GitHub Actions

GitHub Actions Core Concepts

What are Actions

GitHub Actions are modular, reusable units of automation that you integrate into your workflows to handle tasks such as continuous integration, continuous deployment, and code reviews. Authored by GitHub or community contributors, actions make it easy to share and maintain automation logic across repositories.

Discovering Actions on GitHub Marketplace

Explore the GitHub Marketplace to find hundreds of pre-built actions. Verified badges indicate official partner organizations, while unbadged entries are contributed by the community.

Security Best Practice

Always review an action’s source code before integrating it. Ensure it handles your repository’s content and secrets safely—never exposes secrets to unintended hosts or logs sensitive data.

Pinning Action Versions

For reliable and predictable workflows, define the action version by tag, branch, or commit SHA:

steps:
  - name: Checkout using a specific tag
    uses: actions/[email protected]

  - name: Checkout using the main branch
    uses: actions/checkout@main

  - name: Checkout using a commit SHA
    uses: actions/checkout@a824008085750b8e136effc585c3cd6082bd575f
StrategySyntax ExampleProsCons
Tagactions/[email protected]Controlled upgrades between versionsRequires manual version updates
Branchactions/checkout@mainAutomatically uses the latest codeMay introduce breaking changes
Commit SHAactions/checkout@a824008085750b8e136effc585c3cd6082bd575fImmutable reference for reproducible buildsHarder to benefit from upstream fixes

Versioning Tip

Tags strike a balance between stability and ease of upgrades. Use SHAs when you need fully reproducible builds.

Next Steps

Before adding an action to your workflow, consult its documentation page for required inputs, outputs, environment variables, and any additional configuration.

Watch Video

Watch video content

Previous
Create and Run Workflow