Advanced GitHub Actions: Reusable Workflows and Custom Actions
reusable workflows, workflow_call, composite actions, JavaScript actions, action marketplace, workflow permissions, OIDC
Advanced GitHub Actions: Reusable Workflows and Custom Actions
As your automation grows, reusability becomes critical. GitHub Actions provides two mechanisms for reuse: reusable workflows (for sharing entire workflow files) and custom actions (for sharing individual steps).
Reusable Workflows
A reusable workflow is triggered by workflow_call instead of an event. Other workflows can call it with the uses keyword:
# .github/workflows/reusable-test.yml
on:
workflow_call:
inputs:
node-version:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
Call it from another workflow:
jobs:
run-tests:
uses: ./.github/workflows/reusable-test.yml
with:
node-version: '20'Composite Actions
A composite action groups multiple steps into a single reusable action. Create it in .github/actions/my-action/action.yml. This is ideal for steps you repeat across many workflows in a repository.
OIDC for Keyless Authentication
Instead of storing long-lived cloud provider secrets, use OpenID Connect (OIDC). GitHub can issue short-lived tokens that cloud providers (AWS, GCP, Azure) trust. Add permissions: id-token: write and use the provider's official login action. This eliminates the need to rotate and store cloud credentials as secrets.