DevOps · 6 modules

CI/CD with GitHub Actions

Automate build, test and deploy the way real pipelines do. Learn workflow triggers, least-privilege secrets and OIDC, matrix builds and reusable workflows — then remember all of it with spaced repetition.

flashcards
39
flashcards
per day
~10 min
per day
level
Intermediate → Advanced
level
modules
6
modules
About this topic

What is GitHub Actions?

GitHub Actions is the CI/CD platform built into GitHub. You describe a workflow — a YAML file that runs on events like a push, a pull request or a schedule — and GitHub spins up runners to build, test and deploy your code automatically, right next to the repository it lives in.

The real power is in the details production pipelines depend on: triggers and expressions that decide exactly when and how a workflow runs, least-privilege secrets and OIDC that let you deploy to the cloud without storing long-lived keys, matrix builds that test across many versions at once, and reusable workflows that keep large setups DRY.

This track goes past "what is a job or a step" into the advanced, practical knowledge that makes pipelines fast, secure and maintainable — and uses spaced repetition so it sticks when you are debugging a red build or hardening a deploy.

What you'll learn

6 modules, seed to bloom

Each module is a set of flashcards — 39 in total. Answer, review, and watch your knowledge grow from seed to full bloom.

Workflow Triggers & Execution

How workflows start and flow — event triggers, path filters, expressions, conditionals, job outputs, and schedules.

7 cards

Actions & Composite Actions

Reusing and building actions — action types, SHA pinning, composite actions, step outputs, env files, and Dependabot updates.

6 cards

Security, Secrets & OIDC

Hardening pipelines — least-privilege GITHUB_TOKEN, OIDC keyless cloud auth, environments, secret masking, and secret scopes.

7 cards

Matrix, Caching & Artifacts

Scaling and speeding up builds — matrix include/exclude, fail-fast, caching with restore-keys, artifacts between jobs, and run summaries.

6 cards

Reusable Workflows, Concurrency & Runners

Composing at scale — callable workflows, secrets: inherit, concurrency groups, and self-hosted vs GitHub-hosted runners.

6 cards

Practical Tips

Real-world CI/CD troubleshooting — why fork PRs lack secrets, caches miss, OIDC fails, deploys race, and matrix jobs cancel.

7 cards
Try before you plant

Sample questions

A taste of the real flashcards. Pick an answer, then reveal the explanation.

Sample · CI/CD with GitHub Actions

How does the pull_request_target event differ from pull_request?

  • AIt runs in the base repository context with access to secrets, unlike pull_request which does not
  • BIt runs only after the pull request is merged into the base branch, unlike pull_request which runs on open
  • CIt runs the workflow version from the pull request head branch, unlike pull_request which uses the base
  • DIt targets a specific deployment environment for the pull request, unlike pull_request which is untargeted
Sample · CI/CD with GitHub Actions

How should you reference a third-party action to guard against supply-chain tampering?

  • APin the action to a full-length commit SHA rather than a tag, since tags are mutable and movable
  • BPin the action to a signed release tag rather than a branch, since signed tags can never be altered
  • CFork the action into your own organization rather than using upstream, since forks receive no updates
  • DVendor the action source into your own repository rather than referencing it, since copies never change
Sample · CI/CD with GitHub Actions

What is the point of using OIDC to authenticate to a cloud provider?

  • AExchange a short-lived OIDC token for cloud credentials at runtime, so no long-lived keys are stored
  • BStore the cloud provider access key and secret in encrypted repository secrets, read in at runtime
  • CInstall the cloud CLI on a self-hosted runner already authenticated through its own instance profile
  • DEmbed a long-lived service-account token in the workflow file, scoped down to the deployment role
Sample · CI/CD with GitHub Actions

What do restore-keys add to an actions/cache step?

  • AOrdered prefixes so a partial cache is restored when the exact primary key produces a miss
  • BRegex patterns so any cache whose key matches the pattern is restored when the primary key misses
  • CA shorter key so the cache action rounds it to the nearest saved entry when the primary key misses
  • DExtra key values in an array so the action tries each one in turn until one of the caches hits
How Gnoseed works

Learn it once, keep it for good

1

Answer a question

Each card is one practical concept with multiple options. Pick what you think is right.

2

Get the full answer

See the correct option plus a clear explanation, and a link to deeper docs when one is available.

3

Review at the right time

A spaced-repetition engine (SM-2 or FSRS) resurfaces each card just before you would forget it.

Why learn this

Why GitHub Actions is worth your time

The default CI/CD for millions of repos

GitHub Actions ships with GitHub, so it is the most widely used CI system. Fluency is a baseline DevOps skill.

Deploy without stored keys

OIDC and least-privilege tokens let you ship to the cloud securely — a modern best practice interviewers ask about.

Faster, DRY pipelines

Matrix builds, caching and reusable workflows cut build times and stop copy-paste spreading across an org.

Debug red builds with confidence

Understanding triggers, permissions and concurrency turns a failing pipeline from a mystery into a quick fix.

FAQ

Common questions

Do I need to know GitHub Actions basics first? +

This track is pitched at the advanced, practical layer — triggers and expressions, security and OIDC, matrix, and reusable workflows. If jobs, steps and runners are brand new, skim the Git & GitHub track first, then come here.

How long does it take? +

About 10 minutes a day. Spaced repetition means short, frequent sessions beat long cramming, so the workflow syntax and patterns stick.

Is it free? +

Yes, completely free. No registration or credit card is required, and all your progress is stored locally in your browser.

Is this tied to a specific language or cloud? +

No. The concepts — triggers, secrets, OIDC, matrix, caching and reusable workflows — apply to any stack you build, test or deploy with GitHub Actions.

Ready to master GitHub Actions?

Plant your first seed today. Ten minutes a day is all it takes to grow pipelines that are fast, secure and built to last.

Start learning free