.mdc YAML GitHub Actions DevOps

GitHub Actions CI/CDベストプラクティス

GitHub Actionsのベストプラクティス: 再利用可能ワークフロー、マトリックス戦略、依存関係キャッシュ、セキュリティ強化(最小権限、シークレット管理、スクリプトインジェクション防止)。

sanjeed5/awesome-cursor-rules-mdc
awesome-cursor-rules-mdc
github-actions ci-cd devops yaml automation security workflows
.mdc · 142 lines 
# GitHub Actions Best Practices

GitHub Actions is the backbone of modern CI/CD. These best practices ensure your workflows are efficient, secure, and maintainable.

## 1. Workflow Design

### Use Reusable Workflows and Composite Actions

Abstract common sequences into reusable workflows or composite actions:

```yaml
# .github/workflows/reusable-build.yml
on:
  workflow_call:
    inputs:
      build-script: { required: true, type: string }
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: '20' }
      - run: npm ci
      - run: ${{ inputs.build-script }}
```

### Use Matrix Strategies for Broad Testing

```yaml
jobs:
  test:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        node-version: ['18', '20']
        os: [ubuntu-latest, windows-latest]
    steps:
      - uses: actions/setup-node@v4
        with: { node-version: ${{ matrix.node-version }} }
      - run: npm test
```

### Set Explicit Concurrency Groups

```yaml
jobs:
  deploy:
    environment: production
    concurrency: production_deployment  # Only one can run at a time
```

## 2. Performance: Cache Dependencies

```yaml
steps:
  - uses: actions/cache@v4
    with:
      path: ~/.npm
      key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
      restore-keys: |
        ${{ runner.os }}-node-
  - run: npm ci
```

## 3. Code Quality: Shift-Left

```yaml
jobs:
  lint:
    steps:
      - run: npm run lint  # Fail fast
  test:
    needs: lint  # Only run tests if lint passes
```

### Pin Third-Party Actions to Specific SHA

```yaml
# Good: specific version
uses: actions/[email protected]
# Best: specific SHA
uses: actions/checkout@a81bbbf8298bb0ba8a753697672f0999c0179a61
```

## 4. Security Hardening

### Apply Principle of Least Privilege

```yaml
permissions:
  contents: read  # Default to read-only
jobs:
  deploy:
    permissions:
      contents: write  # Elevate only where needed
```

### Prevent Script Injection

Always pass untrusted input via environment variables, not direct interpolation:

Bad:
```yaml
- run: echo "Title: ${{ github.event.pull_request.title }}"
```

Good:
```yaml
- name: Check PR Title
  env:
    PR_TITLE: ${{ github.event.pull_request.title }}
  run: echo "Title: $PR_TITLE"
```

### Never Hardcode Secrets

```yaml
env:
  API_KEY: ${{ secrets.MY_API_KEY }}  # Always use GitHub Secrets
```

## 5. Common Gotchas

- Use `github.ref == 'refs/heads/main'` not `github.ref == 'main'` in job conditions
- Use `if: success()` in step conditions, not `if: true`
- Enable `ACTIONS_STEP_DEBUG` secret = `true` for verbose debugging (delete after)

## 6. Integrated Code Scanning

```yaml
jobs:
  code-scan:
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: github/codeql-action/init@v3
        with: { languages: javascript }
      - uses: github/codeql-action/autobuild@v3
      - uses: github/codeql-action/analyze@v3
```
Share on X

こちらもおすすめ

DevOps カテゴリの他のルール

langflow — AGENTS.md

Langflow is a powerful tool for building and deploying AI-powered agents and workflows.

# AGENTS.md

This file provides guidance to AI coding agents when working with code in this repository.

## Project Overview

Langflow is a visual workflow builder for AI-powered agents. It has a Python/FastAPI backend, React/TypeScript frontend, and a lightweight executor CLI (lfx).

## Prerequisit...
langflow-ai/langflowlangflow-ai/langflow145,340
AGENTS.md
Python

Grafana — オブザーバビリティプラットフォーム

Grafanaオブザーバビリティ・データ可視化プラットフォームの開発ガイド。モノレポ内のGoバックエンドとTypeScript/Reactフロントエンド、ビルド/テストコマンド、コードスタイル規約、アラートやドキュメントなどの専門エリア用ディレクトリスコープエージェントファイルをカバー。

# AGENTS.md

<!-- version: 2.0.0 -->

This file provides guidance to AI agents when working with code in the Grafana repository.

**Directory-scoped agent files exist for specialized areas — read them when working in those directories:**

- `docs/AGENTS.md` — Documentation style guide (for work unde...
grafana/grafanagrafana/grafana72,545
AGENTS.mdReact
Go

daytona — AGENTS.md

Daytona is a Secure and Elastic Infrastructure for Running AI-Generated Code

# Agent Development Guide

This project uses **Nix flakes** to provide reproducible development environments outside of the devcontainer. When working on this codebase, use the appropriate Nix dev shell to ensure all build tools, language runtimes, and dependencies are available.

## Prerequisites

...
daytonaio/daytonadaytonaio/daytona72,051
AGENTS.md
TypeScript

AGENTS.md — AIコーディングエージェント向けオープン仕様

Linux Foundation傘下のAIコーディングエージェント向けオープンフォーマット。開発環境・テスト・PR手順を統一的に記述。

# AGENTS.md — Open Specification

AGENTS.md is a simple, open format for guiding coding agents. Think of it as documentation specifically designed for AI agents — similar to how a README guides human developers.

## Recommended Sections

### Dev environment tips
- Instructions for setting up the dev...
GitHubGitHub60,000
AGENTS.mdGeneral
General

もっとルールを探す

CLAUDE.md、.cursorrules、AGENTS.md、Image Prompts の全 223 ルールをチェック。

DevOps をもっと見る すべて見る

クイックナビゲーション

CLAUDE.md .cursorrules AGENTS.md Image Prompts
Frontend (74) Backend (64) Mobile (11) CLI (8) DevOps (25) Data / ML (4) Game (2) Image (23) image-prompt (1) ai-agent (5) web-backend (3) web3 (1) cloud (1) database (1)