50 GitHub Actions Practice Questions: Question Bank 2025

You want a GitHub Actions workflow to run automatically when a pull request is opened against the main branch. Which event trigger should you use?

A workflow needs access to a repository secret named AZURE_CREDENTIALS. What is the recommended way for a step to use it?

A job should run only for workflows triggered from the main branch. Which approach is most appropriate?

You maintain a reusable workflow in one repository and want other repositories in the same organization to call it. Which GitHub Actions feature supports this pattern?

Your workflow uses a third-party action referenced as `uses: vendor/action@main`. Your security team wants to reduce supply-chain risk while keeping builds reproducible. What should you change?

Your pipeline has a build job and a test job. The test job needs the compiled binaries produced by the build job, but jobs run on different runners. What is the recommended solution?

A workflow frequently re-downloads dependencies, making it slow. You want to speed it up by reusing previously downloaded packages between runs. Which feature should you use?

A deployment workflow to Azure should only have access to production secrets after an approval by the operations team. What is the best approach in GitHub Actions?

A team runs long workflows on self-hosted runners. They observe that new pushes to the same pull request cause multiple redundant workflow runs that waste runner capacity. They want only the latest run to continue and all in-progress older runs to be canceled automatically for that PR. What should they implement?

Your organization wants to centrally manage a reusable workflow that deploys to Azure, ensuring only approved repositories can call it and that callers cannot silently modify the deployment logic. Which design best meets this requirement?

You need a workflow to run only when a pull request targets the default branch and only if files under the `infra/` folder changed. Which approach is recommended?

You are consuming a reusable workflow from another repository in the same organization. Your workflow must pass a secret named `DEPLOY_TOKEN` to the called workflow. What is the correct mechanism?

A workflow uses `actions/cache` to speed up dependency installation. Recently, cache restores rarely occur even though dependencies change infrequently. Which cache key strategy is most likely causing the issue?

You want to prevent multiple concurrent deployments to the same environment when many commits are pushed quickly. What is the recommended way to serialize these runs in GitHub Actions?

A job must read a value produced by a previous step (for example, an image tag) and use it in a later step. Which method is recommended in modern GitHub Actions?

Your organization maintains a reusable workflow that deploys to Azure. You want to ensure only repositories explicitly approved by administrators can use it. What is the best control?

A workflow triggered by `pull_request` must run a security scan using secrets stored in the repository. The scan fails because secrets are unavailable. The pull request is coming from a fork. What should you do to securely enable the scan?

A workflow frequently fails during deployment due to intermittent network errors. You want to automatically retry only the flaky deployment step without rerunning the entire workflow. Which approach is most appropriate?

You maintain a monorepo with multiple services. You want separate workflows per service but also want a consistent build definition shared across them. Which design is recommended?

Your workflow needs to call the GitHub API to comment on a pull request. You want to follow the principle of least privilege. Which configuration is best?

You want a workflow to run only when changes are pushed to the repository's default branch. Which trigger configuration should you use?

A workflow uses multiple jobs, and a downstream job must only run if an upstream job completes successfully. Which job-level keyword enforces this dependency?

You need to capture a text log produced by a workflow run so it can be downloaded later from the run summary. Which feature should you use?

Your organization wants to standardize deployments by creating a reusable workflow in a central repository. Multiple application repos should call it, and the called workflow must access deployment secrets stored in the caller repository. What is the recommended approach?

A workflow uses concurrency to prevent multiple deployments to the same environment. You want any in-progress run to be canceled when a newer run starts for the same environment. Which configuration should you use?

You publish a composite action for internal teams. The action needs to set an output used by subsequent workflow steps. What is the correct way for a composite action to set outputs?

A workflow that builds a container image sometimes fails when rerun manually because it reuses stale files from previous runs. You want to ensure a clean workspace on a self-hosted runner. What should you do?

You are deploying to Azure using GitHub Actions and want to follow best practices by avoiding long-lived credentials. Which approach is recommended?

Your organization requires that all workflows run with minimal GitHub token permissions by default. You want to ensure a workflow cannot write to the repository unless explicitly allowed. What should you configure?

You maintain a reusable workflow that accepts an input called `environment`. Callers report failures because they pass values that don't match allowed environments, causing deployments to unintended targets. You need validation that fails early and consistently. What is the best solution?

You want a workflow to run only when a pull request to the main branch changes files under the /infra folder. Which trigger configuration is the best fit?

A repository uses reusable workflows for standard CI. A team wants to share a common output value (for example, an image tag) from the reusable workflow back to the caller workflow. What should they use?

You need to troubleshoot why a workflow is not triggering when code is pushed to a branch. The workflow file exists in a feature branch but not in the default branch. What is the most likely reason it does not run?

A team wants to minimize duplicated steps across multiple workflows while still allowing different repositories to override certain behavior (for example, enabling extra test suites). Which approach is recommended?

A workflow uploads a build artifact in one job and downloads it in a later job. The download step fails because no artifact is found. The upload job is conditionally skipped. What is the best fix?

You maintain a composite action used across many repositories. You need to update it without breaking existing consumers, and you want consumers to opt in to changes. What is the best practice?

A workflow uses a matrix to test multiple configurations. You want a failure in one matrix job to not cancel the remaining matrix jobs, but still fail the overall workflow if any configuration fails. Which setting should you use?

A repository deploys to Azure using OIDC. The workflow works on main but fails on pull_request runs from forks with authentication errors. What is the most likely cause and the correct mitigation?

A workflow uses third-party actions and must meet a policy requiring protection against compromised upstream changes. Which approach best satisfies this requirement?

You want a workflow to run when a new issue is labeled, but only when the label is 'needs-triage'. Which event and condition should you use?

You want a workflow to run automatically only when code is pushed to the default branch, and you want to prevent it from running on tag pushes. Which trigger configuration should you use?

A repository includes a reusable workflow that should accept an input named environment and a secret named AZURE_CREDENTIALS from the caller workflow. Which statement best describes how the reusable workflow should define these?

You need to make a workflow run available to others as a manually runnable workflow, where users can choose a deployment target from a dropdown-like set of options. What should you use?

A monorepo contains services in folders /api and /web. You want a workflow to run tests only when files under /api change. Which is the best approach?

A workflow uses a reusable workflow for deployment. The caller workflow needs to pass an environment-specific variable (not secret) and ensure the deploy job uses environment protection rules. Which design is recommended?

Your team wants to reduce noisy notifications by ensuring that only one workflow run per branch is active at a time, and that new pushes cancel in-progress runs for that same branch. Which feature should you use?

A workflow intermittently fails during dependency installation due to network issues. You want to automatically retry only that step a few times before failing the job, without rerunning the entire workflow from scratch. What is the best solution?

You need to publish a build artifact from one job and then deploy it in a later job that runs on a different runner. Which approach is recommended?

A deployment workflow can be triggered by pull_request events. You must ensure that untrusted code from forks cannot access deployment credentials, while still allowing maintainers to deploy after review. Which design best meets the requirement?

A reusable workflow must follow least privilege. It runs Terraform plan on pull requests and Terraform apply only on the default branch. You also want the workflow to request Azure OIDC tokens only when needed. Which setup is best?