{"id":"778f08fe-8063-41f8-873c-10051df56523","shortId":"3yE8Tf","kind":"skill","title":"github-actions","tagline":"Use when adding CI/CD, creating workflows, auditing GitHub Actions, or fixing action pinning. Creates and audits workflows for SHA pinning and permissions.","description":"## Mode Detection\n\nDetermine the mode based on context:\n- **Create mode**: No `.github/workflows/` directory exists, or user explicitly asks to create/add a workflow\n- **Audit mode**: `.github/workflows/*.yml` files exist, or user explicitly asks to audit/review/fix workflows\n\n---\n\n## Create Mode\n\n### 1. Detect Project Type\n\nScan for project indicators:\n- `package.json` → Node.js/JS/TS\n- `go.mod` → Go\n- `requirements.txt` / `pyproject.toml` / `setup.py` → Python\n- `Cargo.toml` → Rust\n- `Gemfile` → Ruby\n\n### 2. Detect Package Manager (JS/TS projects)\n\n- `pnpm-lock.yaml` → pnpm\n- `bun.lock` / `bun.lockb` → bun\n- `yarn.lock` → yarn\n- `package-lock.json` → npm\n\n### 3. Generate Workflow\n\nApply all rules from the `rules/` directory when generating workflows. Read each rule file for detailed requirements and examples.\n\n### 4. Workflow Template\n\nAdapt this CI template to the detected project type and package manager (replace `<pm>` with the detected package manager):\n\n```yaml\nname: CI\n\non:\n  push:\n    branches: [main]\n  pull_request:\n    branches: [main]\n\npermissions:\n  contents: read\n\nconcurrency:\n  group: ${{ github.workflow }}-${{ github.ref }}\n  cancel-in-progress: true\n\njobs:\n  ci:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with:\n          node-version: 'lts/*'\n          cache: '<pm>'\n      - run: <pm> install --frozen-lockfile\n      - run: <pm> check\n      - run: <pm> test\n      - run: <pm> build\n```\n\n---\n\n## Audit Mode\n\n### 1. Scan Workflows\n\nRead all files in `.github/workflows/*.yml` and audit against every rule in the `rules/` directory.\n\n### 2. Report Format\n\n```\n## GitHub Actions Audit Results\n\n### HIGH Severity\n- `.github/workflows/ci.yml:15` - `codecov/codecov-action@v4` → pin to commit SHA\n\n### MEDIUM Severity\n- `.github/workflows/ci.yml` - Missing concurrency group → add concurrency block\n\n### Summary\n- High: X\n- Medium: Y\n- Low: Z\n- Files scanned: N\n```\n\n### 3. Auto-Fix\n\nAfter reporting, apply fixes. Look up commit SHAs for pinning using `gh api`.\n\n---\n\n## Rules\n\nRead individual rule files for detailed checks and examples:\n\n| Rule | Severity | File |\n|------|----------|------|\n| Action pinning | HIGH | `rules/action-pinning.md` |\n| Permissions | HIGH | `rules/permissions.md` |\n| Concurrency | MEDIUM | `rules/concurrency.md` |\n| Node version | MEDIUM | `rules/node-version.md` |\n| Caching | MEDIUM | `rules/caching.md` |\n| Triggers | LOW | `rules/triggers.md` |\n| Matrix strategy | LOW | `rules/matrix.md` |\n\n---\n\n## Assumptions\n\n- GitHub CLI (`gh`) is available for looking up action commit SHAs\n- The project is hosted on GitHub","tags":["github","actions","skills","tartinerlabs","agent-skills","automation","claude-code","claude-code-skills","cli","code-quality","developer-tools","github-actions"],"capabilities":["skill","source-tartinerlabs","skill-github-actions","topic-agent-skills","topic-automation","topic-claude-code","topic-claude-code-skills","topic-cli","topic-code-quality","topic-developer-tools","topic-github-actions","topic-productivity","topic-tailwind-css"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/tartinerlabs/skills/github-actions","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add tartinerlabs/skills","source_repo":"https://github.com/tartinerlabs/skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 7 github stars · SKILL.md body (2,651 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:13:56.491Z","embedding":null,"createdAt":"2026-05-07T20:43:12.172Z","updatedAt":"2026-05-18T19:13:56.491Z","lastSeenAt":"2026-05-18T19:13:56.491Z","tsv":"'/js/ts':74 '1':63,200 '15':228 '2':85,218 '3':100,254 '4':122 'action':3,12,15,222,284,317 'actions/checkout':176 'actions/setup-node':179 'ad':6 'adapt':125 'add':241 'api':270 'appli':103,260 'ask':43,57 'assumpt':308 'audit':10,19,48,198,210,223 'audit/review/fix':59 'auto':256 'auto-fix':255 'avail':313 'base':31 'block':243 'branch':148,152 'build':197 'bun':95 'bun.lock':93 'bun.lockb':94 'cach':186,298 'cancel':162 'cancel-in-progress':161 'cargo.toml':81 'check':193,278 'ci':127,145,167 'ci/cd':7 'cli':310 'codecov/codecov-action':229 'commit':233,264,318 'concurr':157,239,242,291 'content':155 'context':33 'creat':8,17,34,61 'create/add':45 'detail':118,277 'detect':27,64,86,131,140 'determin':28 'directori':38,109,217 'everi':212 'exampl':121,280 'exist':39,53 'explicit':42,56 'file':52,116,205,251,275,283 'fix':14,257,261 'format':220 'frozen':190 'frozen-lockfil':189 'gemfil':83 'generat':101,111 'gh':269,311 'github':2,11,221,309,325 'github-act':1 'github.ref':160 'github.workflow':159 'github/workflows':37,50,207 'github/workflows/ci.yml':227,237 'go':76 'go.mod':75 'group':158,240 'high':225,245,286,289 'host':323 'indic':70 'individu':273 'instal':188 'job':166 'js/ts':89 'latest':173 'lockfil':191 'look':262,315 'low':249,302,306 'lts':185 'main':149,153 'manag':88,136,142 'matrix':304 'medium':235,247,292,296,299 'miss':238 'mode':26,30,35,49,62,199 'n':253 'name':144 'node':183,294 'node-vers':182 'node.js':73 'node.js/js/ts':72 'npm':99 'packag':87,135,141 'package-lock.json':98 'package.json':71 'permiss':25,154,288 'pin':16,23,231,267,285 'pnpm':92 'pnpm-lock.yaml':91 'progress':164 'project':65,69,90,132,321 'pull':150 'push':147 'pyproject.toml':78 'python':80 'read':113,156,203,272 'replac':137 'report':219,259 'request':151 'requir':119 'requirements.txt':77 'result':224 'rubi':84 'rule':105,108,115,213,216,271,274,281 'rules/action-pinning.md':287 'rules/caching.md':300 'rules/concurrency.md':293 'rules/matrix.md':307 'rules/node-version.md':297 'rules/permissions.md':290 'rules/triggers.md':303 'run':169,187,192,194,196 'runs-on':168 'rust':82 'scan':67,201,252 'setup.py':79 'sever':226,236,282 'sha':22,234 'shas':265,319 'skill' 'skill-github-actions' 'source-tartinerlabs' 'step':174 'strategi':305 'summari':244 'templat':124,128 'test':195 'topic-agent-skills' 'topic-automation' 'topic-claude-code' 'topic-claude-code-skills' 'topic-cli' 'topic-code-quality' 'topic-developer-tools' 'topic-github-actions' 'topic-productivity' 'topic-tailwind-css' 'trigger':301 'true':165 'type':66,133 'ubuntu':172 'ubuntu-latest':171 'use':4,175,178,268 'user':41,55 'v4':177,180,230 'version':184,295 'workflow':9,20,47,60,102,112,123,202 'x':246 'y':248 'yaml':143 'yarn':97 'yarn.lock':96 'yml':51,208 'z':250","prices":[{"id":"c96e4dc6-fba2-4926-b08e-178ed8c10fb1","listingId":"778f08fe-8063-41f8-873c-10051df56523","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"tartinerlabs","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-07T20:43:12.172Z"}],"sources":[{"listingId":"778f08fe-8063-41f8-873c-10051df56523","source":"github","sourceId":"tartinerlabs/skills/github-actions","sourceUrl":"https://github.com/tartinerlabs/skills/tree/main/skills/github-actions","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:00.924Z","lastSeenAt":"2026-05-18T19:13:56.491Z"},{"listingId":"778f08fe-8063-41f8-873c-10051df56523","source":"skills_sh","sourceId":"tartinerlabs/skills/github-actions","sourceUrl":"https://skills.sh/tartinerlabs/skills/github-actions","isPrimary":true,"firstSeenAt":"2026-05-07T20:43:12.172Z","lastSeenAt":"2026-05-07T22:42:02.813Z"}],"details":{"listingId":"778f08fe-8063-41f8-873c-10051df56523","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"tartinerlabs","slug":"github-actions","github":{"repo":"tartinerlabs/skills","stars":7,"topics":["agent-skills","automation","claude-code","claude-code-skills","cli","code-quality","developer-tools","github-actions","productivity","tailwind-css"],"license":"mit","html_url":"https://github.com/tartinerlabs/skills","pushed_at":"2026-05-17T09:09:47Z","description":"Claude Code skills for git workflows, GitHub automation, security audits, code refactoring, and project tooling","skill_md_sha":"dff19721302e866b33f3dcd0a509123d6b393e0b","skill_md_path":"skills/github-actions/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/tartinerlabs/skills/tree/main/skills/github-actions"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"github-actions","description":"Use when adding CI/CD, creating workflows, auditing GitHub Actions, or fixing action pinning. Creates and audits workflows for SHA pinning and permissions."},"skills_sh_url":"https://skills.sh/tartinerlabs/skills/github-actions"},"updatedAt":"2026-05-18T19:13:56.491Z"}}