Create and configure CI/CD pipelines with security-first best practices. Triggers on requests to set up CI/CD, add GitHub Actions, create pipelines, automate testing/deployment, configure workflows, add continuous integration, or automate releases.
Create secure, production-ready CI/CD pipelines following 2025-2026 best practices.
Run these Glob patterns to identify the project:
Platform detection:
- .github/workflows/*.yml → GitHub Actions
- .gitlab-ci.yml → GitLab CI
- .circleci/config.yml → CircleCI
Stack detection:
- package.json, package-lock.json, yarn.lock, pnpm-lock.yaml → Node.js
- Cargo.toml, Cargo.lock → Rust
- go.mod, go.sum → Go
- pyproject.toml, requirements.txt, setup.py → Python
- Dockerfile, docker-compose.yml → Docker
Based on detected stack, create:
.github/workflows/ci.yml) - lint, test, build.github/dependabot.yml) - dependency updatesAfter creating workflows, list:
After the 2025 tj-actions and reviewdog supply chain attacks, NEVER use mutable tags:
# WRONG - tag can be hijacked
- uses: actions/checkout@v4
# CORRECT - immutable SHA
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
To find current SHAs: gh api repos/actions/checkout/releases/latest --jq '.tag_name' then check the commit.
Eliminate stored credentials with OIDC: