| Author and manage workflows | Triggers and events including workflow_dispatch inputs and workflow_call mapping. Jobs, steps, conditionals and dependencies. Service containers with health checks. Matrix strategies with include/exclude, fail-fast and max-parallel. YAML anchors and aliases. Contexts and expression evaluation, caching, artifacts, GITHUB_ENV, GITHUB_OUTPUT and job summaries. | 20 to 25% |
| Manage GitHub Actions for the enterprise | The equal-biggest domain, and the one daily use skips. Reusable components and templates, access control, organizational use policies, hosted and self-hosted runners, runner groups, IP allow lists, preinstalled tool versions, and secrets and variables scoped at organization, repository and environment level, managed via REST APIs. | 20 to 25% |
| Consume and troubleshoot workflows | Reading triggers and effects from configuration and logs, diagnosing failed runs, expanding YAML anchors when analyzing config, interpreting matrix expansions and rerunning individual matrix jobs, locating artifacts via UI and API, and telling starter workflows from reusable workflows from composite actions. | 15 to 20% |
| Author and maintain actions | The three action types (JavaScript, Docker, composite), immutable actions rollout and version pinning implications, required files and metadata, workflow commands, distribution models and publishing to the Marketplace with versioning strategies. | 15 to 20% |
| Secure and optimize automation | Environment protections and approval gates, script injection mitigation, GITHUB_TOKEN lifecycle versus PATs, OIDC federation for cloud providers, pinning third-party actions to commit SHAs, allow/deny policies, artifact attestations with SLSA provenance, and cost optimization through caching and retention. | 10 to 15% |