Script Valley
Git and GitHub Complete Course: From Beginner to Advanced
GitHub Actions and CI/CD AutomationLesson 5.5

Advanced GitHub Actions: Reusable Workflows and Custom Actions

reusable workflows, workflow_call, composite actions, JavaScript actions, action marketplace, workflow permissions, OIDC

Advanced GitHub Actions: Reusable Workflows and Custom Actions

As your automation grows, reusability becomes critical. GitHub Actions provides two mechanisms for reuse: reusable workflows (for sharing entire workflow files) and custom actions (for sharing individual steps).

DiagramReusable Workflows and Composite Actions

IMAGE PROMPT (replace this block with your generated image):

Flat two-panel architecture diagram on white background. Title: Reusable Workflows and Custom Actions. Left panel: Reusable Workflow Pattern. Top box: Caller Workflow (ci.yml) (light #3A5EFF fill). Shows: uses: ./.github/workflows/reusable-test.yml and with: node-version: 20. Arrow pointing down-right labeled calls. Bottom box: Reusable Workflow (reusable-test.yml) (solid #3A5EFF fill, white text). Shows: on: workflow_call:, inputs: node-version: required. Multiple caller arrows from three different workflow boxes all pointing to the one reusable workflow — showing DRY principle. Label: Write once, use in any workflow. Right panel: Action Types Comparison. Three cards stacked. Card 1: Composite Action — groups multiple run steps, no Node.js needed. Card 2: JavaScript Action — fastest, runs directly on runner, uses @actions/core. Card 3: Docker Action — fully isolated environment, any language. OIDC badge at bottom: Keyless cloud auth — no stored secrets needed with key-slash icon. White background, brand color #3A5EFF for reusable workflow box.

Reusable Workflows

A reusable workflow is triggered by workflow_call instead of an event. Other workflows can call it with the uses keyword:

# .github/workflows/reusable-test.yml
on:
  workflow_call:
    inputs:
      node-version:
        required: true
        type: string

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node-version }}

Call it from another workflow:

jobs:
  run-tests:
    uses: ./.github/workflows/reusable-test.yml
    with:
      node-version: '20'

Composite Actions

A composite action groups multiple steps into a single reusable action. Create it in .github/actions/my-action/action.yml. This is ideal for steps you repeat across many workflows in a repository.

OIDC for Keyless Authentication

Instead of storing long-lived cloud provider secrets, use OpenID Connect (OIDC). GitHub can issue short-lived tokens that cloud providers (AWS, GCP, Azure) trust. Add permissions: id-token: write and use the provider's official login action. This eliminates the need to rotate and store cloud credentials as secrets.

Ready to practice?

MCQs · Mini project