This guide walks new users through the fundamentals of GitHub Actions, the CI/CD and automation platform built into GitHub. It explains what Actions are, how workflows are defined with YAML, and the key concepts of events, runners, jobs, and steps. The article provides a hands‑on example of creating a simple workflow that automatically labels new issues, covering the necessary permissions, environment variables, and use of prebuilt Marketplace actions. Readers learn how to test, debug, and manage their workflows from the Actions tab, and are encouraged to explore further capabilities such as building, testing, and deploying code.
GitHub Agentic Workflows are built with isolation, constrained outputs, and comprehensive logging. Learn how our threat model and security architecture help teams run agents safely in GitHub Actions.
This post explains how we built Agentic Workflows with security in mind from day one, starting with the threat model and the security architecture that it needs. It details the defense in depth approach using substrate, configuration, and planning layers, emphasizing zero-secret agents through isolation and careful exposure of host resources. It also highlights the staging and vetting of all writes using safe outputs, and comprehensive logging for observability and future information-flow controls.
This post explains how we built Agentic Workflows with security in mind from day one, starting with the threat model and the security architecture that it needs. It details the defense in depth approach using substrate, configuration, and planning layers, emphasizing zero-secret agents through isolation and careful exposure of host resources. It also highlights the staging and vetting of all writes using safe outputs, and comprehensive logging for observability and future information-flow controls.
A look at how GitHub rebuilt GitHub Actions’ core architecture and shipped upgrades to improve performance, workflow flexibility, reliability, and developer experience.
Jules Tools has quietly joined Gemini CLI and GitHub Actions in Google's lineup. This article details how these command-line agents differ and provides examples of their use.
This article discusses how GitHub Models provides a free, OpenAI-compatible inference API to make AI-powered open source software more accessible. It details the challenges of AI inference (cost, local resources, distribution) and how GitHub Models addresses them, including setup, CI/CD integration, and scaling.
The article details the author's use of Claude Code to add a feature to a GitHub repository: an automatically updated README index. It's accompanied by a 7-minute video demonstrating the process.
emailFinder is a Python-based web scraping tool designed to extract email addresses from websites or URLs listed in a file. It can crawl through website pages, parse content, and efficiently extract email addresses.
Conor Barber explores the evolution of infrastructure from YAML configurations to pipelines-as-code, focusing on modern CI/CD systems like GitHub Actions, GitLab, and CircleCI. The presentation was given at QCon San Francisco 2023, discussing how moving away from YAML can improve scalability, cost efficiency, and developer experience.
Research shows that GitHub Actions, a popular CI/CD platform, is vulnerable to typosquatting attacks, where malicious actors exploit spelling mistakes in action names to trick developers into running malicious code.
This article walks you through building a CI/CD pipeline with GitHub Actions for a .NET microservice deployed to Azure Kubernetes Service. It covers steps like triggering the pipeline, generating a container version, building and pushing the Docker image, and deploying to AKS using Helm charts.
