GitHub Actions Expert
Skill para configurar GitHub Actions con deteccion proactiva de repos sin CI.
Proactive Detection
Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/:
ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"
Si no hay workflows, preguntar al usuario si quiere agregar CI basico.
Workflow
Phase 0: Knowledge Update
Before generating any workflow, fetch latest documentation via WebSearch:
- Current action versions (checkout, setup-node, setup-python, setup-go)
- Latest Node.js LTS version
- Recent best practices updates
Phase 1: Stack Detection
Detect project type and tools:
ls package.json 2>/dev/null && echo "NODE_PROJECT"
ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT"
ls go.mod 2>/dev/null && echo "GO_PROJECT"
Detect package manager via lockfile:
| Lockfile | Package Manager | Install Command |
|----------|-----------------|-----------------|
| pnpm-lock.yaml | pnpm | pnpm install --frozen-lockfile |
| bun.lockb | bun | bun install --frozen-lockfile |
| package-lock.json | npm | npm ci |
| None | npm | npm ci (after npm install generates lock) |
Detect Node version from .nvmrc or package.json engines field using Read tool.
Phase 2: Script Analysis (Node.js)
Read package.json using Read tool and detect available scripts:
lint→ Include linting steptypecheck→ Include type checkingtest→ Include testingbuild→ Include build steptest:coverage→ Include coverage upload
Phase 3: Workflow Selection
Present options based on detected stack:
Node.js: CI Basico, Deploy a GitHub Pages, Release con Tags, Security Scans, Coverage Upload Python: CI Basico (ruff, pyright/mypy, pytest), Coverage Upload Go: CI Basico (go vet, golangci-lint, go test), Release binaries
Phase 4: Generate Workflows
Load templates from references/ and customize:
-
Replace placeholders:
{{NODE_VERSION}}→ Detected or current LTS{{PACKAGE_MANAGER}}→ npm/pnpm/bun{{INSTALL_COMMAND}}→ Based on package manager{{BRANCH}}→ main/master (auto-detect){{SCRIPTS}}→ Based on available scripts
-
Always include: Concurrency control, dependency caching, fail-fast strategy
-
Create
.github/workflows/if needed
Phase 5: Improve Existing Workflows
If workflows exist, read them and analyze for anti-patterns. See references/anti-patterns.md for the full detection guide.
Common issues:
| Anti-Pattern | Fix |
|--------------|-----|
| Outdated action versions | Update to latest |
| setup-node without cache | Add cache: '<pkg-manager>' |
| npm install | Use npm ci |
| No concurrency: | Add concurrency control |
| Matrix with single version | Remove unnecessary matrix |
Phase 6: Verification
After generating:
-
Validate YAML (if actionlint available):
which actionlint && actionlint .github/workflows/*.yml -
Check required permissions:
- GitHub Pages →
pages: write,id-token: write - Releases →
contents: write - PRs →
pull-requests: write
- GitHub Pages →
-
Show summary of created/updated workflows with triggers, jobs, and next steps.
Templates Reference
Templates in references/:
| Template | Description |
|----------|-------------|
| nodejs-ci.yml | Standard CI with lint/typecheck/test/build |
| nodejs-deploy-pages.yml | Deploy to GitHub Pages |
| nodejs-release.yml | Release on tag push (v*) |
| python-ci.yml | Python CI with uv/pip, ruff, pytest |
| go-ci.yml | Go CI with vet, lint, test |
| security.yml | npm audit + secrets scanning |
Concurrency Control Template
Always include in workflows:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
This cancels outdated PR runs but never cancels main branch runs.
Branch Detection
git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'