CI/CD inside GitHub
Before 2019, teams using GitHub had to externally integrate Travis CI, CircleCI, Jenkins, Drone. Microsoft (which acquired GitHub in June 2018) wants to provide first-class CI/CD integrated with repository, PR, release, security.
The release
GitHub Actions is announced in October 2018, beta 2019, generally available on 13 November 2019. Initially HCL-based, later rewritten to YAML. Free for public repositories (with generous limits), consumption-based for private.
Concepts
- Workflow — YAML in
.github/workflows/*.yml - Job — execution unit on runner
- Step — shell command or reusable action
- Action — reusable modular unit (JavaScript, Docker, or composite)
- Event — trigger (push, pull_request, schedule, workflow_dispatch, release, custom webhook)
- Runner — machine (GitHub-hosted or self-hosted)
- Secrets — encrypted, injected as env vars
name: CI
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node: [18, 20, 22]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: ${{ matrix.node }} }
- run: npm ci && npm testMarketplace
GitHub Marketplace contains 20,000+ actions community + vendor:
- Cloud deploy — AWS, Azure, GCP, Cloudflare
- Container — Docker build, GHCR/DockerHub push
- Security — CodeQL, Trivy, Snyk, Dependabot integration
- Testing — test runner, Playwright, Cypress
- Release — semantic-release, goreleaser, Sentry
- Notify — Slack, Discord, email, Jira
Advanced features
- Matrix build — combinatorial expansion
- Reusable workflow —
workflow_callfor cross-repo reuse - Composite actions — grouped steps
- Environment — protection rules, approval required, separate secrets
- OIDC — cloud authentication without long-lived secrets (AWS/Azure/GCP IAM role)
- ARC (Actions Runner Controller) — autoscaling K8s runners
- Larger runners — 4-64 cores on hosted
- GitHub-hosted Mac runners — Xcode/iOS builds
Comparison
| GitHub Actions | GitLab CI/CD | |
|---|---|---|
| Integration | GitHub native | GitLab native |
| Marketplace | Huge (20k+) | Native + Catalog |
| Pricing | Free OSS, minutes for private | Self-hosted free |
| K8s runner | ARC (2023+) | Native since 2015 |
In the Italian context
GitHub Actions is the dominant CI/CD in Italian companies with GitHub:
- Italian open source projects (ISI.it, Istat, CNR)
- Startups with GitHub organizations
- Enterprise — banks, insurance, fintech that chose GitHub Enterprise Cloud
- Digital PA — PagoPA, App IO, Developers Italia projects on GitHub
- Bootcamps teaching Actions as first CI/CD
Main alternative: GitLab CI/CD for companies preferring self-hosted GitLab.
References: GitHub Actions (GA 13 November 2019). GitHub (Microsoft since 2018). YAML workflow in .github/workflows/. Marketplace 20k+ actions. OIDC cloud auth. ARC K8s runner (2023).