GitHub Actions Expert

Skill para configurar GitHub Actions con deteccion proactiva de repos sin CI.

Proactive Detection

Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/:

ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"

Si no hay workflows, preguntar al usuario si quiere agregar CI basico.

Workflow

Phase 0: Knowledge Update

Before generating any workflow, fetch latest documentation via WebSearch:

• Current action versions (checkout, setup-node, setup-python, setup-go)
• Latest Node.js LTS version (currently Node 22 "Jod"; Node 24 LTS expected Oct 2026)
• Recent best practices updates

Templates in references/ track the latest verified versions (see anti-patterns.md for the table). Re-verify if the date in last_reviewed is older than ~3 months.

Phase 1: Stack Detection

Detect project type and tools:

ls package.json 2>/dev/null && echo "NODE_PROJECT"
ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT"
ls go.mod 2>/dev/null && echo "GO_PROJECT"

Detect package manager via lockfile:

Lockfile	Package Manager	Install Command
pnpm-lock.yaml	pnpm	pnpm install --frozen-lockfile
bun.lockb	bun	bun install --frozen-lockfile
package-lock.json	npm	npm ci
None	npm	npm ci (after npm install generates lock)

Detect Node version from .nvmrc or package.json engines field using Read tool.

Phase 2: Script Analysis (Node.js)

Read package.json using Read tool and detect available scripts:

• lint → Include linting step
• typecheck → Include type checking
• test → Include testing
• build → Include build step
• test:coverage → Include coverage upload

Phase 3: Workflow Selection

Present options based on detected stack:

Node.js: CI Basico, Deploy a GitHub Pages, Release con Tags, Security Scans, Coverage Upload Python: CI Basico (ruff, pyright/mypy, pytest), Coverage Upload Go: CI Basico (go vet, golangci-lint, go test), Release binaries

Selection heuristics (default offerings to avoid over-asking):

• CI Basico: always offer.
• Deploy a GitHub Pages: only if user asks OR repo has next.config.*, astro.config.*, vite.config.* with static output, or a docs/ folder with a static-site generator config.
• Release con Tags: only if user asks OR repo has previous v* tags (git tag --list 'v*' | head -1) or dist/ in .gitignore.
• Security Scans: only if user asks OR repo has secrets-prone code (auth, env loaders) — otherwise mention as optional.
• Coverage Upload: only if test:coverage script exists or pyproject.toml has pytest-cov.

When in doubt, ask before scaffolding multiple workflows.

Phase 4: Generate Workflows

Load templates from references/ and customize:

1. Replace placeholders:

   • {{NODE_VERSION}} → Detected or current LTS (default 22 if undetected)
   • {{PACKAGE_MANAGER}} → npm/pnpm/bun
   • {{INSTALL_COMMAND}} → Based on package manager
   • {{BRANCH}} → main/master (auto-detect)
   • {{SCRIPTS}} → Based on available scripts

2. Always include: Concurrency control, dependency caching, fail-fast strategy

3. Create .github/workflows/ if needed

Phase 5: Improve Existing Workflows

If workflows exist, read them and analyze for anti-patterns. See references/anti-patterns.md for the full detection guide and the canonical version table at references/anti-patterns.md → "Action Versions" section.

Common issues:

Anti-Pattern	Fix
Outdated action versions	Bump to versions in anti-patterns.md table
setup-node without cache	Add cache: '<pkg-manager>'
npm install	Use npm ci
No concurrency:	Add concurrency control
Matrix with single version	Remove unnecessary matrix
Third-party action pinned to @main	Pin to versioned tag

Phase 6: Verification

After generating:

1. Validate YAML (if actionlint available):

   which actionlint && actionlint .github/workflows/*.yml
   

2. Check required permissions:

   • GitHub Pages → pages: write, id-token: write
   • Releases → contents: write
   • PRs → pull-requests: write

3. Show summary of created/updated workflows with triggers, jobs, and next steps.

Templates Reference

Templates in references/:

Template	Description
nodejs-ci.yml	Standard CI with lint/typecheck/test/build
nodejs-deploy-pages.yml	Deploy to GitHub Pages
nodejs-release.yml	Release on tag push (v*)
python-ci.yml	Python CI with uv/pip, ruff, pytest
go-ci.yml	Go CI with vet, lint, test
security.yml	npm audit + secrets scanning

Concurrency Control Template

Always include in workflows:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

This cancels outdated PR runs but never cancels main branch runs.

Branch Detection

git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'