{
    "slug": "github_actions_deep",
    "term": "GitHub Actions — Reusable Workflows & Matrices",
    "category": "git",
    "difficulty": "intermediate",
    "short": "Advanced GitHub Actions patterns — reusable workflow files, matrix strategies for parallel testing, composite actions, and environment protection rules.",
    "long": "Advanced GitHub Actions: Reusable workflows (workflow_call trigger) — define once, call from multiple repos; matrix strategy — test across multiple PHP versions, OS, and dependency versions in parallel; composite actions — bundle multiple steps into a single reusable action; environments with protection rules — require approvals before deploying to production; concurrency groups — cancel superseded runs on the same branch; job dependencies (needs:) — sequential or conditional pipelines; OIDC authentication — exchange GitHub token for cloud provider credentials without storing secrets.",
    "aliases": [
        "GitHub Actions matrix",
        "reusable workflow",
        "composite action",
        "Actions secrets"
    ],
    "tags": [
        "git",
        "devops",
        "ci-cd"
    ],
    "misconception": "GitHub Actions is only for simple CI pipelines — Actions supports sophisticated patterns including cross-repository reusable workflows, dynamic matrix generation, and OIDC-based cloud authentication without static secrets.",
    "why_it_matters": "Duplicated CI configuration across 20 repositories means updating a security scan step 20 times — reusable workflows centralise CI logic so changes propagate everywhere automatically.",
    "common_mistakes": [
        "Storing cloud credentials as repository secrets instead of using OIDC — static credentials that never expire.",
        "No concurrency groups — every push triggers a new run, queue piles up.",
        "Matrix without fail-fast: false — one matrix failure cancels all siblings.",
        "Pinning Actions to a mutable tag (v3) instead of a commit SHA — supply chain risk."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "github_actions_php",
        "continuous_integration",
        "shift_left_testing",
        "git_signed_commits"
    ],
    "prerequisites": [
        "github_actions_php",
        "continuous_integration",
        "container_registry"
    ],
    "refs": [
        "https://docs.github.com/en/actions/using-workflows/reusing-workflows"
    ],
    "bad_code": "# Duplicated across 20 repos — maintenance nightmare:\n# .github/workflows/ci.yml (same in every repo):\nname: CI\non: [push]\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    - run: composer install\n    - run: vendor/bin/phpunit\n# Security scan added? Update all 20 repos manually.",
    "good_code": "# Reusable workflow — org/.github/workflows/php-ci.yml:\non:\n  workflow_call:\n    inputs:\n      php-version: {type: string, default: '8.3'}\njobs:\n  test:\n    strategy:\n      matrix:\n        php: ['8.1', '8.2', '8.3']\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # SHA pin\n    - uses: shivammathur/setup-php@v2\n      with: {php-version: ${{ matrix.php }}}\n    - run: composer install\n    - run: composer audit  # Security in shared workflow\n    - run: vendor/bin/phpunit\n\n# Each repo just calls it:\n# .github/workflows/ci.yml:\njobs:\n  ci:\n    uses: org/.github/workflows/php-ci.yml@main",
    "quick_fix": "Use composite actions to DRY up repeated steps across workflows; cache Composer dependencies with the composer-lock hash as the cache key; use matrix builds to test PHP 8.1/8.2/8.3 in parallel",
    "severity": "medium",
    "effort": "medium",
    "created": "2026-03-16",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/github_actions_deep",
        "html_url": "https://codeclaritylab.com/glossary/github_actions_deep",
        "json_url": "https://codeclaritylab.com/glossary/github_actions_deep.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[GitHub Actions — Reusable Workflows & Matrices](https://codeclaritylab.com/glossary/github_actions_deep) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/github_actions_deep"
            }
        }
    }
}