GitHub Actions Cheat Sheet
Quick reference for GitHub Actions workflow syntax, triggers, job configuration, common actions, and secrets. Build CI/CD pipelines with this one-page guide.
Workflow Structure
Triggers (on:)
Jobs & Steps
Common Actions
Variables & Secrets
Matrix Strategy
Caching & Artifacts
Workflow Structure
| name: CI | Workflow display name |
| on: push | Trigger on push events |
| jobs: | Define one or more jobs |
| runs-on: ubuntu-latest | Runner environment |
| steps: | Sequence of steps in a job |
| .github/workflows/*.yml | Workflow files location |
Triggers (on:)
| on: push | Every push to any branch |
| on: push: branches: [main] | Push to specific branch |
| on: pull_request | PR opened, updated, or reopened |
| on: schedule: - cron: "0 0 * * *" | Scheduled (daily at midnight UTC) |
| on: workflow_dispatch | Manual trigger (Run workflow button) |
| on: release: types: [published] | When a release is published |
| on: push: paths: ["src/**"] | Only when specific paths change |
| on: push: tags: ["v*"] | Push tags matching pattern |
Jobs & Steps
| jobs: build: runs-on: ubuntu-latest | Define a job with runner |
| needs: [build, test] | Job depends on other jobs |
| if: github.ref == 'refs/heads/main' | Conditional execution |
| uses: actions/checkout@v4 | Use a marketplace action |
| run: npm install | Run a shell command |
| run: |\n npm install\n npm test | Multi-line shell commands |
| name: Install deps | Step display name |
| continue-on-error: true | Don't fail job if step fails |
Common Actions
| actions/checkout@v4 | Checkout repository code |
| actions/setup-node@v4 | Install Node.js version |
| actions/setup-python@v5 | Install Python version |
| actions/cache@v4 | Cache dependencies for speed |
| actions/upload-artifact@v4 | Save build artifacts |
| actions/download-artifact@v4 | Download artifacts from other jobs |
| github/codeql-action/analyze@v3 | Security code scanning |
Variables & Secrets
| ${{ secrets.MY_SECRET }} | Access repository secret |
| ${{ github.sha }} | Current commit SHA |
| ${{ github.ref }} | Branch or tag ref (refs/heads/main) |
| ${{ github.actor }} | User who triggered the workflow |
| ${{ github.event_name }} | Event that triggered (push, pull_request) |
| ${{ env.MY_VAR }} | Access environment variable |
| env: NODE_ENV: production | Set environment variable for step |
| ${{ vars.MY_VAR }} | Access repository variable (non-secret) |
Matrix Strategy
| strategy: matrix: node: [18, 20, 22] | Test across Node versions |
| strategy: matrix: os: [ubuntu-latest, windows-latest] | Test across OS |
| ${{ matrix.node }} | Access current matrix value |
| strategy: fail-fast: false | Continue other matrix jobs on failure |
| strategy: max-parallel: 2 | Limit concurrent matrix jobs |
| exclude: - os: windows-latest\n node: 18 | Exclude specific combinations |
Caching & Artifacts
| uses: actions/cache@v4\nwith:\n path: ~/.npm\n key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} | Cache npm packages |
| uses: actions/cache@v4\nwith:\n path: node_modules\n key: nm-${{ hashFiles('package-lock.json') }} | Cache node_modules directly |
| uses: actions/upload-artifact@v4\nwith:\n name: build\n path: dist/ | Upload build output |
| retention-days: 5 | Artifact retention period |
Step-by-Step Guide
Read Guide →