원클릭으로
github-actions-generator
Create, generate, or scaffold GitHub Actions workflows, action.yml, or .github/workflows CI/CD pipelines.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Create, generate, or scaffold GitHub Actions workflows, action.yml, or .github/workflows CI/CD pipelines.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Validate, lint, audit, or fix .gitlab-ci.yml pipelines, stages, and jobs.
Generate, create, or scaffold Ansible playbooks, roles, tasks, handlers, inventory, vars.
Validate, lint, audit, or debug Ansible playbooks, roles, inventories, FQCN, tasks.
Generate/create/scaffold azure-pipelines.yml, stages, jobs, steps, or reusable templates.
Validate, lint, audit, or review azure-pipelines.yml — syntax, security, best practices.
Generate/create Fluent Bit configs — INPUT, FILTER, OUTPUT, parsers, log pipeline.
| name | github-actions-generator |
| description | Create, generate, or scaffold GitHub Actions workflows, action.yml, or .github/workflows CI/CD pipelines. |
Generate production-ready GitHub Actions workflows and custom actions following current best practices, security standards, and naming conventions. All generated resources are automatically validated using the devops-skills:github-actions-validator skill.
| Capability | When to Use | Reference |
|---|---|---|
| Workflows | CI/CD, automation, testing | references/best-practices.md |
| Composite Actions | Reusable step combinations | references/custom-actions.md |
| Docker Actions | Custom environments/tools | references/custom-actions.md |
| JavaScript Actions | API interactions, complex logic | references/custom-actions.md |
| Reusable Workflows | Shared patterns across repos | references/advanced-triggers.md |
| Security Scanning | Dependency review, SBOM | references/best-practices.md |
| Modern Features | Summaries, environments | references/modern-features.md |
Route every request through this decision tree before reading references or generating files:
.github/workflows/*.yml CI/CD automation, choose Workflow Generation.action.yml or a reusable step package, choose Custom Action Generation.workflow_call or shared pipelines across repositories, choose Reusable Workflow Generation.Load only what is needed for the selected route, in this order:
| Route | Load First (required) | Load Next (only if needed) | Primary Template |
|---|---|---|---|
| Workflow Generation | references/best-practices.md | references/common-actions.md, references/expressions-and-contexts.md, references/modern-features.md | assets/templates/workflow/basic_workflow.yml |
| Custom Action Generation | references/custom-actions.md | references/best-practices.md | assets/templates/action/composite/action.yml, assets/templates/action/docker/, assets/templates/action/javascript/ |
| Reusable Workflow Generation | references/advanced-triggers.md | references/best-practices.md, references/common-actions.md | assets/templates/workflow/reusable_workflow.yml |
If a required reference/template is unavailable, continue with the closest available reference and report the fallback explicitly in output.
Triggers: "Create a workflow for...", "Build a CI/CD pipeline..."
Process:
permissions to read-only, then elevate only per job when requiredreferences/best-practices.md for patternsreferences/common-actions.md for action versionsMinimal Example:
name: CI Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: '24'
cache: 'npm'
- run: npm ci
- run: npm test
Untrusted PR Guardrail (required for secret-using jobs):
jobs:
deploy:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
Triggers: "Create a composite action...", "Build a Docker action...", "Create a JavaScript action..."
Types:
Process:
assets/templates/action/references/custom-actions.mdSee references/custom-actions.md for:
Triggers: "Create a reusable workflow...", "Make this workflow callable..."
Key Elements:
workflow_call trigger with typed inputssecrets: inherit)on:
workflow_call:
inputs:
environment:
required: true
type: string
secrets:
deploy-token:
required: false
outputs:
result:
value: ${{ jobs.build.outputs.result }}
When secrets are required, pass only the exact secret names needed and prefer environment protection rules for deployment stages.
See references/advanced-triggers.md for complete patterns.
Triggers: "Add security scanning...", "Add dependency review...", "Generate SBOM..."
Components:
actions/dependency-review-action@v4actions/attest-sbom@v2github/codeql-actionPermission Model: Use a read-only workflow-level baseline, then elevate only in the security job that requires write scopes.
permissions:
contents: read
jobs:
security-scan:
permissions:
contents: read
security-events: write # For CodeQL
id-token: write # For attestations
attestations: write # For attestations
See references/best-practices.md section on security.
Triggers: "Add job summaries...", "Use environments...", "Run in container..."
See references/modern-features.md for:
$GITHUB_STEP_SUMMARY)When using third-party actions (any uses: entry not in the same repository):
Search for documentation:
"[owner/repo] [version] github action documentation"
Or use Context7 MCP:
mcp__context7__resolve-library-id to find actionmcp__context7__query-docs for documentationPin to SHA with version comment:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Cite source and version in the response:
See references/common-actions.md for pre-verified action versions.
CRITICAL: Every generated resource MUST be validated.
devops-skills:github-actions-validator skillSkip validation only for:
If required tooling or network access is unavailable, use this deterministic fallback order:
devops-skills:github-actions-validator is unavailable, run local fallback checks:
actionlint (if installed)yamllint (if installed)references/common-actions.md for known action versionsassets/templates/Fallback usage must always be reported in the final output.
All generated resources must follow:
| Standard | Implementation |
|---|---|
| Security | Pin to SHA, minimal permissions, mask secrets |
| Performance | Caching, concurrency, shallow checkout |
| Naming | Descriptive names, lowercase-hyphen files |
| Error Handling | Timeouts, cleanup with if: always() |
See references/best-practices.md for complete guidelines.
| Document | Content | When to Use |
|---|---|---|
references/best-practices.md | Security, performance, patterns | Every workflow |
references/common-actions.md | Action versions, inputs, outputs | Public action usage |
references/expressions-and-contexts.md | ${{ }} syntax, contexts, functions | Complex conditionals |
references/advanced-triggers.md | workflow_run, dispatch, ChatOps | Workflow orchestration |
references/custom-actions.md | Metadata, structure, versioning | Custom action creation |
references/modern-features.md | Summaries, environments, containers | Enhanced workflows |
| Template | Location |
|---|---|
| Basic Workflow | assets/templates/workflow/basic_workflow.yml |
| Reusable Workflow | assets/templates/workflow/reusable_workflow.yml |
| Composite Action | assets/templates/action/composite/action.yml |
| Docker Action | assets/templates/action/docker/ |
| JavaScript Action | assets/templates/action/javascript/ |
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
node: [18, 20, 22]
fail-fast: false
deploy:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# Upload
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: build-${{ github.sha }}
path: dist/
# Download (in dependent job)
- uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: build-${{ github.sha }}
Third-party action citations:
- actions/checkout: https://github.com/actions/checkout (version: v6.0.2, sha: de0fac2e4500dabe0009e67214ff5f5447ce83dd, accessed: 2026-02-28)
The task is complete only when all checks below pass:
devops-skills:github-actions-validator (or documented fallback)