GitHub Actions Expert

Skill para configurar GitHub Actions con detección proactiva de repos sin CI.

Proactive Detection

Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/:

ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"

Si no hay workflows → preguntar al usuario si quiere agregar CI básico.

Workflow

Phase 0: Knowledge Update

Before generating any workflow, fetch latest documentation:

1. Search for latest GitHub Actions docs via Context7 or WebSearch:

   • Current action versions (checkout, setup-node, setup-python, setup-go)
   • Latest Node.js LTS version
   • Recent best practices updates

2. Version Reference (verify these are current):

   Action	Current Version
   actions/checkout	v4
   actions/setup-node	v4
   actions/setup-python	v5
   actions/setup-go	v5
   actions/cache	v4
   actions/upload-pages-artifact	v3
   actions/deploy-pages	v4

3. Node.js LTS: Verify current LTS version (use WebSearch if unsure)

Phase 1: Stack Detection

Detect project type and tools:

# Detect project type
ls package.json 2>/dev/null && echo "NODE_PROJECT"
ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT"
ls go.mod 2>/dev/null && echo "GO_PROJECT"

# For Node.js - detect package manager
ls pnpm-lock.yaml 2>/dev/null && echo "PNPM"
ls bun.lockb 2>/dev/null && echo "BUN"
ls package-lock.json 2>/dev/null && echo "NPM"

# Detect Node version
cat .nvmrc 2>/dev/null || cat package.json | grep -A2 '"engines"'

Phase 2: Script Analysis (Node.js)

Read package.json using Read tool and detect available scripts.

Look for the scripts section and identify which scripts exist.

Common scripts to check:

• lint → Include linting step
• typecheck → Include type checking
• test → Include testing
• build → Include build step
• test:coverage → Include coverage upload

Phase 3: Workflow Selection

Present options based on detected stack:

For Node.js:

• CI Básico (lint, typecheck, test, build)
• Deploy a GitHub Pages
• Release con Tags (v*)
• Security Scans
• Coverage Upload (Codecov)

For Python:

• CI Básico (ruff, pyright/mypy, pytest)
• Coverage Upload

For Go:

• CI Básico (go vet, golangci-lint, go test)
• Release binaries

Phase 4: Generate Workflows

Load templates from references/ and customize:

1. Replace placeholders:

   • {{NODE_VERSION}} → Detected or default (22.x)
   • {{PACKAGE_MANAGER}} → npm/pnpm/bun
   • {{INSTALL_COMMAND}} → npm ci / pnpm install --frozen-lockfile / bun install
   • {{BRANCH}} → main/master (auto-detect)
   • {{SCRIPTS}} → Based on available scripts

2. Always include:

   • Concurrency control
   • Caching for dependencies
   • fail-fast strategy

3. Create .github/workflows/ if needed:

   mkdir -p .github/workflows
   

Phase 5: Improve Existing Workflows

If workflows exist, analyze for anti-patterns:

cat .github/workflows/*.yml

Anti-patterns to detect:

Anti-Pattern	Fix
actions/*@v3	Update to @v4
setup-node without cache	Add cache: 'npm'
npm install	Use npm ci
No concurrency:	Add concurrency control
Matrix with single version	Remove unnecessary matrix
Missing fail-fast: true	Add explicit fail-fast

See references/anti-patterns.md for full guide.

Phase 6: Verification

After generating:

1. Validate YAML (if actionlint available):

   which actionlint && actionlint .github/workflows/*.yml
   

2. Check required permissions:

   • GitHub Pages → pages: write, id-token: write
   • Releases → contents: write
   • PRs → pull-requests: write

3. Show summary:

   Workflows Created/Updated
   =========================
   
   ✓ .github/workflows/ci.yml
     - Triggers: push (main), pull_request
     - Jobs: lint, typecheck, test, build
     - Node: 22.x with npm
   
   Next Steps:
   1. Review generated workflows
   2. git add .github/workflows/
   3. git commit -m "ci: add GitHub Actions workflow"
   4. Push to trigger first run
   

Templates Reference

Templates are in references/ directory:

Template	Description
nodejs-ci.yml	Standard CI with lint/typecheck/test/build
nodejs-deploy-pages.yml	Deploy to GitHub Pages
nodejs-release.yml	Release on tag push (v*)
python-ci.yml	Python CI with uv/pip, ruff, pytest
go-ci.yml	Go CI with vet, lint, test
security.yml	npm audit + secrets scanning

Best Practices Enforced

1. Always use latest action versions (@v4 for most)
2. Use npm ci over npm install for reproducible builds
3. Enable caching in setup-node/setup-python/setup-go
4. Add concurrency control to cancel outdated runs
5. Use fail-fast: true to cancel parallel jobs on failure
6. Specify permissions explicitly when needed
7. Use Node 22.x (current LTS)

Concurrency Control Template

Always include in workflows:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

This cancels outdated PR runs but never cancels main branch runs.

Package Manager Detection

Lockfile	Package Manager	Install Command
pnpm-lock.yaml	pnpm	pnpm install --frozen-lockfile
bun.lockb	bun	bun install --frozen-lockfile
package-lock.json	npm	npm ci
None	npm	npm ci (after npm install generates lock)

Branch Detection

# Detect default branch
git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'
# Or fallback
git branch -r | grep -E 'origin/(main|master)' | head -1 | sed 's@origin/@@'