Skip to content
Actually Useful Lists
10 Actually Useful GitHub Actions Workflows (2026)

10 Actually Useful GitHub Actions Workflows (2026)

DodaTech Updated Jun 20, 2026 4 min read

Generic GitHub Actions tutorials show you how to run npm test on push. This list covers the workflow patterns that real projects need: matrix builds across Node versions, semantic releases, Docker builds with caching, automated labeling, and stale issue management. Each workflow is production-ready — copy, adjust the trigger paths, and deploy.

CI & Build

CI with Matrix Build — Tests across multiple Node versions and operating systems in parallel.

name: CI
on: [push, pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node: [18, 20, 22]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}
          cache: 'npm'
      - run: npm ci
      - run: npm test

Auto-deploy to GitHub Pages — Builds and deploys a static site to GitHub Pages on pushes to main.

name: Deploy to Pages
on:
  push:
    branches: [main]
  workflow_dispatch:
permissions:
  contents: read
  pages: write
  id-token: write
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 22, cache: 'npm' }
      - run: npm ci && npm run build
      - uses: actions/configure-pages@v4
      - uses: actions/upload-pages-artifact@v3
        with: { path: './dist' }
      - uses: actions/deploy-pages@v4

Publish npm Package — Publishes to npm when a release is created, with provenance for supply chain security.

name: Publish to npm
on:
  release:
    types: [published]
jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 22, registry-url: 'https://registry.npmjs.org' }
      - run: npm ci
      - run: npm publish --provenance --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Automation & Management

Auto-label PRs — Applies labels based on file paths changed, branch names, or PR title patterns.

name: Auto-label PRs
on: pull_request_target
jobs:
  label:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: actions/labeler@v5
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}

Add a .github/labeler.yml config:

'frontend': ['src/client/**/*']
'backend': ['src/server/**/*']
'documentation': ['docs/**/*', '*.md']
'dependencies': ['package.json', 'yarn.lock']

Stale Issue/PR Management — Closes inactive issues and PRs after a period of no activity.

name: Stale management
on:
  schedule:
    - cron: '30 1 * * *'
jobs:
  stale:
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - uses: actions/stale@v9
        with:
          stale-issue-message: 'This issue is stale. Remove label or comment to keep it open.'
          stale-pr-message: 'This PR is stale. Update or comment to keep it active.'
          days-before-stale: 60
          days-before-close: 14

Dependency Updates with Dependabot — Automated pull requests for outdated dependencies.

version: 2
updates:
  - package-ecosystem: 'npm'
    directory: '/'
    schedule: { interval: 'weekly' }
    open-pull-requests-limit: 10
    labels: ['dependencies']
    versioning-strategy: increase
  - package-ecosystem: 'github-actions'
    directory: '/'
    schedule: { interval: 'monthly' }

Save as .github/dependabot.yml, not a workflow file.

Code Coverage Reporting — Uploads coverage data to a reporting service after tests pass.

name: Coverage
on: [push]
jobs:
  coverage:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 22, cache: 'npm' }
      - run: npm ci
      - run: npm run test:coverage
      - uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          fail_ci_if_error: true

Releases & Docker

Automated Releases with semantic-release — Determines the next version, generates changelog, and publishes based on commit messages.

name: Release
on:
  push:
    branches: [main]
permissions:
  contents: write
  issues: write
  pull-requests: write
jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }
      - uses: actions/setup-node@v4
        with: { node-version: 22, cache: 'npm' }
      - run: npm ci
      - run: npx semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

Docker Build and Push — Builds a Docker image with layer caching and pushes to a registry.

name: Docker
on:
  push:
    branches: [main]
    tags: ['v*']
jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

Auto-assign Reviewers — Automatically assigns PR reviewers based on a YAML config.

name: Auto-assign reviewers
on: pull_request_target
jobs:
  assign:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: kentaro-m/auto-assign-action@v1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          configuration-path: '.github/auto-assign.yml'

Config in .github/auto-assign.yml:

addAssignees: author
reviewers:
  - team-frontend
  - team-backend
numberOfReviewers: 2
Which workflow saves the most time?
Dependabot + Auto-label PRs. Together they eliminate two of the most tedious maintenance tasks: checking for dependency updates and manually categorizing PRs. Dependabot runs on a schedule, auto-label runs on PR open — zero human effort once configured.
Do I need a separate CI service?
GitHub Actions handles CI, CD, and automation in one place. For most projects (up to 2000 minutes/month free), you don’t need Jenkins, CircleCI, or GitLab CI. The matrix build pattern above tests 18 Node versions in parallel — that alone replaces most CI setups.
How do I secure GitHub Actions workflows?
Pin action versions to commit SHAs (not tags) for supply chain security. Use actions/checkout@v4d6cd2f4... (specific SHA). Limit permissions per job. Never store secrets in workflow files — use GitHub Secrets. Add security-events: write for Dependabot alerts and CodeQL scanning.
Previous 10 Actually Useful Python One-Liners (2026)

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Actually Useful Lists