Tushar Chaudhari’s Post

GitHub Actions - The Only Cheatsheet You Need I have been writing GitHub Actions workflows for years. And I still Google the same things every time. What was that expression syntax again? How do I cancel stale runs? Which action do I use for caching? So I put everything in one place. WHAT IS INSIDE 🔔 TRIGGERS — push, pull_request, schedule, workflow_dispatch, workflow_call, repository_dispatch and filters for branches, paths, tags and event types 📦 CONTEXT — every github.* and runner.* variable you actually use, plus steps, needs and job outputs ⚙️ JOBS & STEPS — needs, if conditions, timeout, environment gates, shell overrides, working directory 🔢 MATRIX BUILDS — parallel OS and version runs, include, exclude, fail-fast 🔐 SECRETS & VARIABLES — secrets vs vars, GITHUB_TOKEN, scope levels, passing secrets into reusable workflows ⚡ KEY ACTIONS — checkout, setup-node, cache, upload-artifact, docker build-push, AWS/Azure/GCP OIDC auth 🧮 EXPRESSIONS — contains, startsWith, toJSON, hashFiles, success(), failure(), always() 📤 OUTPUTS & ANNOTATIONS — GITHUB_OUTPUT, GITHUB_ENV, GITHUB_STEP_SUMMARY, masking, notice/warning/error 💻 GH CLI — run, rerun, watch, secrets, cache, all from terminal ONE THING MOST PEOPLE GET WRONG Pinning actions by tag is a supply chain risk. # risky  - uses: some-action@v1 # safe  - uses: some-action@a1b2c3d4 # full SHA A tag can be moved. A commit SHA cannot. Save this. Bookmark it. Send it to the person on your team who keeps asking you how to set up caching. Drop a comment if there is something missing and I will add it. #GitHubActions #DevOps #CICD #GitHub #DevSecOps #CloudNative #SoftwareEngineering #Automation #PlatformEngineering #100DaysOfCode

Today I learned Basic Workflow Trigger: GitHub Actions Most CI/CD tools feel like you need a PhD to configure them. GitHub Actions is different. It lives right inside your repo, and the setup is just a YAML file. That's it. Here's the theory behind it: GitHub Actions is an automation platform built into GitHub. Every time something happens in your repo — a push, a pull request, a merge — it can trigger a workflow. A workflow is a sequence of jobs that run on virtual machines called runners. The mental model: event → trigger → jobs → steps → actions. The simplest real trigger looks like this: on: push: branches: [ main ] pull_request: branches: [ main ] This tells GitHub: "Run my workflow whenever someone pushes to main OR opens a pull request targeting main." From there you define jobs — install dependencies, run tests, deploy. All automated. All logged. All free for public repos. Why it matters: → No more "it works on my machine" → PRs get automatically tested before merging → Your team gets instant feedback on every change → You build the habit of shipping with confidence I went from zero to a working CI pipeline in under an hour. If you haven't tried it yet — today is a good day to start. What was your first GitHub Actions workflow? Drop it below #GitHubActions #DevOps #CICD #LearnInPublic #100DaysOfCode #Automation #SoftwareEngineering #GitHub #OpenSource #WebDevelopment

🚀 Automate Code Sync Across Repositories with GitHub Actions! Ever needed to push your code to another repository automatically? Whether it's for maintaining a mirror repo, deployment, or syncing across teams — GitHub Actions makes it seamless! 💡 Here’s a quick overview of how you can achieve this: 🔹 Step 1: Create a Personal Access Token (PAT) Generate a token with repo access from your GitHub account. 🔹 Step 2: Add Token as Secret Go to your source repository → Settings → Secrets → Add your PAT (e.g., TARGET_REPO_TOKEN). 🔹 Step 3: Configure GitHub Action Workflow name: Sync to Another Repo on: push: branches: - main <branch name> jobs: sync: runs-on: ubuntu-latest steps: - name: Checkout Source Repo uses: actions/checkout@v3 - name: Push to Target Repo run: | git config --global user.name "GitHub Actions" git config --global user.email "actions@github.com" git clone https://<TOKEN>@https://lnkd.in/djBb7BHB rsync -av --delete ./ target-repo/ cd target-repo git add . git commit -m "Sync from source repo" git push origin main ⚡ Use Cases: Maintain backup repositories Sync code between private & public repos Automate deployments #GitHubActions #DevOps #Automation #CI_CD #SoftwareDevelopment

The pipeline was green. Deployment said successful. Production was running the wrong code for 3 hours. No alerts. No red dashboards. Nothing. I've been burned by silent CI/CD failures more times than I'd like to admit. The dangerous ones aren't the crashes — they're the failures that look like success. Here are the 3 that hurt the most: 1. Docker cached the wrong image Build finished in 12 seconds. Felt fast. Turned out Docker served a previously cached layer. Yesterday's code went to production. The build log looked completely normal. 2. Tests reported zero failures — because they never ran The test framework found no matching files, ran zero tests, exited with code 0. Green badge. A real bug reached production that the tests should have caught. 3. Deployment succeeded. Old code still running. Kubernetes rollout reported complete. New image never actually pulled — node had the old one cached with imagePullPolicy: IfNotPresent. "Deployment succeeded" and "new code is live" are not the same thing. The root cause in every case was the same: The pipeline verified that steps executed — not that outcomes were correct. The fixes aren't complex: → Embed Git SHA in every image. Verify it post-deploy → Fail the pipeline if zero tests ran → Never use :latest in Kubernetes. Always deploy with image SHA I wrote the full breakdown with code examples for GitHub Actions, Jenkins, and Kubernetes on Dev.to. Link in the comments 👇 Have you hit a silent pipeline failure? Drop it below — genuinely curious what broke. #DevOps #CICD #Docker #Kubernetes #Jenkins #SRE #PlatformEngineering #Cloud

Why I choose Docker Hub for the deployment instead of GitHub 🚀   When it's time to ship code, every developer faces a choice. Do I pull the source code from GitHub? Do I deploy a Docker Image from Docker Hub? For my project, I chose the Docker workflow. Here's why I rely on Docker Desktop and Docker Hub.   The Technical Difference   * GitHub is for storing source code. It has the instructions for your app.   * Docker Hub is for storing container images. It has the environment, like the operating system, libraries, and code, ready to run.   The Breakdown: Docker vs. GitHub for Deployment   Why I Use Docker & Docker Hub:   * I like consistency. By using Docker Desktop to build my image, I know it has every specific library version my app needs.   * This eliminates the problem of "it works on my machine". The image that runs on my laptop is the same one that runs on the server.   However, there is a limitation. Images are larger than code files. So the initial push to Docker Hub takes a bit of bandwidth.   Why I Don't Use GitHub for the Final Deploy:   * GitHub is great for collaboration and version control. It's where my code lives and grows.   *. Deploying straight from GitHub means the server has to build the app. This includes installing dependencies. If a single external library update fails during that build, the whole deployment crashes.   My Deployment Strategy   I use Docker Desktop as my engine. I package everything into a "frozen" container. Pushing this to Docker Hub ensures that:   * Deployment is instant. The server just. Runs. No installing, no compiling.   * Rollbacks are easy. If something goes wrong, I pull an image tag from Docker Hub.   * My infrastructure stays clean. I don't need to install Python, Node, or Java on my server. Just Docker.   I use GitHub to manage my code. I use Docker to manage my runtime. It's the difference between sending someone a recipe and sending them the meal.   Are you Team Docker or Team GitHub?   #Docker #DockerDesktop #DevOps #SoftwareEngineering #DataScience #GitHub #Containerization #TechTalk

🚀 What is GitHub Actions & Why Should Developers Use It? Most developers push code to GitHub… But the real power lies in automating everything ⚡ ⚙️ What is GitHub Actions? It’s a built-in CI/CD tool that helps you automate your workflows directly inside your repository 👉 No need for external tools like Jenkins for basic setups 🧠 How it works (Simple): 1️⃣ You push code 2️⃣ Workflow triggers automatically 3️⃣ It builds your project 4️⃣ Runs tests 5️⃣ Deploys your app 🚀 📦 Real Example: Every time you push to main: Code builds automatically Tests run App gets deployed to server 👉 No manual effort 😎 🔥 Why should you use it? 🚀 Automation No more manual build & deploy ⏱️ Saves Time Everything runs in seconds 🐞 Early Bug Detection Tests run on every commit 📈 Industry Standard CI/CD is a must-have skill 🔗 Seamless Integration Works perfectly with GitHub repos ⚡ Bonus: You can also: Run jobs on PRs Schedule tasks Deploy specific services (Monorepo setup) 💡 Simple thought: “If your deployment is manual… you’re doing extra work.” Are you using GitHub Actions or still doing manual deployments? 🤔 #GitHub #DevOps #CICD #SoftwareEngineering #Automation

Developer: “Code works on my machine.” Production: “Cool… now watch this 💥” Somewhere between writing code and merging into GitHub, bugs sneak in, security issues hide, and code quality quietly takes a vacation. Manual reviews try their best… but let’s be honest — nobody spots everything (especially before coffee ☕). 🚀 Why Integrating SonarQube with GitHub Matters In today’s fast-paced development world, writing code is just the beginning — maintaining clean, secure, and reliable code is what truly makes a difference. 🔍 So, why integrate SonarQube with GitHub? When SonarQube is connected to your GitHub repositories, it automatically analyzes your code with every pull request or commit. This means issues are caught before they reach production. 💡 Problems it solves: ✅ Code Quality Issues Detects bugs, code smells, and duplication early in the development cycle. 🔐 Security Vulnerabilities Identifies potential security risks and helps developers fix them proactively. 📉 Technical Debt Highlights maintainability issues so teams can avoid long-term complications. 🔁 Manual Code Review Overload Reduces dependency on manual reviews by providing automated insights. 🚦 Quality Gates Ensures only code that meets defined standards gets merged. ⚡ Why it’s important: Promotes a shift-left approach (fix issues early) Improves developer productivity Builds confidence in deployments Encourages a culture of clean coding 👉 In short, integrating SonarQube with GitHub turns code review into a continuous, automated, and intelligent process. #CodeQuality #SonarQube #GitHub #DevOps #CleanCode #SoftwareDevelopment

Talked to a Director of Platform Engineering at an enterprise logistics company last week. Their GitHub Actions bill was $34K/month. I asked what percentage was test execution. He didn't know. So we looked. 72% of their CI minutes were test runs. Not builds. Not linting. Not deploys. Tests. Running on GitHub-hosted runners at $0.008/minute against infrastructure that looked nothing like production. Here's the rule of thumb I keep seeing validated: If your test step takes longer than your build step, your CI tool is doing someone else's job. GitHub Actions is excellent at orchestrating builds and deployments. But it was never designed to run 2,000 integration tests across 6 microservices with real database connections, service mesh routing, and network policies. At Testkube, this is the pattern we see constantly: teams spending 60-70% of their CI budget on test execution that belongs inside the cluster, not in ephemeral runners. That Director's team moved test execution into Kubernetes. Same tests, same assertions. CI minutes dropped 68%. Tests actually hit real infrastructure. Failures meant something. Stop using your CI as a test lab. It wasn't built for it. #Kubernetes #GitHubActions #DevOps #PlatformEngineering #CICD

Most Go developers are using GitHub Actions wrong — and it’s costing them speed, reliability, and clarity. I wrote this to break that pattern. The problem isn’t YAML. It’s the way we think about CI/CD. In this article, I walk through: – Why most pipelines become messy and fragile – The mindset shift from “scripts in YAML” → “clean orchestration” – How to structure Go workflows for speed, simplicity, and production reliability – What senior engineers do differently when designing CI Good CI isn’t about making builds pass. It’s about making systems trustworthy. If your pipeline feels slow, confusing, or brittle — this is for you. Read here: https://lnkd.in/dtYNh43T #golang #githubactions #devops #backend #softwareengineering #cicd

devpath-idp update — Phase 6. For those following along: I've been building an internal developer platform from the ground up and sharing the progress here. Phase 5 was software templates. Phase 6 is where things got interesting. One of the trickier debugging lessons I've had so far: A workflow completing successfully doesn't mean it actually did what you think it did. Here's what happened. Phase 6 is about the Backstage scaffolder — the part where a developer fills out a form and it automatically creates a GitHub repo, sets up the structure, and registers the service in the catalog. Self-service provisioning. That's the goal. I ran the template. The scaffolder showed steps completing. No obvious errors in the UI. It looked like it worked. Then I checked GitHub. The repo was empty. Something in the workflow had failed silently. The scaffolder didn't crash — it just didn't finish what it started. The GitHub push step timed out somewhere in the middle, and the UI wasn't loud about it. What made this tricky was the noise around it. When I restarted the backend during earlier sessions, the browser was throwing auth errors and stale token warnings. Those looked serious. They weren't — they were just the browser catching up after a restart. The real failure was quieter and further downstream. That's the thing about debugging distributed workflows: the loudest errors are often not the important ones. The important one here was silent — a repo that existed but had nothing in it. I'm still working through the fix. But the shift in understanding matters: I stopped asking "why is there an error?" and started asking "did this actually complete end to end?" Those are very different questions. And in platform engineering, the second one is usually the right one to ask first. Progress so far: ✅ Phase 1 — Base platform setup ✅ Phase 2 — GitOps foundation ✅ Phase 3 — Backstage portal setup ✅ Phase 4 — Catalog basics ✅ Phase 5 — Software templates 🔧 Phase 6 — Self-service provisioning (in progress) More on this when it's resolved. 🔧 #Backstage #PlatformEngineering #DevOps #InternalDeveloperPlatform #GitHub #Debugging #CloudEngineering #devpath