CI/CD Introduced in L4

GitHub Actions

GitHub's built-in CI/CD. YAML in your repo. Free for public, generous for private. The default for anything on GitHub.

Mindmap

hover · click to navigate
this tech depends on / used by alternative Shipyard anchor
What it is

The plain-English version

GitHub Actions is GitHub's CI/CD product, configured by YAML files in .github/workflows/. Each push or PR triggers workflows. You can run on GitHub-hosted runners (Ubuntu, macOS, Windows, Linux ARM) or self-hosted runners. Massive marketplace of pre-built actions.

Why it exists

The problem it solves

If your code is on GitHub, Actions is the lowest-friction CI/CD. Tight integration (PR checks, environment protection, deploy gating), generous free minutes, and a marketplace of reusable building blocks. For most teams, it's the default starting point.

What it competes with

Alternatives

AlternativeTypeWhen it wins
JenkinsCI/CDThe CI/CD elder. Self-hosted, plugin-driven, dominant in enterprise. The Groovy Jenkinsfile is a rite of passage.
GitLab CICI/CDGitLab's built-in CI/CD. .gitlab-ci.yml in the repo root. The native choice if you're on GitLab.
Where it shows up in Shipyard

Deep links

Vocabulary

The words you'll hear

Workflow
A YAML file describing what runs when.
Trigger
on: push, on: pull_request, on: schedule, on: workflow_dispatch (manual).
Job
A set of steps that run on one runner.
Step
A shell command or a pre-built action.
Runner
The machine running the job. Hosted or self-hosted.
Matrix
Run jobs across many parameter combinations (e.g., Node versions).
Secret
Encrypted env var, set per repo or org.
Environment
A protected destination (production) with required reviewers.
Prompting

Bad vs. good prompt for GitHub Actions

✕ Bad prompt
set up ci
✓ Good prompt
Write a GitHub Actions workflow for our Next.js TS app: on push to main and on PRs. Three jobs: (1) lint + typecheck (npm run lint, tsc --noEmit), (2) test (npm test), (3) build. All depend on a setup-node + cache step using the lockfile. Add concurrency.cancel-in-progress so old runs cancel. Use the official actions/checkout@v4 and actions/setup-node@v4.

Why it works: Specifies job structure, the cache pattern (often missed), concurrency config (saves minutes and time), and pinned action versions. Avoids the common trap of unpinned actions silently breaking.

Pitfalls

What bites real teams

⚠ Unpinned actions

uses: some-action@main means a malicious update can run with your secrets. Pin to a specific SHA for security-critical actions.

⚠ Secrets in logs

Secrets are masked in logs only when set as secrets. echo $TOKEN works on env vars set inline; not on real secrets.

⚠ Pricing on private repos

GitHub-hosted runners on private repos consume minutes; macOS minutes are 10x. Watch the bill.

References

Official docs only