How would you implement a blue-green or canary deployment strategy using GitHub Actions?

Heisenbug logo
TheHeisenBug

Search

Search across questions, learning content, and hands-on projects

Ace Your Next Tech Interview

5,986+ interview questions across 87 technologies — with expert answers, advanced search, AI-powered assistance, personal highlights, structured learning paths, and hands-on practice projects.

5,986+Questions & Answers
87Technologies
AdvancedSearch
Built-inAsk AI
PersonalHighlights
StructuredLearning Paths
Hands-onPractice Projects

Lifetime Access

One-time payment. No subscriptions. Unlock everything, forever.

$19.90USD

or R$49.90 BRL

FeatureFreePremium
Question titlesAllAll
Answers per topicTop 5All
Learning chaptersFirst 5All
Practice projectsFirst 3All
Highlights
Ask AI
Read tracking
Search

GitHub Actions Interview Questions

  1. [JUNIOR] What is GitHub Actions and what can it be used for?
  2. [JUNIOR] What are the different components of a GitHub Actions workflow?
  3. [JUNIOR] What is the difference between a workflow, a job, a step, and an action in GitHub Actions?
  4. [JUNIOR] How do you define a workflow in GitHub Actions and where are workflow files stored?
  5. [JUNIOR] What are runners in GitHub Actions?
  6. [JUNIOR] What is the difference between GitHub-hosted and self-hosted runners?
  7. [JUNIOR] What events can trigger a GitHub Actions workflow?
  8. [JUNIOR] How do you manage secrets in GitHub Actions?
  9. [JUNIOR] What is the purpose of the GITHUB_TOKEN and how is it automatically provided?
  10. [MID] How do you pass data between jobs using outputs and the needs context?
  11. [MID] What are reusable workflows and how do you define one using workflow_call?
  12. [MID] What is the difference between composite actions and reusable workflows and when would you choose each?
  13. [SENIOR] How do you design a CI/CD pipeline for a monorepo using GitHub Actions with path filters and change detection?
  14. [SENIOR] How do you use GitHub environments with deployment protection rules and required reviewers?
  15. [SENIOR] How do you use OpenID Connect (OIDC) to authenticate with cloud providers instead of storing long-lived credentials as secrets?
  16. [SENIOR] How do you secure workflows against supply chain attacks from third-party actions?
  17. [SENIOR] What is the difference between the pull_request and pull_request_target events and what are the security implications?
  18. [JUNIOR] How do you trigger a workflow on push or pull request events?
  19. [JUNIOR] What is the workflow_dispatch event and how do you use it to manually trigger a workflow?
  20. [JUNIOR] What are artifacts in GitHub Actions and how do you use them?
  21. [JUNIOR] What are environment variables in GitHub Actions and how do you define them using the env keyword?
  22. [JUNIOR] What is the needs keyword and how do you create job dependencies?
  23. [JUNIOR] What is a matrix strategy in GitHub Actions?
  24. [JUNIOR] How does caching work in GitHub Actions and why is it useful?
  25. [JUNIOR] What are the three types of GitHub Actions (JavaScript, Docker container, and composite)?
  26. [MID] How do you share artifacts across jobs using upload-artifact and download-artifact?
  27. [MID] What is a composite action and how does it differ from a regular custom action?
  28. [MID] How do you use the matrix strategy to run jobs in parallel with different configurations?
  29. [MID] How do you manage workflow concurrency using concurrency groups and cancel-in-progress?
  30. [MID] What are GitHub Actions expressions and how do you use the ${{ }} syntax?
  31. [MID] What are contexts in GitHub Actions and what information do the github, env, secrets, and runner contexts provide?
  32. [MID] What are status check functions like success(), failure(), always(), and cancelled() and how are they used?
  33. [MID] How do you use path filters to trigger workflows only when specific files or directories change?
  34. [SENIOR] How would you implement a blue-green or canary deployment strategy using GitHub Actions?
  35. [SENIOR] Why should you pin actions to specific commit SHAs instead of version tags and what risks does tag-based versioning introduce?
  36. [SENIOR] How do you prevent secrets from leaking in workflow logs and what security practices should you follow for secrets management?
  37. [SENIOR] What are the best practices for securing self-hosted runners and why should they not be used with public repositories?
  38. [SENIOR] How do you set up and manage self-hosted runners at scale using tools like Actions Runner Controller (ARC) on Kubernetes?
  39. [SENIOR] When would you choose self-hosted runners over GitHub-hosted runners and what are the trade-offs?
  40. [SENIOR] How do you optimize GitHub Actions workflows for performance and reduce CI/CD costs?
  41. [SENIOR] How do you implement reusable workflows across multiple repositories in an organization?
  42. [SENIOR] How do you handle secret management across organization, repository, and environment scopes?
  43. [SENIOR] How do you use the permissions keyword to enforce least-privilege access for the GITHUB_TOKEN?
  44. [SENIOR] How do you dynamically generate a matrix from a previous job's output using fromJSON?
  45. [SENIOR] How do you implement a workflow that requires manual approval gates before deploying to production?
  46. [EXPERT] What is Poisoned Pipeline Execution (PPE) and how do you prevent it in GitHub Actions workflows?
  47. [EXPERT] How does the OIDC job_workflow_ref claim enable fine-grained cloud access control when using reusable workflows?
  48. [EXPERT] How would you design an enterprise-wide GitHub Actions governance strategy using organization-level runner groups, allowlisted actions, and reusable workflow templates?
  49. [EXPERT] How do you handle command injection vulnerabilities when using untrusted inputs like PR titles or branch names in workflow expressions?
  50. [JUNIOR] How do you run scheduled workflows using cron syntax in GitHub Actions?
  51. [JUNIOR] What are the benefits of using GitHub Actions over other CI/CD tools?
  52. [JUNIOR] How do you add conditional logic to steps or jobs using the if keyword?
  53. [MID] How do you create a custom GitHub Action using JavaScript?
  54. [MID] How do you call a reusable workflow from another workflow?
  55. [MID] What is the purpose of strategy.fail-fast in a matrix build and when would you disable it?
  56. [MID] How do you debug workflows in GitHub Actions using debug logging and the ACTIONS_RUNNER_DEBUG secret?
  57. [MID] How do you troubleshoot failed workflows effectively?
  58. [MID] How do you use branch filters with push and pull_request events?
  59. [MID] What happens when you define both branches and paths filters on a workflow trigger?
  60. [MID] How do you use GitHub Actions to deploy a web application to a cloud provider?
  61. [MID] How do you use GitHub Actions to automate running a test suite?
  62. [MID] How do you use the with keyword to pass inputs to an action?
  63. [MID] What are required status checks and how do they integrate with branch protection rules?
  64. [MID] How does GitHub Actions compare with Jenkins for CI/CD?
  65. [MID] How does GitHub Actions compare with GitLab CI/CD?
  66. [MID] What is the purpose of the restore-keys parameter in the actions/cache action and how does cache matching work?
  67. [SENIOR] What are custom deployment protection rules and how do they integrate with third-party services?
  68. [SENIOR] How do you use repository_dispatch to trigger workflows from external systems?
  69. [SENIOR] What strategies would you use for caching Docker layers and build artifacts in a GitHub Actions pipeline?
  70. [SENIOR] How do you design workflows to work with GitHub Packages and the Container Registry for building and publishing container images?
  71. [SENIOR] How do you implement parallel testing and test splitting across multiple runners?
  72. [SENIOR] How would you use GitHub Actions to automate security scanning (SAST, DAST, dependency scanning) in a CI/CD pipeline?
  73. [SENIOR] How do you pass secrets to reusable workflows and what does the secrets inherit keyword do?
  74. [SENIOR] How do you integrate GitHub Actions with Infrastructure as Code tools like Terraform or Pulumi?
  75. [EXPERT] What are the risks of GITHUB_ENV and GITHUB_PATH manipulation and how can an attacker inject malicious binaries through workflow commands?
  76. [EXPERT] How do you implement ephemeral just-in-time (JIT) runners using the GitHub REST API and why are they more secure?
  77. [EXPERT] How do you architect a multi-tenant CI/CD platform on GitHub Actions with runner isolation, secret scoping, and network segmentation?
  78. [EXPERT] How would you implement a progressive delivery pipeline with feature flags and automated rollback using GitHub Actions?
  79. [EXPERT] How do you audit and detect anomalous workflow execution patterns for security monitoring and integrate GitHub Actions events with a SIEM?
  80. [JUNIOR] What is the purpose of continue-on-error in a workflow?
  81. [JUNIOR] How do you use a Docker container image in a GitHub Actions workflow?
  82. [JUNIOR] What is a service container in GitHub Actions and when would you use one?
  83. [MID] How can you limit the number of concurrent matrix jobs using max-parallel?
  84. [MID] What is the purpose of the timeout-minutes keyword at the job and step level?
  85. [MID] How do you use GitHub Actions to publish packages to GitHub Packages or npm?
  86. [MID] How do you use the job.container keyword to run a job inside a Docker container?
  87. [SENIOR] How do you handle database migrations as part of a GitHub Actions deployment pipeline?
  88. [SENIOR] How do you handle long-running tests in CI/CD pipelines and what timeout strategies do you use?
  89. [SENIOR] How do you set up end-to-end workflow observability with logging, metrics, and alerting for GitHub Actions?
  90. [SENIOR] What is the maximum nesting depth for reusable workflows and composite actions and how does this affect your architecture?
  91. [SENIOR] How do you compare per-minute costs across different runner types and optimize spending?
  92. [EXPERT] What is the Living Off The Pipeline attack technique and how can legitimate CI tools be abused for code execution?
  93. [EXPERT] How does GitHub Actions handle workflow run queuing and what happens when you exceed concurrency limits?
  94. [EXPERT] What are the limitations of the reusable workflow call depth limit per workflow file and how do you work around them?
  95. [EXPERT] How do you implement custom deployment protection rules using GitHub Apps that respond to deployment_protection_rule webhook events?
  96. [EXPERT] On which commit and branch do scheduled workflows run and what are the implications for workflows defined on non-default branches?
  97. [JUNIOR] What is the default shell used by GitHub Actions on Linux versus Windows runners?
  98. [MID] What is the purpose of the jobs defaults keyword?
  99. [EXPERT] How would you integrate event-driven automation frameworks with GitHub Actions using repository_dispatch and webhook events?