Automate build, test and deploy the way real pipelines do. Learn workflow triggers, least-privilege secrets and OIDC, matrix builds and reusable workflows — then remember all of it with spaced repetition.
GitHub Actions is the CI/CD platform built into GitHub. You describe a workflow — a YAML file that runs on events like a push, a pull request or a schedule — and GitHub spins up runners to build, test and deploy your code automatically, right next to the repository it lives in.
The real power is in the details production pipelines depend on: triggers and expressions that decide exactly when and how a workflow runs, least-privilege secrets and OIDC that let you deploy to the cloud without storing long-lived keys, matrix builds that test across many versions at once, and reusable workflows that keep large setups DRY.
This track goes past "what is a job or a step" into the advanced, practical knowledge that makes pipelines fast, secure and maintainable — and uses spaced repetition so it sticks when you are debugging a red build or hardening a deploy.
Each module is a set of flashcards — 39 in total. Answer, review, and watch your knowledge grow from seed to full bloom.
How workflows start and flow — event triggers, path filters, expressions, conditionals, job outputs, and schedules.
7 cardsReusing and building actions — action types, SHA pinning, composite actions, step outputs, env files, and Dependabot updates.
6 cardsHardening pipelines — least-privilege GITHUB_TOKEN, OIDC keyless cloud auth, environments, secret masking, and secret scopes.
7 cardsScaling and speeding up builds — matrix include/exclude, fail-fast, caching with restore-keys, artifacts between jobs, and run summaries.
6 cardsComposing at scale — callable workflows, secrets: inherit, concurrency groups, and self-hosted vs GitHub-hosted runners.
6 cardsReal-world CI/CD troubleshooting — why fork PRs lack secrets, caches miss, OIDC fails, deploys race, and matrix jobs cancel.
7 cardsA taste of the real flashcards. Pick an answer, then reveal the explanation.
How does the pull_request_target event differ from pull_request?
How should you reference a third-party action to guard against supply-chain tampering?
What is the point of using OIDC to authenticate to a cloud provider?
What do restore-keys add to an actions/cache step?
Each card is one practical concept with multiple options. Pick what you think is right.
See the correct option plus a clear explanation, and a link to deeper docs when one is available.
A spaced-repetition engine (SM-2 or FSRS) resurfaces each card just before you would forget it.
GitHub Actions ships with GitHub, so it is the most widely used CI system. Fluency is a baseline DevOps skill.
OIDC and least-privilege tokens let you ship to the cloud securely — a modern best practice interviewers ask about.
Matrix builds, caching and reusable workflows cut build times and stop copy-paste spreading across an org.
Understanding triggers, permissions and concurrency turns a failing pipeline from a mystery into a quick fix.
This track is pitched at the advanced, practical layer — triggers and expressions, security and OIDC, matrix, and reusable workflows. If jobs, steps and runners are brand new, skim the Git & GitHub track first, then come here.
About 10 minutes a day. Spaced repetition means short, frequent sessions beat long cramming, so the workflow syntax and patterns stick.
Yes, completely free. No registration or credit card is required, and all your progress is stored locally in your browser.
No. The concepts — triggers, secrets, OIDC, matrix, caching and reusable workflows — apply to any stack you build, test or deploy with GitHub Actions.
Plant your first seed today. Ten minutes a day is all it takes to grow pipelines that are fast, secure and built to last.