How do you design workflows to work with GitHub Packages and the Container Registry for building and publishing container images?

Heisenbug logo
TheHeisenBug

Search

Search across questions, learning content, and hands-on projects

Ace Your Next Tech Interview

5,986+ interview questions across 87 technologies — with expert answers, advanced search, AI-powered assistance, personal highlights, structured learning paths, and hands-on practice projects.

5,986+Questions & Answers
87Technologies
AdvancedSearch
Built-inAsk AI
PersonalHighlights
StructuredLearning Paths
Hands-onPractice Projects

Lifetime Access

One-time payment. No subscriptions. Unlock everything, forever.

$19.90USD

or R$49.90 BRL

FeatureFreePremium
Question titlesAllAll
Answers per topicTop 5All
Learning chaptersFirst 5All
Practice projectsFirst 3All
Highlights
Ask AI
Read tracking
Search

GitHub Actions Interview Questions

  1. [JUNIOR] What is GitHub Actions and what can it be used for?
  2. [JUNIOR] What are the different components of a GitHub Actions workflow?
  3. [JUNIOR] What is the difference between a workflow, a job, a step, and an action in GitHub Actions?
  4. [JUNIOR] How do you define a workflow in GitHub Actions and where are workflow files stored?
  5. [JUNIOR] What are runners in GitHub Actions?
  6. [JUNIOR] What is the difference between GitHub-hosted and self-hosted runners?
  7. [JUNIOR] What events can trigger a GitHub Actions workflow?
  8. [JUNIOR] How do you manage secrets in GitHub Actions?
  9. [JUNIOR] What is the purpose of the GITHUB_TOKEN and how is it automatically provided?
  10. [MID] How do you pass data between jobs using outputs and the needs context?
  11. [MID] What are reusable workflows and how do you define one using workflow_call?
  12. [MID] What is the difference between composite actions and reusable workflows and when would you choose each?
  13. [SENIOR] How do you design a CI/CD pipeline for a monorepo using GitHub Actions with path filters and change detection?
  14. [SENIOR] How do you use GitHub environments with deployment protection rules and required reviewers?
  15. [SENIOR] How do you use OpenID Connect (OIDC) to authenticate with cloud providers instead of storing long-lived credentials as secrets?
  16. [SENIOR] How do you secure workflows against supply chain attacks from third-party actions?
  17. [SENIOR] What is the difference between the pull_request and pull_request_target events and what are the security implications?
  18. [JUNIOR] How do you trigger a workflow on push or pull request events?
  19. [JUNIOR] What is the workflow_dispatch event and how do you use it to manually trigger a workflow?
  20. [JUNIOR] What are artifacts in GitHub Actions and how do you use them?
  21. [JUNIOR] What are environment variables in GitHub Actions and how do you define them using the env keyword?
  22. [JUNIOR] What is the needs keyword and how do you create job dependencies?
  23. [JUNIOR] What is a matrix strategy in GitHub Actions?
  24. [JUNIOR] How does caching work in GitHub Actions and why is it useful?
  25. [JUNIOR] What are the three types of GitHub Actions (JavaScript, Docker container, and composite)?
  26. [MID] How do you share artifacts across jobs using upload-artifact and download-artifact?
  27. [MID] What is a composite action and how does it differ from a regular custom action?
  28. [MID] How do you use the matrix strategy to run jobs in parallel with different configurations?
  29. [MID] How do you manage workflow concurrency using concurrency groups and cancel-in-progress?
  30. [MID] What are GitHub Actions expressions and how do you use the ${{ }} syntax?
  31. [MID] What are contexts in GitHub Actions and what information do the github, env, secrets, and runner contexts provide?
  32. [MID] What are status check functions like success(), failure(), always(), and cancelled() and how are they used?
  33. [MID] How do you use path filters to trigger workflows only when specific files or directories change?
  34. [SENIOR] How would you implement a blue-green or canary deployment strategy using GitHub Actions?
  35. [SENIOR] Why should you pin actions to specific commit SHAs instead of version tags and what risks does tag-based versioning introduce?
  36. [SENIOR] How do you prevent secrets from leaking in workflow logs and what security practices should you follow for secrets management?
  37. [SENIOR] What are the best practices for securing self-hosted runners and why should they not be used with public repositories?
  38. [SENIOR] How do you set up and manage self-hosted runners at scale using tools like Actions Runner Controller (ARC) on Kubernetes?
  39. [SENIOR] When would you choose self-hosted runners over GitHub-hosted runners and what are the trade-offs?
  40. [SENIOR] How do you optimize GitHub Actions workflows for performance and reduce CI/CD costs?
  41. [SENIOR] How do you implement reusable workflows across multiple repositories in an organization?
  42. [SENIOR] How do you handle secret management across organization, repository, and environment scopes?
  43. [SENIOR] How do you use the permissions keyword to enforce least-privilege access for the GITHUB_TOKEN?
  44. [SENIOR] How do you dynamically generate a matrix from a previous job's output using fromJSON?
  45. [SENIOR] How do you implement a workflow that requires manual approval gates before deploying to production?
  46. [EXPERT] What is Poisoned Pipeline Execution (PPE) and how do you prevent it in GitHub Actions workflows?
  47. [EXPERT] How does the OIDC job_workflow_ref claim enable fine-grained cloud access control when using reusable workflows?
  48. [EXPERT] How would you design an enterprise-wide GitHub Actions governance strategy using organization-level runner groups, allowlisted actions, and reusable workflow templates?
  49. [EXPERT] How do you handle command injection vulnerabilities when using untrusted inputs like PR titles or branch names in workflow expressions?
  50. [JUNIOR] How do you run scheduled workflows using cron syntax in GitHub Actions?
  51. [JUNIOR] What are the benefits of using GitHub Actions over other CI/CD tools?
  52. [JUNIOR] How do you add conditional logic to steps or jobs using the if keyword?
  53. [MID] How do you create a custom GitHub Action using JavaScript?
  54. [MID] How do you call a reusable workflow from another workflow?
  55. [MID] What is the purpose of strategy.fail-fast in a matrix build and when would you disable it?
  56. [MID] How do you debug workflows in GitHub Actions using debug logging and the ACTIONS_RUNNER_DEBUG secret?
  57. [MID] How do you troubleshoot failed workflows effectively?
  58. [MID] How do you use branch filters with push and pull_request events?
  59. [MID] What happens when you define both branches and paths filters on a workflow trigger?
  60. [MID] How do you use GitHub Actions to deploy a web application to a cloud provider?
  61. [MID] How do you use GitHub Actions to automate running a test suite?
  62. [MID] How do you use the with keyword to pass inputs to an action?
  63. [MID] What are required status checks and how do they integrate with branch protection rules?
  64. [MID] How does GitHub Actions compare with Jenkins for CI/CD?
  65. [MID] How does GitHub Actions compare with GitLab CI/CD?
  66. [MID] What is the purpose of the restore-keys parameter in the actions/cache action and how does cache matching work?
  67. [SENIOR] What are custom deployment protection rules and how do they integrate with third-party services?
  68. [SENIOR] How do you use repository_dispatch to trigger workflows from external systems?
  69. [SENIOR] What strategies would you use for caching Docker layers and build artifacts in a GitHub Actions pipeline?
  70. [SENIOR] How do you design workflows to work with GitHub Packages and the Container Registry for building and publishing container images?
  71. [SENIOR] How do you implement parallel testing and test splitting across multiple runners?
  72. [SENIOR] How would you use GitHub Actions to automate security scanning (SAST, DAST, dependency scanning) in a CI/CD pipeline?
  73. [SENIOR] How do you pass secrets to reusable workflows and what does the secrets inherit keyword do?
  74. [SENIOR] How do you integrate GitHub Actions with Infrastructure as Code tools like Terraform or Pulumi?
  75. [EXPERT] What are the risks of GITHUB_ENV and GITHUB_PATH manipulation and how can an attacker inject malicious binaries through workflow commands?
  76. [EXPERT] How do you implement ephemeral just-in-time (JIT) runners using the GitHub REST API and why are they more secure?
  77. [EXPERT] How do you architect a multi-tenant CI/CD platform on GitHub Actions with runner isolation, secret scoping, and network segmentation?
  78. [EXPERT] How would you implement a progressive delivery pipeline with feature flags and automated rollback using GitHub Actions?
  79. [EXPERT] How do you audit and detect anomalous workflow execution patterns for security monitoring and integrate GitHub Actions events with a SIEM?
  80. [JUNIOR] What is the purpose of continue-on-error in a workflow?
  81. [JUNIOR] How do you use a Docker container image in a GitHub Actions workflow?
  82. [JUNIOR] What is a service container in GitHub Actions and when would you use one?
  83. [MID] How can you limit the number of concurrent matrix jobs using max-parallel?
  84. [MID] What is the purpose of the timeout-minutes keyword at the job and step level?
  85. [MID] How do you use GitHub Actions to publish packages to GitHub Packages or npm?
  86. [MID] How do you use the job.container keyword to run a job inside a Docker container?
  87. [SENIOR] How do you handle database migrations as part of a GitHub Actions deployment pipeline?
  88. [SENIOR] How do you handle long-running tests in CI/CD pipelines and what timeout strategies do you use?
  89. [SENIOR] How do you set up end-to-end workflow observability with logging, metrics, and alerting for GitHub Actions?
  90. [SENIOR] What is the maximum nesting depth for reusable workflows and composite actions and how does this affect your architecture?
  91. [SENIOR] How do you compare per-minute costs across different runner types and optimize spending?
  92. [EXPERT] What is the Living Off The Pipeline attack technique and how can legitimate CI tools be abused for code execution?
  93. [EXPERT] How does GitHub Actions handle workflow run queuing and what happens when you exceed concurrency limits?
  94. [EXPERT] What are the limitations of the reusable workflow call depth limit per workflow file and how do you work around them?
  95. [EXPERT] How do you implement custom deployment protection rules using GitHub Apps that respond to deployment_protection_rule webhook events?
  96. [EXPERT] On which commit and branch do scheduled workflows run and what are the implications for workflows defined on non-default branches?
  97. [JUNIOR] What is the default shell used by GitHub Actions on Linux versus Windows runners?
  98. [MID] What is the purpose of the jobs defaults keyword?
  99. [EXPERT] How would you integrate event-driven automation frameworks with GitHub Actions using repository_dispatch and webhook events?