GitHub Actions Best Practices

• About GitHub Actions
• GitHub Actions Learning Pathways (Training)
• GitHub Actions Public Roadmap

Innersource and Collaboration

• Share automation and avoid duplication with Reusable Workflows and Composite Actions
• Create and share Custom Actions for unique use cases
• Minimize and centralize ownership with Required Workflows
• Leverage existing Actions from the GitHub Actions Marketplace
• Estimate spending, gather insights, and set budgets with the Enhanced Billing Platform
• Monitor usage and performance with the Actions Insights Dashboards

Security

• Security for GitHub Actions (comprehensive resource)
  • Hardening
  • Secret Management
  • Authentication
  • Artifact Attestation
  • OpenID Connect
• Private networking for GitHub-hosted runners
• Create static IP addresses for hosted runners
• Use Verified Creators from the GitHub Actions Marketplace
• Identify GitHub Action Workflow file vulnerabilities with CodeQL

Within Workflows

• Utilize Environments to track deployments
• Separate concerns, one workflow per use case
• Automate everything with triggers, schedules and webhooks

Infrastructure

• When to choose GitHub-Hosted runners or self-hosted runners with GitHub Actions
• Leverage Larger Runners for significant workloads

Migration

• Migrating to GitHub Actions Docs
• Automate migration with the GitHub Actions Importer