GitHub (Microsoft)

GitHub Actions

GitHub-native CI/CD that runs workflows triggered by repo events. Hosted runners across Linux, macOS, and Windows or self-hosted on your infrastructure. Tight integration with GitHub Copilot for AI-assisted workflow authoring, Copilot Autofix for security findings, and Copilot agentic PR reviews. The default deploy plumbing for any team already on GitHub.

Provision Deploy

Visit website

Last reviewedMay 15, 2026

How we review

Overview

GitHub Actions is the CI/CD automation layer built into GitHub. Workflows are YAML files stored in .github/workflows that respond to any GitHub event: push, pull request, issue, release, schedule, or manual workflow_dispatch trigger. Pipeline configuration is versioned in the repository alongside application code.

Hosted runners (Linux, Windows, macOS) execute jobs in isolated VMs provisioned per job. Larger runners (up to 64-core Linux) and ARM-native runners for Apple Silicon are available. Self-hosted runners connect to GitHub and accept jobs without inbound firewall rules.

OIDC federation generates short-lived cloud tokens for AWS, GCP, Azure, and HashiCorp Vault, eliminating the need to store long-lived credentials as repository secrets. Reusable workflows allow a workflow defined in one repository to be called from others in the organization. The Actions cache stores dependency artifacts between runs, keyed on lock file hashes. The marketplace includes 20,000+ pre-built actions. Pricing: free for public repositories; free minutes per month for private repositories, then per-minute billing.

Key Features

Workflow YAML committed to .github/workflows triggered by any GitHub event (push, PR, issue, release, schedule, workflow_dispatch) — pipeline config lives in the repo alongside application code
Marketplace ecosystem: 20,000+ pre-built actions covering cloud auth, release publishing, container builds, notification, and deployment targets — composable without writing shell scripts
OIDC federation: generates short-lived tokens for AWS, GCP, Azure, and HashiCorp Vault authentication — eliminates the need to store long-lived cloud credentials as repository secrets
Larger and ARM-native hosted runners: up to 64-core Linux runners and native ARM runners for Apple Silicon builds — available in addition to the standard 2-core hosted runners
Reusable workflows: define a workflow in one repository and call it from any other repo in the organization — centralizes pipeline logic for CI standards, release, or deployment without copy-pasting YAML
Actions cache: content-addressable cache for dependencies (npm, pip, Go modules, Maven) persisted across runs with cache keys derived from dependency lock file hashes

Integrations

10 total

scm

GitHub

ci / cd

TerraformOpenTofuAnsibleHelm

cloud

AWSGCPAzure

orchestration

Kubernetes

messaging

Slack

Pricing

No pricing data on file.

Compare with similar tools

2 comparisons

Compliance

4 / 6 attested

SOC 2

HIPAA

GDPR

FedRAMP

PCI DSS

ISO 27001

Freshness

Heartbeatverified · 4d ago

Listings are re-verified on a recurring sweep. If the website 200s and pricing hasn't shifted since the last check, the heartbeat stays green.

UpdatedJun 18, 2026

What does AI Adjacent mean?

AI maturity is an independent editorial rating assigned by infraplz.dev — not a vendor self-claim. We assess how meaningfully each tool actually uses AI in production workflows, cutting through marketing copy.

AI NativeAI is the core product — the tool wouldn't exist without it.
AI EnhancedAI is a first-class feature that materially changes the workflow.
AI AdjacentAI features exist but are superficial or bolt-on additions.
AI MinimalNo meaningful AI features; listed as a critical platform engineering tool.

AboutSubmit a tool