Agent-Skills.md

Agent Skills: GitHub Actions Expert

This skill should be used when the user says "add CI", "setup GitHub Actions", "create workflow", "deploy workflow", "automate tests", "CI/CD pipeline", "improve workflow", "fix CI", "optimize GitHub Actions", "agregar CI", "configurar GitHub Actions", "workflow de deploy", "automatizar tests", or when a project has no .github/workflows/ directory. Covers Node.js, Python, and Go stacks.

UncategorizedID: testacode/llm-toolkit/github-actions

Repository

testacode/llm-toolkit
testacodeLicense: Apache-2.0

Install this agent skill to your local

pnpm dlx add-skill https://github.com/testacode/llm-toolkit/tree/HEAD/skills/github-actions

Skill Files

Browse the full folder contents for github-actions.

Download Skill

Loading file tree…

skills/github-actions/SKILL.md

Skill Metadata

Name
github-actions
Description
This skill should be used when the user says "add CI", "setup GitHub Actions", "create workflow", "deploy workflow", "automate tests", "CI/CD pipeline", "improve workflow", "fix CI", "optimize GitHub Actions", "update actions", "bump actions", "dependabot", "renovate", "agregar CI", "configurar GitHub Actions", "workflow de deploy", "automatizar tests", "actualizar actions", or when a project has no .github/workflows/ directory. Covers Node.js, Python, and Go stacks.
<!-- version: 1.1.0 | last_reviewed: 2026-04 -->

GitHub Actions Expert

Skill para configurar GitHub Actions con deteccion proactiva de repos sin CI.

Proactive Detection

Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/:

ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"

Si no hay workflows, preguntar al usuario si quiere agregar CI basico.

Workflow

Phase 0: Knowledge Update

Before generating any workflow, fetch latest documentation via WebSearch:

  • Current action versions (checkout, setup-node, setup-python, setup-go)
  • Latest Node.js LTS version (currently Node 22 "Jod"; Node 24 LTS expected Oct 2026)
  • Recent best practices updates

Templates in references/ track the latest verified versions (see anti-patterns.md for the table). Re-verify if the date in last_reviewed is older than ~3 months.

Phase 1: Stack Detection

Detect project type and tools:

ls package.json 2>/dev/null && echo "NODE_PROJECT"
ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT"
ls go.mod 2>/dev/null && echo "GO_PROJECT"

Detect package manager via lockfile:

| Lockfile | Package Manager | Install Command | |----------|-----------------|-----------------| | pnpm-lock.yaml | pnpm | pnpm install --frozen-lockfile | | bun.lockb | bun | bun install --frozen-lockfile | | package-lock.json | npm | npm ci | | None | npm | npm ci (after npm install generates lock) |

Detect Node version from .nvmrc or package.json engines field using Read tool.

Phase 2: Script Analysis (Node.js)

Read package.json using Read tool and detect available scripts:

  • lint → Include linting step
  • typecheck → Include type checking
  • test → Include testing
  • build → Include build step
  • test:coverage → Include coverage upload

Phase 3: Workflow Selection

Present options based on detected stack:

Node.js: CI Basico, Deploy a GitHub Pages, Release con Tags, Security Scans, Coverage Upload Python: CI Basico (ruff, pyright/mypy, pytest), Coverage Upload Go: CI Basico (go vet, golangci-lint, go test), Release binaries

Selection heuristics (default offerings to avoid over-asking):

  • CI Basico: always offer.
  • Deploy a GitHub Pages: only if user asks OR repo has next.config.*, astro.config.*, vite.config.* with static output, or a docs/ folder with a static-site generator config.
  • Release con Tags: only if user asks OR repo has previous v* tags (git tag --list 'v*' | head -1) or dist/ in .gitignore.
  • Security Scans: only if user asks OR repo has secrets-prone code (auth, env loaders) — otherwise mention as optional.
  • Coverage Upload: only if test:coverage script exists or pyproject.toml has pytest-cov.

When in doubt, ask before scaffolding multiple workflows.

Phase 4: Generate Workflows

Load templates from references/ and customize:

  1. Replace placeholders:

    • {{NODE_VERSION}} → Detected or current LTS (default 22 if undetected)
    • {{PACKAGE_MANAGER}} → npm/pnpm/bun
    • {{INSTALL_COMMAND}} → Based on package manager
    • {{BRANCH}} → main/master (auto-detect)
    • {{SCRIPTS}} → Based on available scripts

  2. Always include: Concurrency control, dependency caching, fail-fast strategy

  3. Create .github/workflows/ if needed

Phase 5: Improve Existing Workflows

If workflows exist, read them and analyze for anti-patterns. See references/anti-patterns.md for the full detection guide and the canonical version table at references/anti-patterns.md → "Action Versions" section.

Common issues: | Anti-Pattern | Fix | |--------------|-----| | Outdated action versions | Bump to versions in anti-patterns.md table | | setup-node without cache | Add cache: '<pkg-manager>' | | npm install | Use npm ci | | No concurrency: | Add concurrency control | | Matrix with single version | Remove unnecessary matrix | | Third-party action pinned to @main | Pin to versioned tag |

Phase 6: Verification

After generating:

  1. Validate YAML (if actionlint available):

    which actionlint && actionlint .github/workflows/*.yml

  2. Check required permissions:

    • GitHub Pages → pages: write, id-token: write
    • Releases → contents: write
    • PRs → pull-requests: write

  3. Show summary of created/updated workflows with triggers, jobs, and next steps.

Templates Reference

Templates in references/:

| Template | Description | |----------|-------------| | nodejs-ci.yml | Standard CI with lint/typecheck/test/build | | nodejs-deploy-pages.yml | Deploy to GitHub Pages | | nodejs-release.yml | Release on tag push (v*) | | python-ci.yml | Python CI with uv/pip, ruff, pytest | | go-ci.yml | Go CI with vet, lint, test | | security.yml | npm audit + secrets scanning |

Concurrency Control Template

Always include in workflows:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

This cancels outdated PR runs but never cancels main branch runs.

Branch Detection

git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'