
from claude-skills18
Guides creation, configuration, publishing, and security best practices for GitHub Actions (JavaScript, Docker, and composite).
This skill teaches an agent to create, configure, troubleshoot, and publish GitHub Actions. It covers JavaScript-based actions, Docker container actions, and composite actions, including project structure, action.yml metadata, inputs/outputs, packaging (ncc bundling), and runtime considerations. The skill also includes practical snippets for reading inputs, setting outputs, using @actions/core and @actions/github, and examples for Dockerfiles and composite workflows. Security practices (least-privilege tokens, secret masking, dependency audits) and marketplace publishing steps are described.
Use this skill whenever the agent needs to: develop or review a custom GitHub Action, prepare an action for the Marketplace, configure action metadata or inputs/outputs, troubleshoot failing workflows, harden action permissions and secrets, or optimize action performance and caching. It is especially useful during CI/CD setup, publishing releases, or when advising on action security.
Likely useful for agents with code-analysis and repository access capabilities (e.g., Claude Code, Copilot-style assistants, or any agent able to read/write repository files and run CLI tests).
Comprehensive GitHub Actions skill covering JavaScript, Docker, and composite action types with code examples, security best practices, marketplace publishing, and troubleshooting. Purely instructional — no bundled scripts. Well-organized sections with practical examples and anti-fabrication requirements.
Clean, well-written reference skill. Security section is solid with correct markings on good/bad patterns. No executable code, no network calls, no credentials. Useful as a knowledge base for GitHub Actions development.