█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Software Engineering/Git and GitHub Pro/GitHub Actions in Depth
60 minIntermediate

GitHub Actions in Depth

After this lesson, you will be able to: Write multi-job GitHub Actions workflows with matrix builds, dependency caching, secrets, and deploy steps.

GitHub Actions is the default CI/CD platform for GitHub repos. This lesson takes you from 'I once ran a hello-world workflow' to 'I can ship a production-grade pipeline'.

Prerequisites:Advanced GitHub

Anatomy of a workflow

A workflow is a YAML file in `.github/workflows/`. It has: triggers (when to run), jobs (parallel or dependent units of work), and steps (commands or reusable actions). Each job runs in a fresh ephemeral VM (the 'runner'). Jobs in the same workflow can share dependencies via the `needs` keyword.

A production-grade CI workflow

Drop this in .github/workflows/ci.yml. It handles lint + typecheck + test + build with caching.

tsx
name: CI
on:
pull_request:
push:
branches: [main]
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
lint-typecheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run lint
- run: npx tsc --noEmit
test:
runs-on: ubuntu-latest
needs: lint-typecheck
strategy:
matrix:
node: [18, 20, 22]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: npm
- run: npm ci
- run: npm test -- --run
build:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run build

Matrix builds and why they're essential

Matrix lets one job spec spawn N parallel runs across versions of a dimension (Node 18 / 20 / 22, or OS ubuntu / macos / windows, or both). Catches version-specific bugs your dev machine misses. Costs more minutes; balance breadth against budget (matrix only on PRs, run a single version on push?).

Caching: cut your CI time in half

`actions/setup-node` with `cache: npm` caches node_modules between runs based on package-lock.json hash. For other languages: `actions/cache` is the generic primitive. Cache pip / Maven / Gradle / Cargo / your own build output. Without caching, every CI run reinstalls 200MB+ of dependencies; with caching, the install step is near-zero.

Secrets and deploying

Store secrets in Settings > Secrets and variables > Actions. Never hardcode in YAML.

tsx
# .github/workflows/deploy.yml
name: Deploy to Vercel
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: production
url: https://your-app.vercel.app
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20, cache: npm }
- run: npm ci
- name: Deploy
run: npx vercel deploy --prod --token=${{ secrets.VERCEL_TOKEN }}
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
# 'environment: production' adds a manual approval step in GitHub if you
# configure 'Required reviewers' under Settings > Environments. Use this
# for any prod deploy where a human should rubber-stamp.

Common mistakes only experienced engineers avoid

Echoing secrets to logs. Use `${{ secrets.X }}` directly in env; never `echo $X`. GitHub masks secrets but only if it sees them named. Skipping `concurrency:` to cancel in-progress runs on new pushes. Wasted minutes are the silent budget killer. Reinventing actions instead of using marketplace ones (actions/checkout, actions/setup-node, etc.). Vetted, fast, free. Workflows that take 20 minutes. Cache aggressively, parallelize jobs, split large tests. Forgetting to set `permissions:` explicitly on workflows that need write access. Default permissions changed in 2023; explicit is safer.

Quick Check

Your CI takes 15 minutes per PR. What's the most likely high-leverage fix?

Pick the most impactful single change.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Advanced GitHub: Branch Protection and CODEOWNERS
Back to Git and GitHub Pro
Monorepos with Turborepo→