Best of GitHub Actions — April 2026

1. 1
   Article

   Collections·2w

   Ghostty is leaving GitHub over reliability concerns

   Mitchell Hashimoto, creator of Ghostty and Vagrant, is migrating the Ghostty terminal emulator off GitHub after documenting near-daily outages over a month. He cites GitHub Actions downtime and broader reliability issues he attributes to Microsoft's AI-driven platform changes. Personal projects will remain on GitHub, but a read-only mirror will replace the active Ghostty repo. He hasn't chosen a destination yet, evaluating both commercial and open-source alternatives, and hasn't ruled out returning if GitHub demonstrates real improvements.

   269

   42
2. 2
   Article

   Astral·5w

   Open source security at Astral

   Astral shares the security practices they use to protect their open source tools (Ruff, uv, ty) from supply chain attacks. Key areas covered include: hardening GitHub Actions CI/CD by banning dangerous triggers like pull_request_target, pinning all actions to commit SHAs, limiting permissions, and isolating secrets in deployment environments. For releases, they use Trusted Publishing to eliminate long-lived credentials, Sigstore-based attestations, immutable releases, and two-person approval gates. They also use GitHub Apps to safely handle tasks that GitHub Actions can't do securely, maintain dependency hygiene with Dependabot/Renovate plus cooldowns, and contribute financially and technically to upstream projects. The post includes shareable GitHub rulesets and practical recommendations for other maintainers.

   93

   2
3. 3
   Article

   A Java geek·4w

   A GitHub agentic workflow

   GitHub agentic workflows combine standard GitHub Actions with an AI agent (powered by Copilot) to handle semi-structured or unstructured data tasks. The author describes a real use case: automating the parsing of product release notes to generate upgrade analysis config files — something impossible with deterministic regex-based automation. Key steps covered include initializing workflows via the `gh aw` CLI extension, writing workflows in Markdown and compiling them to YAML, and using a fine-grained `GITHUB_COPILOT_TOKEN`. Practical pitfalls are shared: forgetting to compile Markdown to YAML before pushing, Windows/Linux line-ending issues requiring a `.gitattributes` fix, security concerns around auto-compiling workflows, and the inability to use GitHub Marketplace actions inside agentic workflows. The system prompt used at runtime is also shared, highlighting security hardening and prompt injection defenses.

   53

   2
4. 4
   Article

   ByteByteGo·3w

   The Security Architecture of GitHub Agentic Workflow

   GitHub built a layered security architecture for AI agents running inside GitHub Actions, designed around the assumption that the agent is already compromised. The architecture has three independent layers: a substrate layer using Docker containers and kernel-level isolation, a configuration layer that compiles workflows with explicit permissions and keeps secrets physically unreachable from the agent, and a planning layer that stages outputs for deterministic vetting before they affect real state. Key mechanisms include a secretless agent container topology using proxies and gateways, a safe outputs pipeline that enforces allowlists, quantity limits, and content sanitization, and comprehensive logging at every trust boundary. The post also discusses trade-offs: strict-by-default sandboxing limits flexibility, prompt injection remains fundamentally unsolved, and the architecture is complex enough that it may not suit simpler use cases.

   43