Pipelines - the manual rerun of failed steps and a script-level bash retry…
Reuse config with anchorsAvoid duplicate step config in Bitbucket Pipelines with YAML anchors and aliases, defining a step once under…
Roll back a deployRoll back a bad release from Bitbucket Pipelines with a custom pipeline that takes a target version as a vari…
Run a security scanRun a dependency security scan in Bitbucket Pipelines with a Snyk pipe or a plain npm audit step, failing the…
Run a parallel step setRun multiple Bitbucket Pipelines steps at once with a parallel block, so lint, unit, and build steps execute…
Run a serviceRun a Postgres service in Bitbucket Pipelines with definitions:services and the step services: list so integr…
Scheduled deployRun a deploy on a schedule in Bitbucket Pipelines by defining a custom pipeline and attaching a cron schedule…
Run a step in an imageRun a Bitbucket Pipelines step in a specific Docker image with the image keyword at global or step level, inc…
Run a step with a larger sizeGive a memory-hungry Bitbucket Pipelines step more resources by setting size: 2x or higher so heavy builds ge…
Run after-script cleanupRun teardown logic regardless of step outcome in Bitbucket Pipelines with after-script, which executes after…
Run after-scriptRun teardown or reporting commands in Bitbucket Pipelines with after-script, which executes even when the mai…
Run steps by branchRun different Bitbucket Pipelines steps per branch with the branches key and glob patterns, plus the conditio…
Migrate then deployRun database migrations before the deploy step in Bitbucket Pipelines so the schema is updated first and a fa…
Run database migrationsRun database migrations in Bitbucket Pipelines as a deployment-scoped step before the deploy step, using a se…
Run docker-in-dockerBuild Docker images inside Bitbucket Pipelines by enabling the docker service so docker build and docker push…
Run integration tests with servicesRun integration tests in Bitbucket Pipelines against a database service like Postgres, defined under definiti…
Use a self-hosted runnerRun Bitbucket Pipelines steps on your own machines with self-hosted runners by matching the runner labels in…
Run parallel stepsRun independent Bitbucket Pipelines steps at the same time with the parallel key to cut wall-clock time on li…
Run parallel stepsRun steps in parallel in Bitbucket Pipelines with the parallel: keyword to fan out test and lint steps and cu…
Pull request pipelinesRun a pipeline only when a pull request is open with the pull-requests section, which merges the source and d…
Run steps in parallelRun independent Bitbucket Pipelines steps at the same time with a parallel block, cutting wall-clock time for…
Run on changed filesSkip a Bitbucket Pipelines step unless matching files changed using condition with changesets includePaths, a…
Tag pipelinesTrigger a Bitbucket Pipelines release build only when a Git tag is pushed using the tags section with a glob…
Schedule a pipelineSchedule a Bitbucket pipeline with Pipeline schedules in repository settings, targeting a branch and a defaul…
Schedule pipelinesRun a Bitbucket pipeline on a recurring schedule using Pipeline schedules in the UI, plus a custom pipeline t…
Set a commit statusSet a custom build status on a commit in Bitbucket Pipelines via the build-status REST API with the access to…
Set a step Docker imagePin the build environment in Bitbucket Pipelines by setting a Docker image globally or per step, including pr…
Set a step timeoutSet a step timeout in Bitbucket Pipelines with max-time, plus the global pipeline maximum, to kill hung steps…
Set a variableSet variables in Bitbucket Pipelines - repository/workspace variables, inline export in scripts, and passing…
Set clone depthControl how much history Bitbucket Pipelines fetches with the clone depth setting, shrinking checkouts for sp…
Set step max-timeCap how long a Bitbucket Pipelines step can run with max-time in minutes, so a hung command is killed instead…
Set up a monorepo pipelineSet up a monorepo pipeline in Bitbucket Pipelines with the condition.changesets includePaths key so a step ru…
Set up an after-scriptRun cleanup or notification commands after a Bitbucket Pipelines step with after-script, which executes wheth…
Set up branch-specific pipelinesRun different Bitbucket Pipelines steps per branch by defining entries under the branches: section so main, d…
Scheduled pipelinesRun a Bitbucket Pipelines build on a cron schedule from the Schedules UI, pointing it at a branch and a named…
Show test results in the UISurface test results in the Bitbucket Pipelines UI by writing JUnit XML to test-results/ where Bitbucket auto…
Track deploymentsMark a Bitbucket Pipelines step as a deployment with the deployment key so it shows up in the Deployments das…
Trigger a pipeline via APITrigger a Bitbucket pipeline programmatically through the REST API, posting a target branch and a custom pipe…
Trigger manuallyTrigger a Bitbucket Pipelines step manually with trigger: manual, and run custom on-demand pipelines defined…
Use a custom build imageRun Bitbucket Pipelines steps in a custom Docker image by setting the image key globally or per step, includi…
Use a custom Docker imageRun Bitbucket Pipelines steps inside a custom Docker image, setting image globally or per step and authentica…
Use a database serviceAttach a Postgres or Redis service to a Bitbucket Pipelines step using the services key and definitions, so i…
Use a private Docker imageRun a Bitbucket Pipelines step on a private Docker image by supplying registry credentials in the image defin…
Secured deploy variablePass secrets to a Bitbucket Pipelines deploy with secured deployment variables, which are masked in logs and…
Use a self-hosted runnerRoute a Bitbucket Pipelines step to your own self-hosted runner with the runs-on key, matching the labels you…
Use step cachesSpeed up Bitbucket Pipelines with the caches key - the built-in node cache and custom caches with a key and p…
Use deployment environmentsTrack deploys in Bitbucket Pipelines with the deployment key - tag steps as test, staging, or production to p…
Use deployment environmentsTrack releases in Bitbucket Pipelines with deployment environments, tagging a step with deployment so the Dep…
Use parallel with cachesRun Bitbucket Pipelines steps concurrently with a parallel block while each step restores the node cache so a…
Use pipesReuse prebuilt integrations in Bitbucket Pipelines with pipes - call a pipe with the pipe key and variables t…
Use repo and deployment variablesConfigure secrets and config in Bitbucket Pipelines with repository, workspace, and deployment variables - wh…
Use secretsUse secrets in Bitbucket Pipelines with secured repository, deployment, and workspace variables that are mask…
Use secured variablesUse repository, deployment, and workspace variables in Bitbucket Pipelines, marking secrets as secured so the…
Use Postgres and Redis servicesRun Postgres or Redis alongside a Bitbucket Pipelines step with the services key and definitions block so int…
Use size 2x for more memoryGive a memory-hungry Bitbucket Pipelines step more RAM with the size key (2x, 4x), and split the budget corre…
Write bitbucket-pipelines.ymlAuthor your first bitbucket-pipelines.yml - the pipelines, default, branches structure, steps with scripts, a…
Explore other topics
GitHub ActionsWorkflow, runner, and YAML errors - diagnosed and fixed.
Node.js & npmnpm, yarn, and pnpm failures in CI - solved.
DockerBuild, run, compose, and registry errors - explained.
Pythonpip, poetry, venv, and pytest failures - fixed.
Java & JVMMaven, Gradle, and JVM failures in CI - resolved.
GoGo build, module, and test failures - diagnosed.