>_
Marketplace

Unnamed Skill

GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow configuration, template structure errors.

$ 安裝

git clone https://github.com/secondsky/claude-skills /tmp/claude-skills && cp -r /tmp/claude-skills/plugins/github-project-automation/skills/github-project-automation ~/.claude/skills/claude-skills

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: github-project-automation description: GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow configuration, template structure errors.

Keywords: github actions, github workflow, ci/cd, issue templates, pull request templates, dependabot, codeql, security scanning, yaml syntax, github automation, repository setup, workflow templates, github actions matrix, secrets management, branch protection, codeowners, github projects, continuous integration, continuous deployment, workflow syntax error, action version pinning, runner version, github context, yaml indentation error license: MIT metadata: version: 2.0.0 last_verified: 2025-12-17 optimization_date: 2025-12-17 errors_prevented: 18 token_savings: ~75% complexity: 8/10

GitHub Project Automation

Status: Production Ready ✅ Last Updated: 2025-12-17 Version: 2.0.0 (Optimized with progressive disclosure) Dependencies: None (git and gh CLI recommended) Latest Versions: actions/checkout@v4.2.2, actions/setup-node@v4.1.0, github/codeql-action@v3.27.4

Quick Start (15 Minutes)

1. Choose Your Framework

Select the workflow template that matches your project:

# For React/Vite projects
cp templates/workflows/ci-react.yml .github/workflows/ci.yml

# For Node.js libraries (matrix testing)
cp templates/workflows/ci-node.yml .github/workflows/ci.yml

# For Python projects
cp templates/workflows/ci-python.yml .github/workflows/ci.yml

# For Cloudflare Workers
cp templates/workflows/ci-cloudflare-workers.yml .github/workflows/deploy.yml

# For basic projects (any framework)
cp templates/workflows/ci-basic.yml .github/workflows/ci.yml

Why this matters:

  • Pre-validated YAML prevents syntax errors
  • SHA-pinned actions for security
  • Explicit runner versions (ubuntu-24.04)
  • All 8 GitHub Actions errors prevented

2. Add Issue Templates

# Create directory structure
mkdir -p .github/ISSUE_TEMPLATE

# Copy YAML templates (with validation)
cp templates/issue-templates/bug_report.yml .github/ISSUE_TEMPLATE/
cp templates/issue-templates/feature_request.yml .github/ISSUE_TEMPLATE/

Why YAML over Markdown:

  • Required field validation (Error #12 prevented)
  • Consistent data structure
  • Better user experience
  • No incomplete issues

3. Enable Security Scanning

# CodeQL for code analysis
cp templates/workflows/security-codeql.yml .github/workflows/codeql.yml

# Dependabot for dependency updates
cp templates/security/dependabot.yml .github/dependabot.yml

CRITICAL:

  • CodeQL requires specific permissions (security-events: write)
  • Dependabot has 10 PR limit per ecosystem
  • Both must run on Dependabot PRs (Error #13 prevention)

The 5-Step Complete Setup Process

Step 1: Repository Structure

Create the standard GitHub automation directory structure:

# Create all required directories
mkdir -p .github/{workflows,ISSUE_TEMPLATE}

# Verify structure
tree .github/
# .github/
# ├── workflows/        # GitHub Actions workflows
# ├── ISSUE_TEMPLATE/   # Issue templates
# └── dependabot.yml    # Dependabot config (root of .github/)

Key Points:

  • workflows/ is plural
  • ISSUE_TEMPLATE/ is singular (legacy naming)
  • dependabot.yml goes in .github/, NOT workflows/

Step 2: Select Workflow Templates

Choose workflows based on your project needs:

Continuous Integration (pick ONE):

  1. ci-basic.yml - Generic test/lint/build (all frameworks)
  2. ci-node.yml - Node.js with matrix testing (18, 20, 22)
  3. ci-python.yml - Python with matrix testing (3.10, 3.11, 3.12)
  4. ci-react.yml - React/TypeScript with type checking

Deployment (optional): 5. ci-cloudflare-workers.yml - Deploy to Cloudflare Workers

Security (recommended): 6. security-codeql.yml - Code scanning 7. dependabot.yml - Dependency updates

Copy selected templates:

# Example: React app with security
cp templates/workflows/ci-react.yml .github/workflows/ci.yml
cp templates/workflows/security-codeql.yml .github/workflows/codeql.yml
cp templates/security/dependabot.yml .github/dependabot.yml

Step 3: Configure Secrets (if deploying)

For deployment workflows (Cloudflare, AWS, etc.), add secrets:

# Using gh CLI
gh secret set CLOUDFLARE_API_TOKEN
# Paste your token when prompted

# Verify
gh secret list

Critical Syntax:

# ✅ CORRECT
env:
  API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

# ❌ WRONG - Missing double braces
env:
  API_TOKEN: $secrets.CLOUDFLARE_API_TOKEN

Prevents Error #6 (secrets syntax).

Step 4: Add Issue/PR Templates

Issue templates (YAML format):

cp templates/issue-templates/bug_report.yml .github/ISSUE_TEMPLATE/
cp templates/issue-templates/feature_request.yml .github/ISSUE_TEMPLATE/

PR template (Markdown format):

cp templates/pr-templates/PULL_REQUEST_TEMPLATE.md .github/

Why separate formats:

  • Issue templates: YAML for validation
  • PR template: Markdown (GitHub limitation)

Step 5: Customize for Your Project

Required customizations:

  1. Update usernames/emails:

    # In issue templates
assignees:
  - secondsky  # ← Change to your GitHub username

# In dependabot.yml
reviewers:
  - "secondsky"  # ← Change to your username

  2. Adjust languages (CodeQL):

    # In security-codeql.yml
matrix:
  language: ['javascript-typescript']  # ← Add your languages
  # Options: c-cpp, csharp, go, java-kotlin, python, ruby, swift

  3. Update package manager (Dependabot):

    # In dependabot.yml
- package-ecosystem: "npm"  # ← Change if using yarn/pnpm/pip/etc

  4. Set deployment URL (Cloudflare):

    # In ci-cloudflare-workers.yml
echo "Worker URL: https://your-worker.your-subdomain.workers.dev"
# ← Update with your actual Worker URL

Critical Rules

Always Do

Pin actions to SHA, not @latest

# ✅ CORRECT
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2

# ❌ WRONG
- uses: actions/checkout@latest

Use explicit runner versions

# ✅ CORRECT
runs-on: ubuntu-24.04  # Locked to specific LTS

# ❌ RISKY
runs-on: ubuntu-latest  # Changes over time

Include secrets in context syntax

# ✅ CORRECT
${{ secrets.API_TOKEN }}

# ❌ WRONG
$secrets.API_TOKEN

Validate YAML before committing

# Use yamllint or GitHub's workflow validator
yamllint .github/workflows/*.yml

Test workflows on feature branch first

git checkout -b test/github-actions
# Push and verify CI runs before merging to main

Never Do

Don't use @latest for action versions

  • Breaks without warning when actions update
  • Security risk (unvetted versions auto-adopted)

Don't hardcode secrets in workflows

# ❌ NEVER DO THIS
env:
  API_TOKEN: "sk_live_abc123..."  # Secret exposed in repo!

Don't skip build steps for compiled languages (CodeQL)

# ❌ WRONG - CodeQL fails for Java without build
- name: Perform CodeQL Analysis  # No .class files to analyze

# ✅ CORRECT - Include build
- name: Build project
  run: ./mvnw clean install
- name: Perform CodeQL Analysis  # Now has .class files

Don't ignore devDependencies in Dependabot

  • DevDependencies run during build, can execute malicious code
  • Include both prod and dev dependencies

Don't use single ISSUE_TEMPLATE.md file

# ❌ OLD WAY
.github/ISSUE_TEMPLATE.md

# ✅ NEW WAY
.github/ISSUE_TEMPLATE/
  bug_report.yml
  feature_request.yml

Known Issues Prevention (Top 5)

This skill prevents 18 documented issues. Here are the top 5 most critical:

Issue #1: YAML Indentation Errors ⚠️ MOST COMMON

Error: workflow file is invalid. mapping values are not allowed in this context Source: Stack Overflow (most common GitHub Actions error) Why It Happens: Spaces vs tabs, missing spaces after colons, inconsistent indentation Prevention: Use skill templates with validated 2-space indentation Impact: Workflow fails to parse, CI doesn't run

Issue #2: Action Version Pinning Issues 🔒 SECURITY

Error: Workflow breaks unexpectedly after action updates Source: GitHub Security Best Practices 2025 Why It Happens: Using @latest or @v4 instead of specific SHA Prevention: All templates pin to SHA with version comment Impact: Unexpected breaking changes, security vulnerabilities

Issue #3: Secrets Not Available 🔑

Error: Secret not found or empty variable Source: GitHub Actions Debugging Guides Why It Happens: Wrong syntax ($secrets.NAME instead of ${{ secrets.NAME }}) Prevention: Templates demonstrate correct context syntax Impact: Deployment failures, broken CI/CD pipelines

Issue #4: CodeQL Not Running on Dependabot PRs 🛡️

Error: Security scans skipped on dependency updates Source: GitHub Community Discussion #121836 Why It Happens: Default trigger limitations Prevention: Templates include push: branches: [dependabot/**] Impact: Vulnerable dependencies merged without scanning

Issue #5: Missing Required Fields in Issue Templates 📋

Error: Incomplete issues, missing critical info Source: Community Feedback Why It Happens: Markdown templates don't validate Prevention: YAML templates with required: true validation Impact: Can't reproduce bugs, wasted triage time

For complete error documentation with all 18 issues: Load references/common-errors.md when debugging GitHub Actions issues or configuring workflows.

When to Load References

Load reference files when working on specific aspects of GitHub automation:

Common Errors (references/common-errors.md)

Load when:

  • Encountering workflow syntax errors
  • Debugging failed GitHub Actions runs
  • Setting up CodeQL or Dependabot for first time
  • Resolving "Secret not found" errors
  • Understanding why matrix builds fail
  • Need detailed solutions for any of the 18 documented errors

Workflow Patterns (references/workflow-patterns.md)

Load when:

  • Implementing multi-version testing (Node.js 18/20/22)
  • Setting up conditional deployments (main vs PR)
  • Sharing build artifacts between jobs
  • Integrating GitHub automation with other skills (cloudflare-worker-base, project-planning)
  • Optimizing workflow performance
  • Need examples of matrix strategies, artifact upload/download

Configuration Examples (references/configuration-examples.md)

Load when:

  • Creating dependabot.yml from scratch
  • Configuring CodeQL for specific languages
  • Setting up GitHub Actions secrets correctly
  • Need complete working configuration files
  • Understanding branch protection rules
  • Creating issue/PR templates with proper validation

Troubleshooting Guide (references/troubleshooting-guide.md)

Load when:

  • Workflows not triggering despite pushing code
  • CodeQL reports "No code found to analyze"
  • Matrix builds all failing with same error
  • Dependabot PRs consistently failing CI
  • Permissions errors ("Resource not accessible by integration")
  • Need step-by-step debugging procedures

Advanced Configurations (references/advanced-configurations.md)

Load when:

  • Setting up multi-environment deployments (staging/production)
  • Creating reusable workflows or composite actions
  • Optimizing CI/CD pipeline performance
  • Implementing advanced matrix strategies
  • Using OIDC for cloud authentication (no long-lived secrets)
  • Need workflow optimization techniques

Integration with Existing Skills

cloudflare-worker-base → Add CI/CD

When user creates new Worker project:

# User: "Create Cloudflare Worker with CI/CD"

# This skill runs AFTER cloudflare-worker-base
cp templates/workflows/ci-cloudflare-workers.yml .github/workflows/deploy.yml

# Configure secrets
gh secret set CLOUDFLARE_API_TOKEN

Result: New Worker with automated deployment on push to main

project-planning → Generate Automation

When user uses project-planning skill:

# User: "Plan new React app with GitHub automation"

# project-planning generates IMPLEMENTATION_PHASES.md
# Then this skill sets up GitHub automation
cp templates/workflows/ci-react.yml .github/workflows/ci.yml
cp templates/issue-templates/*.yml .github/ISSUE_TEMPLATE/

Result: Planned project with complete GitHub automation

open-source-contributions → Setup Contributor Experience

When preparing project for open source:

# User: "Prepare repo for open source contributions"

# open-source-contributions skill handles CONTRIBUTING.md
# This skill adds issue templates and CODEOWNERS
cp templates/issue-templates/*.yml .github/ISSUE_TEMPLATE/
cp templates/misc/CODEOWNERS .github/

Result: Contributor-friendly repository

Dependencies

Required:

  • Git 2.0+ - Version control
  • GitHub CLI (gh) 2.0+ - Secret management, PR creation (optional but recommended)

Optional:

  • yamllint 1.20+ - YAML validation before commit
  • act (local GitHub Actions runner) - Test workflows locally

Install gh CLI:

# macOS
brew install gh

# Ubuntu
sudo apt install gh

# Verify
gh --version

Official Documentation

Context7 Library ID: Search for /websites/github or /github/ in Context7 MCP

Complete Setup Checklist

Use this checklist to verify your GitHub automation setup:

Workflows:

  • Created .github/workflows/ directory
  • Copied appropriate CI workflow template
  • Updated usernames in workflow files
  • Configured secrets (if deploying)
  • SHA-pinned all actions (not @latest)
  • Explicit runner version (ubuntu-24.04)
  • Workflow triggers match branches (main/master)

Issue Templates:

  • Created .github/ISSUE_TEMPLATE/ directory
  • Copied bug_report.yml
  • Copied feature_request.yml
  • Updated assignees to your GitHub username
  • YAML templates use required: true for critical fields

PR Template:

  • Copied PULL_REQUEST_TEMPLATE.md to .github/
  • Customized checklist for your project needs

Security:

  • Copied security-codeql.yml
  • Added correct languages to CodeQL matrix
  • Set security-events: write permission
  • Copied dependabot.yml
  • Updated package-ecosystem (npm/pip/etc.)
  • Set reviewers in dependabot.yml

Testing:

  • Pushed to feature branch first (not main)
  • Verified CI runs successfully
  • Checked Actions tab for any errors
  • Validated YAML syntax locally
  • Tested secret access (if applicable)

Documentation:

  • Added badge to README.md (optional)
  • Documented required secrets in README
  • Updated CONTRIBUTING.md (if open source)

Questions? Issues?

  1. Check references/common-errors.md for all 18 errors
  2. Verify workflow YAML is valid: yamllint .github/workflows/*.yml
  3. Check GitHub Actions tab for detailed error messages
  4. Review official docs: https://docs.github.com/en/actions
  5. Ensure secrets are configured: gh secret list

Last Updated: 2025-12-17 Version: 2.0.0 (Optimized with progressive disclosure) Status: Production Ready

Repository

secondsky
secondsky
Author
secondsky/claude-skills/plugins/github-project-automation/skills/github-project-automation
9
Stars
0
Forks
Updated4d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k