Okay, here is a refined list of questions about GitHub Actions, grouped by low-level concepts suitable for a beginner's guide. The questions have been made more uniform in tone, as if asked by a single learner seeking clarification.
1. Fundamentals & Core Concepts
_ How do I enable or find the Actions tab in my GitHub repository or account settings?
_ What is the required naming convention and location for workflow files (e.g., .yml
files) within the .github
directory?
_ What are the prerequisites, like knowledge of YAML, needed to start writing GitHub Actions workflows?
_ What are the core concepts of GitHub Actions, including workflows, jobs, steps, and actions themselves?
_ Where do GitHub Actions workflows actually execute? Is it on GitHub servers, AWS, or somewhere else?
_ What is the significance of hyphens (-
) and indentation in the Actions YAML syntax? How does it differentiate uses
from run
steps?
_ What does the github.action_path
context variable represent within a workflow?
_ Is the actions/checkout@v2
step always necessary at the beginning of a job, or are there cases where it can be omitted?
_ Can you clarify the difference between a GitHub Actions "workflow" and an "action"?
_ What defines a "CI/CD pipeline" in the context of GitHub Actions, versus just a simple workflow?
2. Workflow Triggers & Events (on:
keyword)
_ Do workflows triggered by push
events run if the push originates from a local merge without a corresponding Pull Request on GitHub?
_ Can a workflow be automatically triggered when a new repository is created within an organization?
_ How can a workflow_dispatch
event trigger a workflow definition that only exists on a non-default branch?
_ Is it possible to configure a workflow to trigger both on push and manually via workflow_dispatch
?
_ Can the ability to manually trigger a workflow_dispatch
event be restricted to specific users or roles?
_ Do input parameters with default values defined for workflow_dispatch
get used when the workflow is triggered by other events like push
?
_ How can an external event, like a successful Vercel deployment, trigger a GitHub Actions workflow (perhaps using repository_dispatch
)?
_ How can a workflow run be manually initiated from the GitHub UI or API?
_ How can workflow triggers be configured to run only when specific file paths are modified, or to ignore changes in certain paths?
_ What are common reasons a workflow might not trigger after a push
event, even if the YAML file seems correct?
_ Can scheduled workflows (on: schedule
) bypass branch protection rules that require approvals?
_ How can I ensure workflow triggers (like push
) aren't overly sensitive and run only for relevant code changes, not just dependency updates or minor file changes?
3. Workflow Syntax, Structure & Logic (Jobs, Steps, Conditionals, Versions)
_ How can I pass data or variables between different jobs in the same workflow?
_ How can I pass data between different steps within the same job?
_ What is the recommended order for build and test steps in a CI workflow?
_ How does GitHub Actions handle file paths? If a step fails because it can't find a file (like pom.xml
), what should I check?
_ Is step X (e.g., AWS credential setup in a deploy job) necessary when doing Y (e.g., deploying via kubeconfig)? How can I determine required steps?
_ What are action versions (e.g., @v2
, @master
, @2.0.0
)? What is the impact of using different version types, and which is recommended?
_ How frequently do steps like npm install
run? Does it happen on every single commit?
_ How can I implement conditional logic in a workflow (e.g., run a step only if a previous step failed, or based on branch name)?
_ How can a workflow job be configured to fail based on the results of an external tool (like SonarQube or Trivy)?
_ If a workflow file has multiple jobs defined, in what order do they execute? How can I control the execution order?
_ What are the different input types available for workflow_dispatch
(e.g., dropdowns, multi-select)?
_ How does input validation work for workflow_dispatch
triggers (e.g., enforcing required: true
)?
_ Is it possible to have workflow_dispatch
inputs that change dynamically based on previous selections?
_ What does if: always()
mean in a step condition, and when should it be used?
4. Reusable Workflows & Composite Actions _ How are secrets handled or accessed within reusable workflows? Do they inherit from the caller? _ What is the difference between a composite action and a reusable workflow? When should I use each? _ How can I execute a script located within the repository of a reusable workflow or composite action itself? _ How can I reference a composite action that is defined within the same repository as the calling workflow? _ What is the mechanism for passing output data from one composite action step to be used as input for a subsequent composite action step? _ What permissions are needed to use a composite action or reusable workflow defined in a different repository within the same organization? _ Are composite actions and reusable workflows available for private repositories on all paid plans, or only Enterprise? _ How do composite actions and reusable workflows interact when nested (e.g., a reusable workflow using a composite action)? What are common pitfalls, like checkout path issues?
5. Runners & Execution Environments (GitHub-Hosted, Self-Hosted, ARC)
_ How can I troubleshoot connectivity between a self-hosted runner and services on my local network or private cloud?
_ What network protocols and ports are required for a self-hosted runner to communicate with GitHub.com or GitHub Enterprise Server?
_ How are self-hosted runner registration tokens managed, do they expire, and how can runners maintain long-term registration?
_ Do jobs run on self-hosted runners consume included GitHub Actions minutes?
_ How can multiple jobs be run in parallel on a single self-hosted runner machine? What are the configuration options?
_ Why might a self-hosted runner process fail to access OS environment variables?
_ What should I check if jobs are stuck 'Waiting for a runner' even when self-hosted or organization runners seem available?
_ How can I view the labels assigned to a specific self-hosted runner?
_ What steps are needed to troubleshoot and bring an offline self-hosted runner back online?
_ Is it possible to install and run multiple self-hosted runner instances on the same machine?
_ Can a single self-hosted runner instance serve multiple repositories?
_ What is the process for setting up and running a self-hosted runner inside a Docker container?
_ How can a self-hosted runner be configured on a shared machine for multiple users or teams?
_ How can I ensure a self-hosted runner remains available (e.g., run as a service)?
_ If multiple runners share the same label, how does Actions select an available one?
_ Can a GitHub-hosted runner execute scripts that interact directly with my local machine?
_ Where are GitHub-hosted runners (like ubuntu-latest
) physically hosted?
_ How can I handle sudo
prompts or grant passwordless sudo
access on a macOS self-hosted runner?
_ Does the runs-on
OS need to exactly match the self-hosted runner's OS?
_ For Action Runner Controller (ARC), how can I persist caches or state between jobs in the same workflow, given that pods might be recreated?
_ What are the networking requirements and setup steps for ARC on an on-premises, air-gapped Kubernetes cluster?
_ What is the difference between DeploymentRunner
with HPA and RunnerScaleSet
in ARC? Which is preferred?
_ How can runner image names be passed dynamically during ARC Helm installation?
_ What is the recommended process for upgrading ARC, especially regarding CRDs?
_ How can ARC runners be configured to use Kubernetes Managed Identity (like Azure Workload Identity or GKE WIF) to access cloud resources?
_ Can Docker builds be performed reliably on ARC runners deployed to AWS Fargate?
_ What versions of GitHub Enterprise Server (GHES) are compatible with ARC?
_ How can I customize the runner image used by ARC, for example, to use RHEL or add specific tools?
_ How can I use Kaniko to build container images within ARC runners running in Kubernetes mode?
_ Does ARC support running runners on AKS virtual nodes?
_ Are Windows container images supported as runners in ARC?
_ Are there working examples available for non-trivial ARC setups, particularly involving Docker builds or volume mounts?
_ How can I monitor ARC components (controller, scale sets, runners) and gather metrics?
_ What are common strategies for optimizing the performance of ARC self-hosted runners?
_ Can ARC be configured to manage runners on VMs (e.g., via KubeVirt) instead of pods?
_ Is cert-manager required for setting up ARC? * How can I troubleshoot communication issues when the ARC controller and runner scale sets are deployed in different Kubernetes namespaces?
6. Secrets, Variables, Authentication & Permissions _ Can secrets defined at different levels (repository, environment, organization) have the same name, and how are they prioritized? _ What is the best practice for managing sensitive credentials needed by a workflow in a public repository? _ What is the scope of an environment deployment approval? Does approving one job affect others targeting the same environment? _ Can email notifications for required deployment reviews be disabled? _ Are GitHub Actions Environments available for private repositories on standard paid plans? _ How can environment variables needed by the application code or tests be securely passed into a workflow?
- How are repository/organization variables (not secrets) accessed in a workflow YAML?
- What is the mechanism for passing output data between composite action steps?
_ When using a reusable workflow, does
GITHUB_TOKEN
inherit permissions from the caller or the definition repository? _ What are secure methods for cloning a different private repository within a workflow, besides PATs (e.g., GitHub Apps, deploy keys)? _ What could cause a 'Could not read password' error when using tokens? _ How can I securely pass secrets (like database connection strings or API keys) stored in GitHub Secrets into the deployed application or environment? _ How can secrets from external vaults (like HashiCorp Vault or AWS Parameter Store) be securely fetched and used within a workflow? _ How should OIDC be configured for repositories within an organization versus personal repositories? _ Is it necessary to store deployment target details like server IPs as secrets? _ How can I store multi-line secrets or files (like.pem
keys or.mobileprovision
files) as GitHub Secrets, especially considering potential size limits? * How can I decrypt a password or use a SALT value stored as a secret within a workflow step?
7. Artifacts & Caching
_ How can build artifacts from one job be used in a subsequent job?
_ Is there a way to check the size of a build artifact within a workflow?
_ How does the upload-artifact
action work regarding file paths and storage?
_ What are the options for managing artifact storage when the quota is hit?
_ Can I get a direct downloadable link to an uploaded artifact?
_ Is it possible to manually delete artifacts before the default retention period?
_ What is the default artifact retention policy, and can it be configured?
_ How does actions/cache
determine cache validity (invalidation)?
_ Is the cache shared between different self-hosted runners in a pool?
_ Are there costs associated with using actions/cache
, especially storage for private/Enterprise repos?
_ What is the scope of a cache? Is it shared across PRs?
_ How does actions/cache
compare to the built-in caching of actions like setup-node
?
_ How can a cache created in one job be restored in a different job within the same workflow run?
_ Can Docker images or layers be cached using actions/cache
?
_ Can actions/cache
handle very large cache sizes (tens of GBs)?
_ Is it possible/recommended to cache apt
package downloads? * Can the cache key for actions/cache
be dynamically generated?
8. Testing & Code Quality Integration
_ How can I ensure the integrity of tests run in Actions? Can steps be skipped or results falsified?
_ What are common reasons for test commands (like npm test
) to hang indefinitely in an Actions job?
_ How do Actions workflows handle new code that lacks corresponding tests? Does it impact required checks?
_ How can I troubleshoot errors where tests (like Nightwatch) fail to connect to localhost
services started within the workflow?
_ Can Actions facilitate running framework-specific parallel tests effectively?
_ How can code coverage reports generated in Actions be integrated with SonarQube?
_ How can a workflow job be configured to fail based on SonarQube analysis results (e.g., quality gate)?
_ How are unit test cases typically added to an Actions workflow?
_ How can Actions run tests against multiple language versions (e.g., Python 3.9, 3.10, 3.11) using a matrix?
_ Is it better practice to run tests before merging a PR or after merging to the main branch? * What specific steps are needed to run tests for older frameworks like .NET Framework 4.8 in Actions?
9. Docker, Builds & Containerization
_ What are common ways Docker images are used within Actions?
_ What causes 'lstat /app: no such file or directory' errors during docker buildx build
in Actions?
_ How does the build process differ if using Gradle vs Maven?
_ What are best practices for caching Docker layers/images in Actions?
_ How should Java projects ensure compiled classes are available for tools like SonarQube in Actions?
_ What actions/steps are used to build a Docker image and then run a container from it within a workflow?
_ How can Docker images built in Actions be automatically tagged with versions (e.g., semantic versioning, commit SHA)?
_ Are there official Docker actions, and how do they compare to third-party ones?
_ How should the FROM
instruction in a Dockerfile align with the language version used in the build step (e.g., Java 17)?
_ When pushing images to Docker Hub from Actions, does the repository need pre-creation?
10. Deployment & Release Management
_ How can Actions deploy an artifact to a target like a VM or AWS EC2?
_ What methods exist in Actions to deploy a .jar
file to a Windows server?
_ What are common approaches for deploying to Kubernetes using Actions?
_ How can Slack notifications be integrated into an Actions deployment workflow?
_ What steps are needed to build and deploy a React app using Actions?
_ What strategies/actions can deploy to an on-premises server from Actions?
_ Can Actions automate uploading an iOS .ipa
file to App Store Connect?
_ How should .env
files be handled during deployment via Actions?
_ How can Actions workflows handle updates to dependencies needed by the deployed application?
_ Is the demonstrated SSH/rsync deployment method secure? What are alternatives?
_ How can I automate semantic versioning and GitHub Release creation using Actions?
_ How can I implement automated rollbacks with Actions if a deployment or post-deployment test fails (e.g., with Firebase)?
_ How can I deploy to a specific Kubernetes namespace using Actions?
_ How can Actions integrate with ArgoCD for GitOps deployments?
_ How can I handle deploying multiple serverless functions (e.g., AWS Lambda, Supabase Functions) from a single repository/workflow?
_ How does Actions compare to native cloud provider CI/CD services (like AWS CodePipeline) for deployment?
_ How is Terraform state managed when running terraform apply
or terraform destroy
within Actions?
_ How can Actions deploy Terraform configurations to multiple AWS accounts?
_ What is the rationale for including infrastructure cleanup/destroy steps in an Actions workflow?
_ How can Actions handle deploying applications with complex database migration requirements?
_ How can I update Kubernetes manifests (e.g., image tags) automatically within an Actions pipeline as part of a GitOps flow?
_ How can I handle deploying different parts of a monorepo (e.g., client and server directories) that require navigating between directories within the workflow?
11. Local Testing (act
)
_ Can act
run an entire workflow, respecting job dependencies, or only individual jobs?
_ How can GitHub Secrets be provided to act
for local testing without exposing them? * What are the limitations of act
compared to running workflows on GitHub's actual runners?
12. Workload Identity Federation (WIF) _ How does WIF authentication work when used within reusable workflows called from different repositories? _ Does every repository needing to authenticate via WIF require its own configuration in the identity provider (e.g., GCP, Azure, AWS)? _ How does WIF integrate with deploying multiple projects/services within GCP? _ How are attribute mappings and conditions configured for WIF between GitHub Actions and cloud providers (GCP/AWS/Azure)? What do they mean? _ Can WIF be used to authenticate Actions workflows for deploying Firebase services? _ Can WIF authenticate workflows running outside GCP (e.g., a self-hosted runner) to access Google APIs? _ How can WIF be used with Terraform within Actions for keyless authentication? _ What are the security implications of exposing WIF provider IDs or service account emails in workflow files? _ How does WIF work with GitHub Enterprise Server, especially with manually synced actions? _ Can WIF be used to grant permissions for tasks like copying files to GCS buckets?
13. Troubleshooting Common Errors
_ What causes 7zr.exe failed with exit code 2
during setup-node
?
_ How to fix Error: Bad credentials
when using an action like Kitchen/test-add-pr-comment@v1
with secrets.GITHUB_TOKEN
?
_ Why would an action fail with [FATAL] Failed to view version file:[/action/lib/functions/linterVersions.txt]
?
_ What causes cml: not found
errors when using CML (Continuous Machine Learning) actions?
_ How to resolve cannotResolveClassException: kg.apc.jmeter.threads.UltimateThreadGroup
in JMeter actions?
_ What leads to Could not find artifact ghidra:Generic:jar:11.3.1
errors during Maven builds involving Ghidra?
_ Why does the install ssh keys
step fail with Error: Process completed with exit code 1
?
_ What causes Permission denied (publickey)
errors during SSH steps?
_ How to fix Android Gradle plugin requires Java 11 to run. You are currently using Java 1.8
?
_ What does Invalid copilot token: missing token: 403
indicate?
_ How to resolve [Rsync] error: rsync exited with code 255... Permission denied
?
_ Why might terraform init
fail within Actions even if the state file seems present?
_ What causes npm ci
to fail with no package-lock.json file
error in Actions?
_ How to fix Permission 'iam.serviceAccounts.getAccessToken' denied on resource...
when using WIF?
_ What causes gcloud.secrets.versions.access
errors related to refreshing tokens with WIF?
_ How to resolve MSBUILD : error MSB1003: Specify a project or solution file
during .NET builds?
_ Why might a .NET 8 deployment fail with Package deployment using ZIP Deploy failed
?
_ What causes denied: Permission \"artifactregistry.repositories.uploadArtifacts\" denied...
when pushing to GCP Artifact Registry?
_ Why might a workflow run successfully but the deployed application (e.g., on GKE pod) not reflect the latest code changes?
_ What causes refusing to allow an OAuth App to create or update workflow... without \
workflow` scopeerror on push? * How to fix
Error: The version '3.x' with architecture 'x64' was not found...` when running a composite action? * Why might an Actions deployment succeed but the application be unreachable at its public IP?
14. General Guidance & Best Practices
_ Are there courses or resources focusing on Actions best practices, organization, and advanced tips?
_ What are common pitfalls for beginners using GitHub Actions?
_ Is it better to combine related tasks (like linting and testing) into a single workflow/job or keep them separate?
_ What are the security best practices when using self-hosted runners, especially with public repositories or PRs from forks?
_ What branching strategies work well with GitHub Actions environments and deployment workflows?
_ How should complex deployments (e.g., 20+ resources, multi-subscription) be organized using Actions?
_ How can I handle variability in deployments (different resources/parameters each time) effectively within Actions?
_ What is the best practice for updating image tags in Kubernetes manifests within a CI pipeline (e.g., GitOps approach)? * Is it better to use official GitHub Actions (like actions/checkout
) or third-party ones? What are the trade-offs?