GitHub Actions CI for Developers: Workflows, Secrets, and Caching

Run tests on every push: YAML structure, matrix builds, encrypted secrets, and faster pipelines with cache.

DevOps & infrastructure Intermediate 6 min read

·

GitHub Actions runs CI when events occur on the repo. The YAML defines jobs; each uses: step downloads an action (reusable automation). You run npm ci instead of npm install in CI because lockfiles make installs deterministic.

Git hosts your code.

Minimal workflow

Why actions/checkout: Runners start empty; without checkout your code is not present.

Why setup-node with cache: Restores node_modules layers between runs—cuts minutes off installs.

name: CI
on: [push, pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"
      - run: npm ci
      - run: npm test

Check: Workflow tab shows green; failing tests block merge if branch protection requires it.

Secrets

Why repository secrets: Tokens never live in YAML committed to Git; GitHub injects them at runtime.

Matrices

Why matrix builds: Catches “passes on Node 20, fails on 18” before users hit it.

Caching

Why invalidate on lockfile change: Stale caches with wrong deps are worse than cold installs.

Related guides

Environment variables and secrets.

Frequently asked questions

Actions minutes cost?

Public repos have generous free tiers; private repos depend on your plan—monitor usage.

Self-hosted runners?

Use when you need GPUs or internal network access; harden them like any server.

Reusable workflows?

Yes—centralize standard build jobs across repositories.

Alternatives?

GitLab CI, CircleCI, Buildkite—concepts transfer: triggers, jobs, secrets, artifacts.