Teams struggle to create secure, production-ready GitHub Actions workflows from scratch. This skill provides tested templates for testing, building, and deploying applications with proper secret handling and approval gates.
下載技能 ZIP
在 Claude 中上傳
前往 設定 → 功能 → 技能 → 上傳技能
開啟並開始使用
測試它
正在使用「github-actions-templates」。 Create a test workflow for a Python project that runs on Ubuntu and macOS with Python 3.9 through 3.12
預期結果:
A complete YAML workflow file with matrix strategy testing across 8 combinations (2 OS x 4 Python versions), including dependency caching, pytest execution, and coverage upload to Codecov.
正在使用「github-actions-templates」。 Build and push a Docker image when a new version tag is created
預期結果:
A workflow that triggers on semantic version tags, logs into GitHub Container Registry using GITHUB_TOKEN, builds the image with versioned tags, and pushes with metadata labels for tracking.
安全審計
安全This skill is documentation-only containing GitHub Actions YAML workflow templates. All static analysis findings are false positives: the detected 'external_commands' are YAML run: syntax in markdown code blocks, 'network' references are URL configuration values, 'filesystem' patterns are reusable workflow references, and 'env_access' patterns are GitHub Actions secret syntax (${{ secrets.* }}). No executable code, no prompt injection attempts, and no security risks detected. The skill teaches legitimate DevOps practices including proper secret handling and secure workflow patterns.
品質評分
你能建構什麼
Startup CI/CD Setup
Quickly establish professional testing and deployment pipelines for a new software project without deep GitHub Actions expertise.
Enterprise Workflow Standardization
Create consistent, secure workflow patterns across multiple repositories with reusable workflow templates and approval processes.
Open Source Project Automation
Set up automated testing across multiple operating systems and runtime versions to ensure broad compatibility.
試試這些提示
Create a GitHub Actions workflow that runs tests on every pull request to the main branch. The project uses Node.js with npm. Include caching for dependencies and upload test coverage reports.
Generate a workflow that builds a Docker image on push to main, tags it with the git SHA and version tag, pushes to GitHub Container Registry, and deploys to a staging environment. Include proper permissions and secret handling.
Create a deployment workflow with separate staging and production environments. Production deployments should require manual approval. Include Slack notifications for deployment success and failure, and rollback capability.
Build a comprehensive security workflow that runs Trivy for vulnerability scanning, Snyk for dependency checks, and CodeQL for code analysis. Upload all results to GitHub Security tab and fail the workflow on critical vulnerabilities.
最佳實務
- Pin action versions to specific major versions (e.g., @v4) instead of @latest or @main to prevent unexpected breaking changes and supply chain attacks
- Use GitHub Secrets for all sensitive values including API keys, tokens, and credentials - never hardcode secrets in workflow files
- Implement minimum required permissions using the permissions block and use environment protection rules with required reviewers for production deployments
避免
- Using @latest or branch references for third-party actions which can introduce breaking changes or security vulnerabilities without notice
- Storing credentials or tokens directly in workflow files or repository code instead of using GitHub Secrets for all sensitive values
- Running untrusted code from pull requests from forks with write permissions which could expose secrets or compromise the CI environment