GitHub Actions Validation
This skill provides guidance for validating GitHub Actions workflows to ensure correctness, security, and best practices.
When to Use This Skill
This skill is applicable for:
- •Validating GitHub Actions workflow syntax
- •Checking workflow security settings
- •Verifying timeout configurations
- •Ensuring best practices compliance
- •Debugging workflow validation failures
Validation Script Usage
Always use the validation script. Do not run individual commands.
Usage
bash
# Run all validations (recommended before commit) bash github-actions-validation/scripts/validate.sh # Validate specific directory bash github-actions-validation/scripts/validate.sh ./.github/workflows/
What the Script Does
The validation script performs all checks in the correct order:
- •actionlint - Workflow syntax and best practices validation
- •ghalint - Security and configuration validation
- •zizmor - GitHub Actions security scanner
Validation Requirements
Before committing workflow changes:
- • Validation script passes
- • All syntax errors resolved
- • Security warnings addressed
- • Timeout settings configured
- • Permissions minimized
Validation Workflow
- •Make changes - Edit workflow files
- •Run validation:
bash github-actions-validation/scripts/validate.sh - •Fix issues - Address any failures
- •Re-run validation - Ensure all checks pass
- •Commit - Only when validation succeeds
Reference Documentation
For detailed information:
- •Individual Commands - Command usage for debugging
- •Troubleshooting Guide - Error resolution
- •Security Best Practices - Security guidelines