github-action
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGitHub Actions
GitHub Actions
GitHub Actions 워크플로우 작성, 커스텀 액션, 보안 강화를 위한 종합 가이드입니다.
핵심 철학:
- 최소 권한 (permissions)
- SHA 고정 (third-party actions)
- 재사용 (composite action / reusable workflow)
- OIDC (secretless cloud auth)
- 빠른 피드백 (concurrency + path filter + cache)
这是一份关于GitHub Actions工作流编写、自定义Action、安全加固的综合指南。
核心原则:
- 最小权限(permissions)
- SHA固定(第三方actions)
- 可复用(composite action / reusable workflow)
- OIDC(无密钥云认证)
- 快速反馈(concurrency + 路径过滤 + 缓存)
Instructions
操作说明
워크플로우: 요청 분석 및 리소스 선택
工作流:请求分析及资源选择
사용자 요청의 키워드를 분석하여 필요한 리소스만 로드합니다.
分析用户请求的关键词,仅加载所需资源。
키워드 매칭
关键词匹配
| 키워드 | 리소스 |
|---|---|
| workflow, trigger, on, push, pull_request, schedule, dispatch | 01-workflow-basics.md |
| permissions, concurrency, environment, expressions, contexts | 01-workflow-basics.md |
| custom action, composite, action.yml, JavaScript action, Docker action | 02-custom-actions.md |
| reusable, workflow_call, shared workflow | 03-reusable-workflows.md |
| matrix, artifacts, cache, dynamic matrix, service containers, parallel jobs | 04-advanced-patterns.md |
| release, versioning, changelog, semantic-release, release-please | 05-release-deploy.md |
| deploy, environment, OIDC, deployment | 05-release-deploy.md |
| security, pin SHA, Dependabot, harden-runner, GITHUB_TOKEN, injection | 06-security.md |
| 关键词 | 资源 |
|---|---|
| workflow, trigger, on, push, pull_request, schedule, dispatch | 01-workflow-basics.md |
| permissions, concurrency, environment, expressions, contexts | 01-workflow-basics.md |
| custom action, composite, action.yml, JavaScript action, Docker action | 02-custom-actions.md |
| reusable, workflow_call, shared workflow | 03-reusable-workflows.md |
| matrix, artifacts, cache, dynamic matrix, service containers, parallel jobs | 04-advanced-patterns.md |
| release, versioning, changelog, semantic-release, release-please | 05-release-deploy.md |
| deploy, environment, OIDC, deployment | 05-release-deploy.md |
| security, pin SHA, Dependabot, harden-runner, GITHUB_TOKEN, injection | 06-security.md |
리소스 적용
资源应用
- 현재 상태 파악: 기존 .github/workflows/ 확인
- 리소스 로드: 키워드 매칭으로 필요 리소스 Read
- 설정 생성: 워크플로우/액션 파일 생성
- 검증: YAML 문법, 로컬 실행 또는 push 후 확인
act
- 了解当前状态: 检查现有.github/workflows/目录
- 加载资源: 通过关键词匹配阅读所需资源
- 创建配置: 生成工作流/Action文件
- 验证: 检查YAML语法、使用act本地运行或推送后验证
Examples
示例
CI 워크플로우 작성
编写CI工作流
User: "GitHub Actions로 PR 시 lint + test 돌려줘"
-> Read 01-workflow-basics.md
-> .github/workflows/ci.yml 생성 (permissions, concurrency, path filter 포함)
用户:"用GitHub Actions在PR时运行lint + test"
-> 阅读01-workflow-basics.md
-> 创建.github/workflows/ci.yml(包含permissions、concurrency、路径过滤)
커스텀 액션 작성
编写自定义Action
User: "반복되는 setup 단계를 composite action으로 만들어줘"
-> Read 02-custom-actions.md
-> action.yml + 사용 예시 생성
用户:"把重复的setup步骤做成composite action"
-> 阅读02-custom-actions.md
-> 生成action.yml + 使用示例
Reusable 워크플로우
可复用工作流
User: "배포 워크플로우를 여러 서비스에서 재사용하게 해줘"
-> Read 03-reusable-workflows.md
-> workflow_call 기반 워크플로우 + caller 예시 생성
用户:"让部署工作流能在多个服务中复用"
-> 阅读03-reusable-workflows.md
-> 生成基于workflow_call的工作流 + 调用示例
릴리즈 자동화
发布自动化
User: "main에 머지하면 자동으로 릴리즈하게 설정해줘"
-> Read 05-release-deploy.md
-> release-please 또는 semantic-release 워크플로우 생성
用户:"合并到main后自动发布"
-> 阅读05-release-deploy.md
-> 生成release-please或semantic-release工作流
보안 강화
安全加固
User: "GitHub Actions 보안 점검해줘"
-> Read 06-security.md
-> SHA 고정, permissions 최소화, Dependabot 설정
用户:"检查GitHub Actions的安全性"
-> 阅读06-security.md
-> 配置SHA固定、最小化permissions、Dependabot
Technical Details
技术细节
- : 트리거, permissions, concurrency, environments, expressions
resources/01-workflow-basics.md - : composite, JavaScript, Docker 액션 작성
resources/02-custom-actions.md - : workflow_call, inputs/outputs/secrets
resources/03-reusable-workflows.md - : matrix, artifacts, caching, dynamic matrix
resources/04-advanced-patterns.md - : semantic-release, release-please, 환경별 배포
resources/05-release-deploy.md - : OIDC, SHA 고정, Dependabot, script injection 방지
resources/06-security.md
- : 触发器、permissions、concurrency、环境、表达式
resources/01-workflow-basics.md - : composite、JavaScript、Docker Action编写
resources/02-custom-actions.md - : workflow_call、输入/输出/密钥
resources/03-reusable-workflows.md - : 矩阵、工件、缓存、动态矩阵
resources/04-advanced-patterns.md - : semantic-release、release-please、分环境部署
resources/05-release-deploy.md - : OIDC、SHA固定、Dependabot、脚本注入防护
resources/06-security.md