name: github-actions-expert
description: Expert in GitHub Actions for CI/CD automation. This skill should be used when the user says "add CI", "setup GitHub Actions", "create workflow", "deploy workflow", "automate tests", "CI/CD pipeline", "agregar CI", "configurar GitHub Actions", "workflow de deploy", or when the project lacks .github/workflows/.
allowed-tools: Bash, Read, Write, Edit, Glob, Grep, WebSearch, mcp__plugin_context7_context7__resolve-library-id, mcp__plugin_context7_context7__query-docs

GitHub Actions Expert

Skill para configurar GitHub Actions con detección proactiva de repos sin CI.

Proactive Detection

Al iniciar trabajo en un proyecto, verificar si existe .github/workflows/:

ls -la .github/workflows/ 2>/dev/null || echo "NO_WORKFLOWS"

Si no hay workflows → preguntar al usuario si quiere agregar CI básico.

Workflow

Phase 0: Knowledge Update

Before generating any workflow, fetch latest documentation:

1. Search for latest GitHub Actions docs via Context7 or WebSearch:
2. Current action versions (checkout, setup-node, setup-python, setup-go)
3. Latest Node.js LTS version

4. Recent best practices updates

5. Version Reference (verify these are current):
   | Action | Current Version |
   |--------|-----------------|
   | actions/checkout | v4 |
   | actions/setup-node | v4 |
   | actions/setup-python | v5 |
   | actions/setup-go | v5 |
   | actions/cache | v4 |
   | actions/upload-pages-artifact | v3 |
   | actions/deploy-pages | v4 |

6. Node.js LTS: Verify current LTS version (use WebSearch if unsure)

Phase 1: Stack Detection

Detect project type and tools:

# Detect project type
ls package.json 2>/dev/null && echo "NODE_PROJECT"
ls pyproject.toml requirements.txt 2>/dev/null && echo "PYTHON_PROJECT"
ls go.mod 2>/dev/null && echo "GO_PROJECT"

# For Node.js - detect package manager
ls pnpm-lock.yaml 2>/dev/null && echo "PNPM"
ls bun.lockb 2>/dev/null && echo "BUN"
ls package-lock.json 2>/dev/null && echo "NPM"

# Detect Node version
cat .nvmrc 2>/dev/null || cat package.json | grep -A2 '"engines"'

Phase 2: Script Analysis (Node.js)

Read package.json using Read tool and detect available scripts.

Look for the scripts section and identify which scripts exist.

Common scripts to check:
- lint → Include linting step
- typecheck → Include type checking
- test → Include testing
- build → Include build step
- test:coverage → Include coverage upload

Phase 3: Workflow Selection

Present options based on detected stack:

For Node.js:
- [ ] CI Básico (lint, typecheck, test, build)
- [ ] Deploy a GitHub Pages
- [ ] Release con Tags (v*)
- [ ] Security Scans
- [ ] Coverage Upload (Codecov)

For Python:
- [ ] CI Básico (ruff, pyright/mypy, pytest)
- [ ] Coverage Upload

For Go:
- [ ] CI Básico (go vet, golangci-lint, go test)
- [ ] Release binaries

Phase 4: Generate Workflows

Load templates from references/ and customize:

1. Replace placeholders:
2. {{NODE_VERSION}} → Detected or default (22.x)
3. {{PACKAGE_MANAGER}} → npm/pnpm/bun
4. {{INSTALL_COMMAND}} → npm ci / pnpm install --frozen-lockfile / bun install
5. {{BRANCH}} → main/master (auto-detect)

6. {{SCRIPTS}} → Based on available scripts

7. Always include:

8. Concurrency control
9. Caching for dependencies

10. fail-fast strategy

11. Create .github/workflows/ if needed:
    bash mkdir -p .github/workflows

Phase 5: Improve Existing Workflows

If workflows exist, analyze for anti-patterns:

cat .github/workflows/*.yml

Anti-patterns to detect:
| Anti-Pattern | Fix |
|--------------|-----|
| actions/*@v3 | Update to @v4 |
| setup-node without cache | Add cache: 'npm' |
| npm install | Use npm ci |
| No concurrency: | Add concurrency control |
| Matrix with single version | Remove unnecessary matrix |
| Missing fail-fast: true | Add explicit fail-fast |

See references/anti-patterns.md for full guide.

Phase 6: Verification

After generating:

1. Validate YAML (if actionlint available):
   bash which actionlint && actionlint .github/workflows/*.yml

2. Check required permissions:

3. GitHub Pages → pages: write, id-token: write
4. Releases → contents: write

5. PRs → pull-requests: write

6. Show summary:
   ```
   Workflows Created/Updated
   =========================

✓ .github/workflows/ci.yml
- Triggers: push (main), pull_request
- Jobs: lint, typecheck, test, build
- Node: 22.x with npm

Next Steps:
1. Review generated workflows
2. git add .github/workflows/
3. git commit -m "ci: add GitHub Actions workflow"
4. Push to trigger first run
```

Templates Reference

Templates are in references/ directory:

Best Practices Enforced

1. Always use latest action versions (@v4 for most)
2. Use npm ci over npm install for reproducible builds
3. Enable caching in setup-node/setup-python/setup-go
4. Add concurrency control to cancel outdated runs
5. Use fail-fast: true to cancel parallel jobs on failure
6. Specify permissions explicitly when needed
7. Use Node 22.x (current LTS)

Concurrency Control Template

Always include in workflows:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

This cancels outdated PR runs but never cancels main branch runs.

Package Manager Detection

Branch Detection

# Detect default branch
git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@'
# Or fallback
git branch -r | grep -E 'origin/(main|master)' | head -1 | sed 's@origin/@@'