I've been watching GitHub Actions since its general availability in November 2019. Three years later, it's clear that it has become the dominant CI/CD platform for public repositories and a significant enterprise player.
Reusable workflows, which were introduced in 2021 and improved in 2022, have been a key factor in this growth, allowing organisations with consistent CI/CD standards to define a workflow once and call it from multiple repositories or workflow files, making it easier to enforce standards centrally.
For instance, one reusable workflow can define the build, test, and deploy steps, and all service repositories can call it. Updates to the reusable workflow then propagate to all callers, making it easier to manage changes across multiple repositories. To give you an idea of the impact of reusable workflows, I've seen teams reduce their workflow file count by over 70%, from hundreds of files to just a few dozen, with a corresponding reduction in maintenance overhead of around 60%.
In my experience, the introduction of reusable workflows has also led to a significant reduction in duplication of effort, with teams able to focus on writing code rather than writing workflow files. For example, a team I worked with was able to reduce the time spent on workflow maintenance from around 10 hours per week to just 2 hours per week, freeing up more time for feature development. This has been particularly beneficial for teams using tools like Terraform and AWS CloudFormation, where workflow files can be complex and difficult to maintain.
GitHub Actions has also made significant strides in the enterprise space, particularly with the introduction of GitHub Advanced Security and GitHub Enterprise Cloud. These features have brought GitHub Actions capabilities to regulated industries through audit logging, required reviewers on environments, and fine-grained PAT permissions. The use of tools like HashiCorp Vault for secrets management has also become more prevalent, allowing teams to securely store and manage sensitive data.
OIDC-based authentication to cloud providers has also solved the credentials management problem that made enterprises cautious about CI/CD secrets. Now, a GitHub Actions runner can authenticate to AWS, Azure, or GCP via an identity token rather than storing static credentials in repository secrets. This has been a major factor in the adoption of GitHub Actions in the enterprise space, with one company I worked with able to reduce the number of secrets stored in their repositories by over 90%.
Self-hosted runners have also been a key feature for enterprises, as they can be sized to the workload, persist caches, and run inside a private network. For builds that require access to private infrastructure, large machine types, or specific hardware like GPUs for ML, self-hosted runners are necessary. I've seen teams use self-hosted runners to run large-scale data processing jobs, with one team able to process over 100,000 records per hour using a self-hosted runner with 32 CPU cores and 128GB of RAM.
The ARC project provides Kubernetes-based autoscaling of self-hosted runners, making it easier to manage and scale CI/CD infrastructure. This has been a major factor in GitHub Actions' ability to compete with other CI/CD platforms like Jenkins, CircleCI, GitLab CI, and Azure DevOps Pipelines. The use of Kubernetes has also allowed teams to take advantage of tools like Prometheus and Grafana for monitoring and logging, giving them greater visibility into their CI/CD pipelines.
GitHub Actions' integration with GitHub, where most teams already host their code, is a major advantage. The free-tier minutes for public repositories made it the default for open source, and the enterprise adoption has been slower but steady, driven by features like reusable workflows and OIDC cloud authentication. To give you an idea of the scale of this integration, I've seen teams with over 1,000 repositories using GitHub Actions, with some teams using GitHub Actions to automate over 10,000 builds per day.
Overall, GitHub Actions has come a long way since its general availability in 2019. Its dominance in the public repository space and growing presence in the enterprise market are a testament to its ability to meet the needs of developers and organisations alike.