create-github-action

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

GitHub Actions Scaffolder

GitHub Actions 工作流脚手架

You are scaffolding a traditional GitHub Actions YAML workflow — deterministic CI/CD automation with no AI at runtime. This is different from agentic workflows.

你正在搭建一个传统的GitHub Actions YAML工作流——运行时无AI参与的确定性CI/CD自动化流程。这与智能代理（Agent）工作流不同。

When to Use This Skill vs Others

何时使用此工具 vs 其他工具

Task	Use This Skill	Use `create-agentic-workflow`
Run tests on every PR	✅	❌
Build and publish a Docker image	✅	❌
Deploy to GitHub Pages	✅	❌
Check if PR matches the spec	❌	✅
Daily repo health report	❌	✅
Code review with AI judgment	❌	✅

任务	使用此工具	使用 `create-agentic-workflow`
为每个PR运行测试	✅	❌
构建并发布Docker镜像	✅	❌
部署到GitHub Pages	✅	❌
检查PR是否符合规范	❌	✅
每日仓库健康报告	❌	✅
基于AI判断的代码审查	❌	✅

Execution Steps

执行步骤

1. Gather Requirements

1. 收集需求

Ask the user for the following context:

Workflow Category: What does this workflow need to do?
- Test — run unit/integration tests on PR/push (pytest, jest, go test, etc.)
- Build — compile, bundle, or build Docker images
- Lint — run linters or formatters (ruff, eslint, markdownlint, etc.)
- Deploy — publish to GitHub Pages, Vercel, AWS, etc.
- Release — create GitHub releases, publish npm/PyPI packages
- Security — dependency audits, SAST, secret scanning (CodeQL, trivy, etc.)
- Maintenance — scheduled jobs, stale issue cleanup, dependency updates
- Custom — describe the steps manually
Platform/Language: What stack? (Python, Node.js, Go, Docker, .NET, etc.)
Trigger Events: When should this fire?
- ```
pull_request
```
  — on PR open/update (most quality gates)
- ```
push
```
  to main — on merge to main (post-merge validation, deploys)
- ```
workflow_dispatch
```
  — manual run
- ```
schedule
```
  — cron schedule (maintenance jobs)
- ```
release
```
  — on GitHub Release published

向用户询问以下信息：

工作流类别：此工作流需要实现什么功能？
- 测试——在PR/推送时运行单元/集成测试（pytest、jest、go test等）
- 构建——编译、打包或构建Docker镜像
- 代码检查——运行代码检查器或格式化工具（ruff、eslint、markdownlint等）
- 部署——发布到GitHub Pages、Vercel、AWS等平台
- 发布——创建GitHub版本、发布npm/PyPI包
- 安全——依赖审计、静态应用安全测试（SAST）、密钥扫描（CodeQL、trivy等）
- 维护——定时任务、清理陈旧议题、依赖更新
- 自定义——手动描述步骤
平台/语言：使用什么技术栈？（Python、Node.js、Go、Docker、.NET等）
触发事件：何时触发工作流？
- ```
pull_request
```
  ——PR创建/更新时（多数质量管控场景）
- 推送到main分支——合并到main分支后（合并后验证、部署）
- ```
workflow_dispatch
```
  ——手动触发
- ```
schedule
```
  ——定时任务（cron表达式）（维护类任务）
- ```
release
```
  ——GitHub版本发布时

2. Generate the Workflow

2. 生成工作流

Run the scaffold script:

bash

python ~~agent-scaffolders-root/scripts/scaffold_github_action.py \
  --skill-dir <path-to-skill-directory> \
  --category <test|build|lint|deploy|release|security|maintenance|custom> \
  --platform <python|nodejs|go|docker|dotnet|generic> \
  [--triggers pull_request push schedule workflow_dispatch] \
  [--name "My Workflow Name"] \
  [--branch main]

The script outputs a ready-to-use

.yml

file in

.github/workflows/

运行脚手架脚本：

bash

python ~~agent-scaffolders-root/scripts/scaffold_github_action.py \
  --skill-dir <path-to-skill-directory> \
  --category <test|build|lint|deploy|release|security|maintenance|custom> \
  --platform <python|nodejs|go|docker|dotnet|generic> \
  [--triggers pull_request push schedule workflow_dispatch] \
  [--name "My Workflow Name"] \
  [--branch main]

脚本会在

.github/workflows/

目录下生成一个可直接使用的

.yml

文件。

3. Post-Scaffold Guidance

3. 脚手架生成后指导

After generating, advise the user:

Platform-specific secrets: Some steps require repository secrets (e.g.,
```
PYPI_TOKEN
```
,
```
NPM_TOKEN
```
,
```
DOCKER_PASSWORD
```
,
```
DEPLOY_KEY
```
).
Pinned action versions: All generated steps use pinned
```
@v4
```
/
```
@v3
```
action refs for security.
Permissions: Generated workflows declare minimal permissions (
```
contents: read
```
by default, elevated only when needed).
Review before committing: Treat workflow YAML as code — review it before merging.

生成工作流后，建议用户：

平台特定密钥：部分步骤需要仓库密钥（如
```
PYPI_TOKEN
```
、
```
NPM_TOKEN
```
、
```
DOCKER_PASSWORD
```
、
```
DEPLOY_KEY
```
）。
固定Action版本：所有生成的步骤均使用固定的
```
@v4
```
/
```
@v3
```
版本的Action引用，以保障安全。
权限设置：生成的工作流会声明最小必要权限（默认
```
contents: read
```
，仅在需要时提升权限）。
提交前审核：将工作流YAML视为代码——合并前请仔细审核。

GitHub Actions Key Reference

GitHub Actions 关键参考

Available Trigger Events

可用触发事件

Trigger	Fires when	Common for
`pull_request`	PR opened/updated	Tests, lint, security
`push`	Branch pushed	Deploy, release checks
`schedule` (cron)	On a time schedule	Maintenance, reports
`workflow_dispatch`	Manual button click	Deploys, one-off jobs
`release`	Release published	Package publishing
`issues`	Issue opened/labeled	Triage, notifications
`workflow_call`	Called by another workflow	Reusable sub-workflows

触发器	触发时机	常见用途
`pull_request`	PR创建/更新时	测试、代码检查、安全扫描
`push`	分支推送时	部署、发布检查
`schedule` （cron）	定时触发	维护任务、报告生成
`workflow_dispatch`	手动点击按钮触发	部署、一次性任务
`release`	版本发布时	包发布
`issues`	议题创建/标记时	分类处理、通知
`workflow_call`	被其他工作流调用时	可复用子工作流

Permissions Model

权限模型

yaml

permissions:
  contents: read      # Read repo files
  contents: write     # Commit files, push
  pull-requests: write # Comment on PRs
  issues: write       # Create/update issues
  packages: write     # Publish packages
  id-token: write     # OIDC (for cloud deploys)

Always declare minimum required permissions. The
GITHUB_TOKEN
grants no permissions by default unless declared.

yaml

permissions:
  contents: read      # 读取仓库文件
  contents: write     # 提交文件、推送
  pull-requests: write # 对PR添加评论
  issues: write       # 创建/更新议题
  packages: write     # 发布包
  id-token: write     # OIDC（用于云部署）

始终声明最小必要权限。默认情况下，
GITHUB_TOKEN
不授予任何权限，除非明确声明。

Common Action Patterns

常见Action模式

yaml

undefined

yaml

undefined

Checkout

拉取代码

uses: actions/checkout@v4

uses: actions/checkout@v4

Setup language

设置语言环境

uses: actions/setup-python@v5 with: python-version: "3.12"

uses: actions/setup-python@v5 with: python-version: "3.12"

Cache dependencies

缓存依赖

uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}

uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}

Upload artifacts

上传产物

uses: actions/upload-artifact@v4 with: name: report path: output/

uses: actions/upload-artifact@v4 with: name: report path: output/

Publish GitHub Release

发布GitHub版本

uses: softprops/action-gh-release@v2 with: files: dist/*

undefined

uses: softprops/action-gh-release@v2 with: files: dist/*

undefined

Next Actions

后续操作

Offer to run
```
audit-plugin
```
to validate the generated artifacts.

提供运行
```
audit-plugin
```
以验证生成的产物的选项。