GitHub Actions Expert
Skill para configurar GitHub Actions con detección proactiva de repos sin CI.
Proactive Detection
Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/ :
ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"
Si no hay workflows → preguntar al usuario si quiere agregar CI básico.
Workflow
Phase 0: Knowledge Update
Before generating any workflow, fetch latest documentation:
Search for latest GitHub Actions docs via Context7 or WebSearch:
-
Current action versions (checkout, setup-node, setup-python, setup-go)
-
Latest Node.js LTS version
-
Recent best practices updates
Version Reference (verify these are current):
Action Current Version
actions/checkout v4
actions/setup-node v4
actions/setup-python v5
actions/setup-go v5
actions/cache v4
actions/upload-pages-artifact v3
actions/deploy-pages v4
Node.js LTS: Verify current LTS version (use WebSearch if unsure)
Phase 1: Stack Detection
Detect project type and tools:
Detect project type
ls package.json 2>/dev/null && echo "NODE_PROJECT" ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT" ls go.mod 2>/dev/null && echo "GO_PROJECT"
For Node.js - detect package manager
ls pnpm-lock.yaml 2>/dev/null && echo "PNPM" ls bun.lockb 2>/dev/null && echo "BUN" ls package-lock.json 2>/dev/null && echo "NPM"
Detect Node version
cat .nvmrc 2>/dev/null || cat package.json | grep -A2 '"engines"'
Phase 2: Script Analysis (Node.js)
Read package.json using Read tool and detect available scripts.
Look for the scripts section and identify which scripts exist.
Common scripts to check:
-
lint → Include linting step
-
typecheck → Include type checking
-
test → Include testing
-
build → Include build step
-
test:coverage → Include coverage upload
Phase 3: Workflow Selection
Present options based on detected stack:
For Node.js:
-
CI Básico (lint, typecheck, test, build)
-
Deploy a GitHub Pages
-
Release con Tags (v*)
-
Security Scans
-
Coverage Upload (Codecov)
For Python:
-
CI Básico (ruff, pyright/mypy, pytest)
-
Coverage Upload
For Go:
-
CI Básico (go vet, golangci-lint, go test)
-
Release binaries
Phase 4: Generate Workflows
Load templates from references/ and customize:
Replace placeholders:
-
{{NODE_VERSION}} → Detected or default (22.x)
-
{{PACKAGE_MANAGER}} → npm/pnpm/bun
-
{{INSTALL_COMMAND}} → npm ci / pnpm install --frozen-lockfile / bun install
-
{{BRANCH}} → main/master (auto-detect)
-
{{SCRIPTS}} → Based on available scripts
Always include:
-
Concurrency control
-
Caching for dependencies
-
fail-fast strategy
Create .github/workflows/ if needed:
mkdir -p .github/workflows
Phase 5: Improve Existing Workflows
If workflows exist, analyze for anti-patterns:
cat .github/workflows/*.yml
Anti-patterns to detect:
Anti-Pattern Fix
actions/*@v3
Update to @v4
setup-node without cache Add cache: 'npm'
npm install
Use npm ci
No concurrency:
Add concurrency control
Matrix with single version Remove unnecessary matrix
Missing fail-fast: true
Add explicit fail-fast
See references/anti-patterns.md for full guide.
Phase 6: Verification
After generating:
Validate YAML (if actionlint available):
which actionlint && actionlint .github/workflows/*.yml
Check required permissions:
-
GitHub Pages → pages: write , id-token: write
-
Releases → contents: write
-
PRs → pull-requests: write
Show summary:
Workflows Created/Updated
✓ .github/workflows/ci.yml
- Triggers: push (main), pull_request
- Jobs: lint, typecheck, test, build
- Node: 22.x with npm
Next Steps:
- Review generated workflows
- git add .github/workflows/
- git commit -m "ci: add GitHub Actions workflow"
- Push to trigger first run
Templates Reference
Templates are in references/ directory:
Template Description
nodejs-ci.yml
Standard CI with lint/typecheck/test/build
nodejs-deploy-pages.yml
Deploy to GitHub Pages
nodejs-release.yml
Release on tag push (v*)
python-ci.yml
Python CI with uv/pip, ruff, pytest
go-ci.yml
Go CI with vet, lint, test
security.yml
npm audit + secrets scanning
Best Practices Enforced
-
Always use latest action versions (@v4 for most)
-
Use npm ci over npm install for reproducible builds
-
Enable caching in setup-node/setup-python/setup-go
-
Add concurrency control to cancel outdated runs
-
Use fail-fast: true to cancel parallel jobs on failure
-
Specify permissions explicitly when needed
-
Use Node 22.x (current LTS)
Concurrency Control Template
Always include in workflows:
concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
This cancels outdated PR runs but never cancels main branch runs.
Package Manager Detection
Lockfile Package Manager Install Command
pnpm-lock.yaml
pnpm pnpm install --frozen-lockfile
bun.lockb
bun bun install --frozen-lockfile
package-lock.json
npm npm ci
None npm npm ci (after npm install generates lock)
Branch Detection
Detect default branch
git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'
Or fallback
git branch -r | grep -E 'origin/(main|master)' | head -1 | sed 's@origin/@@'