Github Actions its and their security

Introduction

Github actions is a CI/CD platform that facilitates automation and is exclusive to Github. CI/CD pipeline practices are primarily intended to enhance the quality, dependability, and productivity of development. Github actions are of considerable importance in the execution of CI/CD pipelines within Github repositories. It facilitates the automation of software development workflows directly within your repositories on Github, allowing us to create, test, and deploy code without interruption. As a consequence of its integration with software development practices, it incorporated a multitude of tools and services into the development process.

How it works

A directory with a name needs to be created inside the repository initially.The workflows are defined in a YAML file that is created in the github/workflows directory. It doesn’t matter if a workflow is hosted on Github or not; what matters is that it has a collection of jobs and the order in which they need to run. Whenever code is pushed, a pull request is created, or a comment is sent, these workflows are triggered.

After being triggered, workflows have been initiated in accordance with the steps specified in the setups.