Skills

github-actions

Installation
Summary

GitHub Actions workflow creation, security hardening, and version management for CI/CD pipelines.

  • Covers workflow file authoring (.yml), action version updates via gh release view, and security best practices including secrets management and script injection prevention
  • Enforces anti-patterns: outdated action versions, hardcoded credentials, input injection vulnerabilities, misuse of pull_request_target, and redundant tool setup
  • Recommends minimal privilege principle, SHA pinning for untrusted actions, and environment variable isolation for sensitive data
  • Includes common event triggers (push, pull_request, schedule, workflow_dispatch, release) and permission scopes for typical CI/CD workflows
SKILL.md

GitHub Actions

참고: GitHub Actions 워크플로우 실행 및 결과 조회, 이슈/PR 관리 등 gh CLI 관련 작업은 github 스킬을 함께 로드하여 참조한다.

주의 사항 (Anti-patterns)

1. 오래된 버전 사용

# ❌ 오래된 버전 - 가장 흔한 실수
uses: actions/checkout@v4 # v6가 최신인 경우

# ✅ 최신 메이저 버전 (gh release view로 확인 후 사용)
uses: actions/checkout@v6

최신 버전에서 제공하는 성능 개선과 보안 패치를 놓치지 않도록 합니다.

버전 확인 명령어:

Related skills

More from dalestudy/skills

Installs
477
Repository
dalestudy/skills
GitHub Stars
4
First Seen
Jan 25, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass