GitHub Actions Practice Exam 2025: Latest Questions

You want a workflow to run only when a pull request targets the repository's default branch. Which trigger configuration is most appropriate?

A team wants to reuse the same build-and-test logic across 20 repositories with minimal duplication. Which approach is recommended in GitHub Actions?

A workflow run was manually re-run from the Actions UI. Which statement best describes what happens during a re-run?

You need to ensure a deployment workflow is not executed for pull requests from forks because it uses sensitive credentials. What is the best practice approach?

A repository uses a matrix build (os: ubuntu, windows; node: 18, 20). Deployments must run only once after all matrix jobs succeed. Which design should you choose?

A reusable workflow expects an input named environment and a required secret named AZURE_CREDENTIALS. A caller workflow fails validation before it starts. Which issue most likely causes this?

Your workflow is triggered by both push and workflow_dispatch. A step should run only for manual runs and must know who started it. Which context is most appropriate to use?

A long-running deployment workflow is frequently queued multiple times for the same branch, causing out-of-order deployments. What is the best way to ensure only the latest run per branch proceeds and older queued/running runs are canceled?

You maintain an internal composite action used by many repositories. You need to ensure all consumers run it with the least risk of supply-chain tampering while still allowing controlled updates. What is the recommended approach?

A workflow uses OIDC to authenticate to Azure without storing long-lived credentials. The job fails with an error indicating no ID token could be requested. Which configuration is required to enable OIDC token issuance in that job?

You want a workflow to run only when a pull request is opened against the main branch and includes changes under the infra/ directory. What is the recommended way to do this?

A reusable workflow is referenced by multiple repositories. One consumer repo fails with: "workflow was not found" even though the file exists in the source repository. Which is the most likely cause?

You are reviewing a workflow run and need to quickly identify why a job did not start. The job shows a status of "skipped". Which is the most common reason for this status?

A workflow uses a matrix strategy to test on multiple operating systems. You need to stop running the remaining matrix jobs as soon as one job fails to save minutes. What should you configure?

You want to store a build artifact from one job and download it in a later job within the same workflow run. Which approach is recommended?

A workflow is failing when a called reusable workflow tries to access a secret. The caller repository has the secret defined. What must be done to make the secret available to the reusable workflow?

You want only one deployment workflow run per environment to execute at a time. If a newer run starts, it should cancel any in-progress run for the same environment. What should you use?

Your workflow frequently re-installs dependencies and rebuilds on each run, slowing CI. You want to speed up runs by reusing dependency files across runs when the lockfile hasn’t changed. What is the best solution?

A workflow deploys to Azure using an OIDC-based login action. Security requires that the federated credentials only allow deployments from the main branch of a specific repository and only from the deployment workflow. Which configuration best meets this requirement?

A repository uses self-hosted runners in a private network. Workflow jobs are stuck in "Queued" with a message indicating no matching runners. The workflow specifies runs-on: [self-hosted, linux, x64, gpu]. What is the most likely fix?

A repository uses GitHub Actions with environments named Dev, Test, and Prod. The team wants deployments to Prod to require a manual approval and to only allow deployments from the default branch. Where should this be configured?

A workflow uploads build artifacts in one job and uses them in a later job. After a recent change, the later job intermittently fails with "artifact not found". The workflow defines both jobs but does not specify any relationship between them. What is the MOST likely fix?

Your organization maintains a reusable workflow in a central repository. Multiple application repositories must call it. The security team requires that callers pin to an immutable reference to prevent unexpected changes. How should callers reference the reusable workflow?

A workflow is triggered by pull_request. It uses a repository secret to deploy preview infrastructure. Security reports indicate that a malicious fork could exfiltrate secrets during the workflow run. Which change BEST mitigates this risk while still allowing validation on pull requests from forks?

Your repository has a workflow that builds and publishes a container image. It is manually triggered with workflow_dispatch and accepts an input named environment with values dev, test, and prod. The workflow currently uses three separate jobs with duplicated steps and only changes the target registry per environment. What is the BEST way to reduce duplication while keeping environment-specific configuration?