| name | agentic-workflow-development |
| description | gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows |
| license | Apache-2.0 |
🛠️ Agentic Workflow Development Skill
Purpose
Development lifecycle guidance for GitHub Agentic Workflows: CLI setup, compilation, testing, debugging, sharing workflows via add-wizard, version control, and CI/CD integration.
When to Use
Apply this skill when:
- Setting up gh-aw development environment
- Creating, testing, and debugging workflows
- Sharing workflows via
gh aw add-wizard
- Implementing CI/CD for workflow deployment
- Troubleshooting workflow execution issues
Rules
CLI Setup and Usage
MUST:
- Install GitHub CLI:
gh --version to verify
- Install gh-aw extension:
gh extension install github/gh-aw
- Keep gh-aw updated:
gh extension upgrade gh-aw
- Initialize repositories:
gh aw init for new projects
- Use CLI for all workflow operations (not manual file editing of
.lock.yml)
MUST NOT:
- Manually edit
.lock.yml files
- Use outdated gh-aw versions
- Skip repository initialization
- Bypass CLI for workflow management
Development Workflow
MUST:
- Create workflow
.md files in .github/workflows/
- Use descriptive workflow names (kebab-case)
- Compile after every edit:
gh aw compile
- Test workflows before committing:
gh aw run <workflow-name>
- Review compilation output for warnings
- Commit both
.md and .lock.yml files together
- Write meaningful commit messages
MUST NOT:
- Edit workflows without compiling
- Commit
.md without .lock.yml
- Skip testing before merge
- Use generic commit messages
Rapid Iteration with Watch Mode
MUST:
- Use
gh aw compile --watch for active development
- Keep watch mode running in dedicated terminal
- Review compilation errors immediately
- Test changes incrementally
- Save frequently to trigger recompilation
MUST NOT:
- Ignore watch mode error messages
- Make multiple changes without testing
- Disable automatic compilation during development
Testing Strategies
MUST:
- Test with
workflow_dispatch trigger first
- Use
gh aw run <workflow-name> for manual testing
- Test with real repository data
- Verify safe-outputs work as expected
- Test error conditions and edge cases
- Review GitHub Actions logs after each test run
- Test permission boundaries
MUST NOT:
- Test only happy path scenarios
- Skip permission testing
- Test in production without staging
- Ignore test failures
Debugging Techniques
MUST:
- Use
gh aw logs to review execution logs
- Check GitHub Actions workflow run details
- Review compilation output for syntax errors
- Add debug logging to workflow instructions
- Test workflows in isolation
- Use
gh aw status to check workflow health
- Reproduce issues locally when possible
MUST NOT:
- Debug only by editing production workflows
- Ignore error messages
- Skip log review
- Make blind fixes without understanding root cause
Version Control Practices
MUST:
- Use feature branches for workflow changes
- Write descriptive pull request descriptions
- Include workflow testing results in PRs
- Review workflow changes carefully (both
.md and .lock.yml)
- Tag workflow versions for major changes
- Maintain changelog for workflow evolution
- Document breaking changes
MUST NOT:
- Commit directly to main branch
- Merge without review
- Skip documentation updates
- Delete workflow history
Code Review for Workflows
MUST:
- Review natural language instructions for clarity
- Verify security settings (permissions, tools, network)
- Check safe-outputs configuration
- Validate trigger appropriateness
- Confirm secret usage is correct
- Test workflow before approving PR
- Verify compilation produces expected
.lock.yml
MUST NOT:
- Approve without testing
- Skip security review
- Ignore compilation warnings
- Rubber-stamp workflow changes
Workflow Organization
MUST:
- Group related workflows in subdirectories (if supported)
- Use consistent naming conventions
- Document workflow purpose in file header
- Create README for complex workflow systems
- Link related workflows explicitly
- Maintain workflow dependency documentation
MUST NOT:
- Create monolithic workflows (split into orchestrator-worker)
- Use unclear or cryptic names
- Leave workflows undocumented
- Create hidden dependencies
Performance Optimization
MUST:
- Profile workflow execution time
- Optimize AI prompts for clarity and brevity
- Batch operations when possible
- Cache results to avoid redundant work
- Use appropriate trigger frequencies
- Monitor resource usage and costs
MUST NOT:
- Over-trigger workflows
- Create unnecessarily complex instructions
- Ignore performance warnings
- Skip cost monitoring
Maintenance and Upgrades
MUST:
- Regularly update gh-aw CLI:
gh extension upgrade gh-aw
- Upgrade workflow dependencies:
gh aw upgrade
- Review and apply workflow template updates
- Monitor for deprecated features
- Test upgrades in non-production first
- Document upgrade procedures
- Maintain backward compatibility when possible
MUST NOT:
- Let workflows become outdated
- Skip testing after upgrades
- Apply breaking changes without notice
- Ignore deprecation warnings
Examples
Example 1: Complete Development Workflow
cd my-repo
gh aw init
cat > .github/workflows/issue-triage.md << 'EOF'
---
on: issues
permissions: read-all
tools:
github:
safe-outputs:
create-comment:
max: 1
---
Analyze new issues and provide triage information.
EOF
gh aw compile --watch &
gh aw run issue-triage
gh aw logs issue-triage
git add .github/workflows/issue-triage.md
git add .github/workflows/issue-triage.lock.yml
git commit -m "Add issue triage workflow"
git push origin feature/issue-triage
gh pr create --title "Add issue triage workflow" \
--body "Implements automated issue triage with AI"
Example 2: Debugging Workflow Issues
gh aw status
gh aw logs my-workflow --tail 100
gh aw compile --verbose
gh aw run my-workflow --debug
gh run list --workflow=my-workflow.lock.yml
gh run view <run-id> --log
gh aw doctor
Example 3: Testing Workflow Changes
git checkout -b test/workflow-improvements
vim .github/workflows/pr-reviewer.md
gh aw compile
if [ $? -ne 0 ]; then
echo "Compilation failed"
exit 1
fi
gh aw run pr-reviewer
sleep 30
gh aw logs pr-reviewer --tail 50
git add .github/workflows/pr-reviewer.md
git add .github/workflows/pr-reviewer.lock.yml
git commit -m "Improve PR reviewer workflow logic"
git push origin test/workflow-improvements
Example 4: Workflow CI/CD Pipeline
name: Workflow CI
on:
pull_request:
paths:
- '.github/workflows/*.md'
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup GitHub CLI
run: gh --version
- name: Install gh-aw
run: gh extension install github/gh-aw
- name: Compile workflows
run: gh aw compile --check
- name: Validate workflow structure
run: |
for workflow in .github/workflows/*.md; do
echo "Validating $workflow"
gh aw validate "$workflow"
done
- name: Check for security issues
run: gh aw security-check
- name: Verify lock files are up to date
run: |
gh aw compile
if [ -n "$(git status --porcelain .github/workflows/*.lock.yml)" ]; then
echo "Lock files out of date. Run: gh aw compile"
exit 1
fi
Example 5: Workflow with Debug Logging
---
on: workflow_dispatch
permissions: read-all
tools:
github:
safe-outputs:
create-comment:
max: 1
---
# Debug Example Workflow
**DEBUG MODE ENABLED**
Log all steps for debugging:
1. List repository details
- Log: Repository name, owner, default branch
2. Check issue count
- Log: Total open issues, closed issues
3. Analyze most recent issue
- Log: Issue number, title, author
- Log: Label count, comment count
4. Generate report
- Include all logged data
- Post as comment on issue #1
Use verbose output for all operations.
Example 6: Workflow Upgrade Process
gh extension list
gh extension upgrade gh-aw
gh aw check-updates
gh aw upgrade --dry-run
gh aw upgrade
gh aw compile
gh aw run critical-workflow-1
gh aw run critical-workflow-2
git add .github/workflows/
git commit -m "Upgrade workflows to gh-aw v2.0"
Example 7: Local Development Setup Script
#!/bin/bash
set -e
echo "Setting up Agentic Workflows development environment..."
if ! command -v gh &> /dev/null; then
echo "Installing GitHub CLI..."
brew install gh
fi
echo "Installing gh-aw extension..."
gh extension install github/gh-aw || gh extension upgrade gh-aw
echo "Initializing repository..."
gh aw init
cat > .git/hooks/pre-commit << 'EOF'
if git diff --cached --name-only | grep -q ".github/workflows/.*\.md"; then
echo "Compiling workflows..."
gh aw compile || exit 1
git add .github/workflows/*.lock.yml
fi
EOF
chmod +x .git/hooks/pre-commit
echo "Setup complete! Development environment ready."
echo "- gh-aw version: $(gh aw version)"
echo "- Pre-commit hook installed"
Example 8: Workflow Testing Framework
#!/bin/bash
set -e
echo "Testing all agentic workflows..."
WORKFLOWS=$(ls .github/workflows/*.md | xargs -n1 basename -s .md)
for workflow in $WORKFLOWS; do
echo "Testing: $workflow"
gh aw compile "$workflow" || {
echo "❌ Compilation failed: $workflow"
exit 1
}
gh aw validate "$workflow" || {
echo "❌ Validation failed: $workflow"
exit 1
}
gh aw security-check "$workflow" || {
echo "❌ Security check failed: $workflow"
exit 1
}
echo "✅ $workflow passed all checks"
done
echo "All workflows tested successfully!"
CLI Command Reference
gh extension install github/gh-aw
gh extension upgrade gh-aw
gh aw init
gh aw compile
gh aw compile <name>
gh aw compile --watch
gh aw compile --check
gh aw run <name>
gh aw run <name> --debug
gh aw logs
gh aw logs <name>
gh aw logs <name> --tail 100
gh aw status
gh aw add <url>
gh aw add-wizard <url>
gh aw doctor
gh aw validate <name>
gh aw security-check
gh aw upgrade
gh aw check-updates
Best Practices Checklist
Development
Testing
Security
Collaboration
Maintenance
Troubleshooting Guide
Compilation Errors
Symptom: gh aw compile fails
Solutions:
- Check YAML frontmatter syntax
- Verify all required fields present
- Review error message carefully
- Check for unclosed quotes or brackets
- Validate indentation
Workflow Won't Trigger
Symptom: Workflow doesn't run on expected events
Solutions:
- Verify
.lock.yml is committed
- Check trigger configuration in frontmatter
- Review GitHub Actions logs
- Ensure workflow name is correct
- Check repository workflow permissions
Permission Denied Errors
Symptom: Workflow fails with permission errors
Solutions:
- Review
permissions: in frontmatter
- Check if safe-outputs needed
- Verify secrets configured correctly
- Ensure token has required scopes
- Check repository Actions permissions
Slow or Hanging Workflows
Symptom: Workflows take too long or never complete
Solutions:
- Add explicit timeouts
- Simplify workflow instructions
- Check for infinite loops
- Review tool usage (disable unused tools)
- Monitor GitHub Actions queue
Unexpected AI Behavior
Symptom: AI doesn't follow instructions
Solutions:
- Make instructions more specific
- Add examples to workflow
- Break complex tasks into steps
- Use imperative language
- Consider different engine
Related ISMS Policies
This skill aligns with:
Related Skills
Related Documentation
Compliance Mapping
ISO 27001:2022
- A.8.25 Secure development life cycle
- A.8.32 Change management
- A.5.37 Documented operating procedures
NIST Cybersecurity Framework 2.0
- PR.IP-02: System development lifecycle
- PR.MA-01: Maintenance is performed
- DE.CM-08: Vulnerability scans are performed
CIS Controls v8.1
- Control 16: Application Software Security
- 16.1 Secure Application Development Process
- 16.3 Maintain Separate Development Environments
Enforcement
Development practice violations:
- Critical: Committing without compilation, exposed secrets - Block deployment
- High: Missing tests, no code review - Require remediation
- Medium: Incomplete documentation, style issues - Create improvement tickets
- Low: Minor optimization opportunities - Optional improvements
Version History
- 2026-04-02: Updated with add-wizard sharing, latest CLI commands, and Agent Factory learnings
- 2026-02-11: Initial skill creation