GitHub Actions & YAML —
Complete Beginner Guide
From understanding why CI/CD exists to writing complete ci.yml and deploy.yml workflows — everything explained with real examples and Feynman-style analogies.
The Big Picture
Before writing a single line of YAML, understand why GitHub Actions exists. The typical workflow without automation:
This becomes repetitive, error-prone, and slow. GitHub Actions automates everything after the push.
One git push triggers the entire pipeline automatically — no manual steps required.
What is GitHub Actions?
GitHub Actions is a robot assistant living inside your GitHub repository. Whenever something happens (a push, a pull request, a schedule), the robot can automatically perform tasks.
Run Tests
Automatically verify your code compiles and tests pass on every push.
Build Projects
Compile firmware or build web assets on a clean machine in the cloud.
Deploy Websites
Automatically push your site to Netlify, GitHub Pages, or any host.
Notifications
Send Slack or email notifications when builds pass or fail.
CI vs CD
Why Create ci.yml?
GitHub needs instructions. The robot cannot guess whether to run tests, deploy, or build. You provide instructions in a workflow file:
GitHub is designed to look only inside .github/workflows/. Think of it like a teacher who only checks the homework folder — work left elsewhere is ignored.
What is YAML?
YAML stands for "YAML Ain't Markup Language" — a human-readable format for describing structured information. It's used everywhere in modern DevOps: GitHub Actions, Docker, Kubernetes, CI/CD pipelines.
The key advantage of YAML over JSON is readability:
Same information, YAML is far cleaner for configuration files.
YAML Rules & Structure
⚠️ Most Important Rule — Spaces Matter
In YAML, indentation shows relationships. Use spaces (never tabs). Wrong indentation causes GitHub to reject your workflow entirely.
Parent-Child Relationships
Indentation in YAML shows that something belongs to something else — exactly like a folder structure:
parent:
child:
grandchild: "value"Lists use Hyphens ( - )
In YAML, a hyphen - at the start of a line means "this is one item in a list":
steps:
- name: Step One
run: echo "first"
- name: Step Two
run: echo "second"name, on, jobs, runs-on
name: CI Workflowon:
push:
branches: [main] # on every push to main
on:
pull_request: # on every PR
on:
schedule:
- cron: "0 0 * * *" # every day at midnightruns-on: ubuntu-latest # Linux (recommended)
runs-on: windows-latest # Windows
runs-on: macos-latest # Macubuntu-latest — it's fast, free, reliable, and most tools support Linux.steps, run, uses
- is one step.- name: Print a message
run: echo "CI is working!"
- name: Install dependencies
run: npm install- name: Checkout Repository
uses: actions/checkout@v4actions/checkout@v4 downloads your repository files onto the GitHub machine. Without it, the Ubuntu machine starts empty with no project files.run = cook the meal yourself. uses = order takeout. Both get food on the table — uses is faster for common tasks.Complete CI Workflow
name: CI WORKFLOW
on:
push:
branches:
- main
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Print Message
run: echo "CI is Working!"English Translation
How It Runs
What is Deployment?
Deployment means uploading your project to the internet so anyone can access it. Before deployment, a website exists only on your laptop. After deployment, it's accessible worldwide.
ci.yml — Verify
Checks that code works before it goes anywhere. The quality gate.
deploy.yml — Publish
Takes passing code and makes it live on the internet automatically.
Why Netlify?
Netlify is a static site hosting platform that supports HTML, CSS, JavaScript, React, and Vue. It has a free tier, automatic HTTPS, and integrates directly with GitHub — making it ideal for learning CD pipelines.
Secrets & Security
Netlify requires an API token to verify who you are and a site ID to know which website to update. These credentials must never appear in your code.
Required Secrets for Netlify
Go to your repo → Settings → Secrets and variables → Actions → New repository secret:
- NETLIFY_AUTH_TOKEN — proves you own the Netlify account
- NETLIFY_SITE_ID — identifies which website to update
Complete Deploy Workflow
name: Deploy to Netlify
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Install Netlify CLI
run: npm install -g netlify-cli
- name: Deploy Website
run: |
netlify deploy --prod --dir=. \
--site=$NETLIFY_SITE_ID \
--auth=$NETLIFY_AUTH_TOKEN
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}English Translation
Cheat Sheet
| Keyword | Meaning | Mental Model |
|---|---|---|
name: | Workflow name | Label on the workflow |
on: | When workflow starts | Alarm clock trigger |
jobs: | Work to perform | List of tasks |
runs-on: | Machine used | Which computer to use |
steps: | List of instructions | Recipe steps |
run: | Execute shell command | Cook it yourself |
uses: | Use prebuilt action | Order takeout |
env: | Environment variables | Settings passed in |
secrets: | Hidden credentials | Key in a safe |
- When does the workflow start? (look at
on:) - Which machine runs it? (look at
runs-on:) - What job is being done? (look at job name under
jobs:) - What steps are executed? (look at each
- name:understeps:)
GitHub Actions & YAML — Complete Beginner Guide · Embedded Systems Foundations