CampusFlow
DevOpsGitHub Actions

GitHub Actions

Automate CI/CD pipelines directly from your GitHub repository. Learn workflow syntax, jobs, steps, actions, and deployment strategies.

Pipeline Visualization

CI/CD Workflow Example

name: CI/CD Pipeline
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build-and-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'npm'

      - run: npm ci

      - run: npm run lint

      - run: npm test

      - run: npm run build

  deploy:
    needs: build-and-test
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Deploy to Production
        run: |
          echo "Deploying to production..."
          # ./deploy.sh
Trigger: Runs on push/PR to main
Deploy: Only runs after tests pass on main branch

Workflow Syntax Reference

jobsDefine one or more jobs that run in parallel or sequentially
stepsIndividual tasks within a job (run commands or actions)
usesReference a GitHub Action from the marketplace
runExecute a shell command directly
withPass inputs to an action
envSet environment variables for a step or job
needsDeclare dependency on another job
ifConditional execution based on expression
matrixRun a job across multiple configurations
secretsAccess encrypted secrets via ${{ secrets.MY_SECRET }}

Reusable Workflows

# .github/workflows/deploy.yml
on:
  workflow_call:
    inputs:
      environment:
        type: string
        required: true
    secrets:
      CLOUD_TOKEN:
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - run: echo "Deploying to ${{ inputs.environment }}"

Call from another workflow: uses: ./.github/workflows/deploy.yml

Marketplace Actions

  • actions/checkout@v4 — Check out repo
  • actions/setup-node@v4 — Setup Node.js
  • docker/login-action@v3 — Docker registry login
  • aws-actions/configure-aws-credentials — AWS auth via OIDC
  • azure/login@v2 — Azure authentication
  • actions/cache@v4 — Cache dependencies

Interview Questions

Q1: What is the difference between a GitHub Action and a step?
A GitHub Action is a reusable, composible unit (from the marketplace or custom). A step is a single task within a job — it can run a script with `run:` or use an action with `uses:`. Jobs contain multiple steps; workflows contain multiple jobs with dependency chains.
Q2: How do you secure secrets in GitHub Actions?
Secrets are stored in GitHub repo/organization settings, encrypted at rest. Reference them via ${{ secrets.SECRET_NAME }}. They are masked in logs. For OpenID Connect (OIDC), you can authenticate to cloud providers without storing long-lived credentials by trusting GitHub's OIDC token.
Q3: Explain matrix builds in GitHub Actions.
Matrix builds run a job against multiple combinations of variables (e.g., Node versions, OS). Defined with `strategy: matrix: node: [16, 18, 20], os: [ubuntu, windows]`. GitHub creates a separate job for each combination. Useful for testing cross-platform compatibility.
Q4: What are self-hosted runners and when should you use them?
Self-hosted runners are machines you manage that run GitHub Actions jobs. Use them when you need specific hardware (GPUs), access to an internal network, or custom software not available on GitHub-hosted runners. They can be installed at repo, org, or enterprise level.