github-actions-workflows
Installation
SKILL.md
GitHub Actions Workflows
Purpose
Optimize GitHub Actions workflows for Riksdagsmonitor's static site CI/CD pipeline.
Core Patterns
Quality Checks Workflow
name: Quality Checks
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# HTML validation
- name: Validate HTML
run: |
npm install -g htmlhint
htmlhint *.html
# Link checking
- name: Check Links
run: |
npm install -g linkinator
python3 -m http.server 8080 &
sleep 5
linkinator http://localhost:8080/ --recurse
Security Scanning
name: Security
on: [push, pull_request]
permissions:
security-events: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# CodeQL
- uses: github/codeql-action/init@v3
with:
languages: javascript
- uses: github/codeql-action/analyze@v3
# Dependency check
- name: Dependency Scan
uses: dependency-check/Dependency-Check_Action@main
Deployment Workflow
name: Deploy
on:
push:
branches: [main]
permissions:
contents: read
pages: write
id-token: write
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/checkout@v4
- name: Setup Pages
uses: actions/configure-pages@v4
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: '.'
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
Best Practices
- ✅ Minimal permissions (least privilege)
- ✅ Pin actions to SHA (supply chain security)
- ✅ Cache dependencies (faster builds)
- ✅ Parallel jobs (faster feedback)
- ✅ Matrix testing (cross-browser)
References
- GitHub Actions: https://docs.github.com/en/actions
- Workflow Files:
.github/workflows/
Related skills
More from hack23/riksdagsmonitor
osint-methodologies
OSINT collection, source evaluation, data integration, verification techniques for Swedish political intelligence
40economic-policy-analysis
Fiscal policy, budget analysis, economic forecasting, monetary policy, trade policy for political journalists
31electoral-analysis
Election forecasting models, campaign analysis, coalition prediction, voter behavior analysis for Swedish elections
25vulnerability-management
Vulnerability scanning, assessment, prioritization, and remediation processes following NIST and CIS Controls
25nist-csf-mapping
NIST Cybersecurity Framework 2.0 mapping for static HTML/CSS websites
24testing-strategy
Comprehensive testing strategy covering unit, integration, E2E, security, accessibility, and performance testing
23