Skip to main content

Workflow Syntax

run: steps

Shell scripts executed via bash (or configured shell)

uses: actions

GitHub actions, local actions, composite actions, Node.js actions

Job dependencies

needs: with DAG resolution and concurrent execution

Matrix strategy

Cartesian product expansion with include/exclude

Expression engine

Full expression evaluation with contexts, operators, and functions

Environment variables

env: at workflow, job, and step levels + $GITHUB_ENV

Step outputs

$GITHUB_OUTPUT with multiline delimiter support

Job outputs

jobs.*.outputs evaluated from step outputs

Conditions

Full expression evaluation in if: with status functions

Timeouts

timeout-minutes at job and step level

continue-on-error

Step failures don’t fail the job

GitHub context

github.sha, github.ref, github.repository, github.actor, etc.

Secrets

secrets.* context populated from server environment variables

Concurrency

concurrency: groups with cancel-in-progress support

Permissions

permissions: field parsed at workflow and job level

Container

container: runs job steps inside a Docker container

Services

services: starts sidecar containers alongside the job

Artifacts

actions/upload-artifact and actions/download-artifact built-in shims

Reusable workflows

workflow_call with inputs and secret inheritance

Branch filters

on: push: branches: and branches-ignore: filters

$GITHUB_PATH

PATH modifications persist across steps (including in VMs)

Expression Functions

Expression Contexts

Action Support

CI Server Features

Secrets

Secrets are loaded from environment variables on the server. Any env var prefixed with SECRET_ is exposed in the secrets.* context with the prefix stripped. For example:
These become available in workflows as ${{ secrets.SSH_PRIVATE_KEY }} and ${{ secrets.STRIPE_KEY }}.

Container Support

Jobs can specify a Docker container image. All run: steps execute inside the container with the workspace mounted:
Service containers run alongside the job and are accessible via localhost:
Container and service support requires Docker to be installed in the VM rootfs.

Concurrency

Prevent concurrent runs of the same workflow:
When a new run starts for the same group, the previous run is cancelled.