Menü
Operate GitHub repositories, workflows, and PRs efficiently. Use for Actions optimization, PR hygiene, repo maintenance, and team collaboration patterns.
| name | github |
| description | Operate GitHub repositories, workflows, and PRs efficiently. Use for Actions optimization, PR hygiene, repo maintenance, and team collaboration patterns. |
| disable-model-invocation | true |
gh --version # GitHub CLI
act --version # Local Actions runner (optional)
Check GitHub CLI releases and GitHub Actions runner releases.
# Create PR from current branch
gh pr create --title "feat: add OAuth2 login" --body-file .github/PULL_REQUEST_TEMPLATE.md
# View checks
gh pr checks --watch --fail-fast
# Checkout a PR for local review
gh pr checkout 123
# View PR diff with comments
gh pr view 123 --comments
# Merge when green
gh pr merge --squash --delete-branch
# Review from CLI
gh pr review 123 --approve --body "LGTM"
- uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
strategy:
fail-fast: false
matrix:
node: [20, 22]
os: [ubuntu-latest]
jobs:
ci:
uses: ./.github/workflows/reusable-ci.yml
with:
node-version: 22
secrets: inherit
| Anti-Pattern | Why It's Wrong | Fix |
|---|---|---|
actions/checkout@v2 | Deprecated, security risks | Use actions/checkout@v4 |
set-output command | Deprecated | Use GITHUB_OUTPUT env file |
save-state / set-env | Security vulnerability | Use GITHUB_STATE / GITHUB_ENV |
| No timeout on jobs | Runaway jobs burn minutes | timeout-minutes: 10 |
pull_request_target without care | Can expose secrets to forks | Use pull_request for untrusted code |
| Hardcoded secrets in workflows | Leaked in logs, not rotatable | Use GitHub Secrets + environments |
permissions: write-all | Overprivileged workflows | Explicit permissions block |
.github/workflows/ files pass actionlint or yamllintuses: references are pinned to major version or SHApermissions: is explicitly defined (not default write-all)${{ secrets.XXX }})timeout-minutesDaily research agent for
Weekly research agent for
Daily research agent for
Build, run, and secure Docker containers with current best practices. Use for Dockerfile review, multi-stage builds, Compose orchestration, image hardening, and CI/CD integration.
Deploy, manage, and troubleshoot Kubernetes workloads. Use for manifest review, Helm chart validation, resource tuning, RBAC, and cluster operations.
Design and operate application observability with metrics, logs, traces, and alerts. Use for SLO definition, dashboard design, on-call runbooks, and incident response.