2: Why GitHub Actions?
Comparison of GitHub Actions with competitors
3: Core Features
Deep dive into workflow syntax, triggers, and job configuration
4: Advanced Features
Explore matrices, reusable workflows, and composite actions
•Runner Types and Execution Environments
•Persisting Build Outputs with Artifacts
•Controlling GitHub Permissions
•Authenticating to Third-Party Systems
•Matrix Strategies, Conditionals, and Concurrency Controls
5: Marketplace Actions
Discover and integrate community actions from the GitHub Marketplace
6: Authoring Actions
Build custom JavaScript and Docker actions from scratch
•JavaScript and TypeScript Actions
8: Developer Experience
Optimize logs, secrets, environments, and permissions for teams
•Developer Experience (Actions)
9: Best Practices
Harden workflows with security, reliability, and cost-saving techniques
•Maintainable Workflow Patterns
10: Capstone Project
Apply course concepts by automating a real-world deployment pipeline
Security Best Practices
Security is a first-class constraint for any automation platform. This lesson wraps up the module with practices that protect your infrastructure and points you toward resources for continued learning.
Security best practices
- Grant the minimum permissions necessary for each workflow or job.
- Favor short-lived tokens over long-lived credentials whenever possible.
- Maintain an allow list of approved marketplace actions.
- Pin marketplace actions by commit SHA to guarantee repeatable builds.
- Do not let forked pull requests run on self-hosted runners; otherwise, attackers could exfiltrate secrets or tamper with the host.
- Use GitHub environments to require manual approvals before sensitive deployments (such as production) execute.