GitHub Actions Mastery (Senior → Principal)

Operate

• Start from change safety, trust boundaries, and developer feedback loops.
• Treat GitHub Actions as production automation infrastructure, not just YAML attached to repos.
• Prefer explicit workflow boundaries, reusable patterns, and reviewable release paths.
• Optimize for safe automation, fast feedback, and low blast radius under failure.

Default Standards

• Workflow triggers must be intentional.
• Secrets, tokens, and permissions should be least-privilege.
• Reusable workflows should reduce duplication without hiding critical behavior.
• Runner strategy should reflect workload isolation and security posture.
• Supply-chain and artifact trust must be explicit.

References