GitHub Actions in 2022: Maturity, Reusable Workflows, and Enterprise Adoption

GitHub Actions reached general availability in November 2019. Three years later, it has become the dominant CI/CD platform for public repositories and a significant enterprise player.

Reusable workflows

Reusable workflows, introduced in 2021 and improved in 2022, let you define a workflow once and call it from multiple repositories or workflow files. For organisations with consistent CI/CD standards, this is the mechanism to enforce them centrally: one reusable workflow defines the build, test, and deploy steps, and all service repositories call it. Updates to the reusable workflow propagate to all callers.

GitHub Actions for enterprise

GitHub Advanced Security and GitHub Enterprise Cloud brought GitHub Actions capabilities to regulated industries through audit logging, required reviewers on environments, and fine-grained PAT permissions. The OIDC-based authentication to cloud providers, where a GitHub Actions runner authenticates to AWS, Azure, or GCP via an identity token rather than storing static credentials in repository secrets, solved the credentials management problem that made enterprises cautious about CI/CD secrets.

Self-hosted runners

GitHub-hosted runners have fixed hardware configurations and ephemeral state. Self-hosted runners can be sized to the workload, persist caches, and run inside a private network. For builds that require access to private infrastructure, large machine types, or specific hardware (GPUs for ML), self-hosted runners are necessary. The ARC (Actions Runner Controller) project provides Kubernetes-based autoscaling of self-hosted runners.

The competitive landscape

GitHub Actions competes directly with Jenkins, CircleCI, GitLab CI, and Azure DevOps Pipelines for enterprise CI/CD. Its integration with GitHub, where most teams already host their code, is the primary moat. The free-tier minutes for public repositories made it the default for open source. The enterprise adoption was slower, but the reusable workflows feature and the OIDC cloud authentication addressed the two main objections.