Common GitHub Actions Reference
**Last Updated:** February 2026 **Source:** Official GitHub Actions repositories and Context7 verified documentation
Overview
Common GitHub Actions Reference
Last Updated: February 2026 Source: Official GitHub Actions repositories and Context7 verified documentation
This document catalogs frequently used GitHub Actions with current versions, inputs, outputs, and usage examples.
Important Notes for 2026:
- All actions should be pinned to full 40-character SHA for security
- Node 24 runtime is now supported (Node 20 EOL: April 2026, default switch: March 4, 2026)
- actions/cache v5.0.3 recommended (Node 24 runtime, runner v2.327.1+)
- Cache size limits: 10 GB free per repository, additional storage available (as of February 2026)
Table of Contents
- Repository and Checkout
- Language and Tool Setup
- Caching
- Artifacts
- Docker
- Cloud Providers
- Testing and Code Quality
- Notifications
- Release and Publishing
- Security
Repository and Checkout
actions/checkout
Latest Version: v6 (v6.0.2)
SHA: de0fac2e4500dabe0009e67214ff5f5447ce83dd
Minimum Runner: v2.327.1+
Description: Checkout repository code with improved performance, tag handling, and security
Common Inputs:
fetch-depth: Number of commits to fetch (default: 1, use 0 for full history)ref: Branch, tag, or SHA to checkouttoken: PAT for private repos (default:${{ github.token }})submodules: Whether to checkout submodules (false,true,recursive)lfs: Whether to download Git LFS files (default:false)sparse-checkout: Paths to checkout (cone mode or individual files) - Available in v5+sparse-checkout-cone-mode: Use cone mode for sparse checkout (default:true)
Required Permissions:
permissions:
contents: read
Examples:
Basic checkout:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
Full history (for changelog/tags):
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
Sparse checkout (specific directories):
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: |
.github
src
tests
Checkout PR HEAD commit:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.event.pull_request.head.sha }}
Checkout private repository:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: my-org/my-private-repo
token: ${{ secrets.GH_PAT }}
path: my-repo
Language and Tool Setup
actions/setup-node
Latest Version: v6 (v6.2.0)
SHA: 6044e13b5dc448c55e2357c09f80417699197238
Minimum Runner: v2.328.0+ (for Node 24 support)
Description: Setup Node.js environment with Node 24 support
Important: Node 24 runtime is now supported. Node 20 deprecation timeline: Default switch March 4, 2026 → EOL April 2026 → Complete removal Summer 2026.
Common Inputs:
node-version: Version to use (e.g.,'24','20','18.x','lts/*')cache: Package manager to cache ('npm','yarn','pnpm')cache-dependency-path: Path to lock file(s)registry-url: NPM registry URL for publishingalways-auth: Set always-auth in npmrc (default:false)
Examples:
Basic setup with caching:
- name: Setup Node.js 24
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: '24'
cache: 'npm'
Multi-lock-file caching:
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: '24'
cache: 'npm'
cache-dependency-path: |
package-lock.json
packages/*/package-lock.json
Setup for package publishing:
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
actions/setup-python
Latest Version: v6 (v6.2.0)
SHA: a309ff8b426b58ec0e2a45f0f869d46889d02405
Description: Setup Python environment
Common Inputs:
python-version: Version to use (e.g.,'3.11','3.x')cache: Package manager to cache ('pip','pipenv','poetry')cache-dependency-path: Path to requirements file
Example:
- name: Setup Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.11'
cache: 'pip'
cache-dependency-path: 'requirements*.txt'
actions/setup-java
Latest Version: v4 (v4.0.0)
SHA: 387ac29b308b003ca37ba93a6cab5eb57c8f5f93
Description: Setup Java environment
Common Inputs:
distribution: Java distribution ('temurin','zulu','adopt', etc.)java-version: Version to use (e.g.,'17','11')cache: Build tool to cache ('maven','gradle','sbt')
Example:
- name: Setup Java
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
actions/setup-go
Latest Version: v5 (v5.0.0)
SHA: 0c52d547c9bc32b1aa3301fd7a9cb496313a4491
Description: Setup Go environment
Common Inputs:
go-version: Version to use (e.g.,'1.21','stable')cache: Whether to cache dependencies (default:true)cache-dependency-path: Path to go.sum
Example:
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21'
cache-dependency-path: go.sum
Caching
actions/cache
Latest Version: v5 (v5.0.3)
SHA: cdf6c1fa76f9f475f3d7449005a359c84ca0f306
Description: Cache dependencies and build outputs with Node 24 runtime support
Important: actions/cache v5 requires GitHub Actions runner v2.327.1 or later. Repositories get 10 GB free cache storage, with additional storage available.
Required Inputs:
path: Directories to cachekey: Cache key (must be unique)
Optional Inputs:
restore-keys: Fallback keys if exact key not found
Example:
- name: Cache dependencies
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with:
path: |
~/.npm
~/.cache
node_modules
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
Artifacts
actions/upload-artifact
Latest Version: v4 (v4.3.1)
SHA: 5d5d22a31266ced268874388b861e4b58bb5c2f3
Description: Upload build artifacts
Required Inputs:
name: Artifact namepath: Files to upload
Optional Inputs:
retention-days: How long to keep artifact (1-90, default: 90)if-no-files-found: What to do if no files found (warn,error,ignore)
Example:
- name: Upload build artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: build-${{ github.sha }}
path: dist/
retention-days: 7
if-no-files-found: error
actions/download-artifact
Latest Version: v4 (v4.1.4)
SHA: c850b930e6ba138125429b7e5c93fc707a7f8427
Description: Download artifacts from previous jobs
Optional Inputs:
name: Artifact name (downloads all if not specified)path: Destination path
Example:
- name: Download build artifacts
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: build-${{ github.sha }}
path: dist/
Docker
docker/setup-buildx-action
Latest Version: v3 (v3.3.0)
SHA: d70bba72b1f3fd22344832f00baa16ece964efeb
Description: Setup Docker Buildx for advanced builds
Example:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
docker/login-action
Latest Version: v3 (v3.1.0)
SHA: e92390c5fb421da1463c202d546fed0ec5c39f20
Description: Login to Docker registry
Common Inputs:
registry: Registry to login to (default: Docker Hub)username: Usernamepassword: Password or token
Example:
# Docker Hub
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# GitHub Container Registry
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
docker/build-push-action
Latest Version: v5 (v5.3.0)
SHA: 2cdde995de11925a030ce8070c3d77a52ffcf1c0
Description: Build and push Docker images
Common Inputs:
context: Build context pathfile: Dockerfile pathpush: Whether to push image (default:false)tags: Image tagsplatforms: Target platforms (e.g.,linux/amd64,linux/arm64)cache-from: Cache sourcescache-to: Cache destinationsbuild-args: Build argumentssecrets: Build secrets
Example:
- name: Build and push Docker image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
user/app:latest
user/app:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ github.sha }}
BUILD_DATE=${{ github.event.head_commit.timestamp }}
Cloud Providers
aws-actions/configure-aws-credentials
Latest Version: v4 (v4.0.2)
SHA: e3dd6a429d7300a6a4c196c26e071d42e0343502
Description: Configure AWS credentials for GitHub Actions
Common Inputs:
aws-access-key-id: AWS access key IDaws-secret-access-key: AWS secret access keyaws-region: AWS regionrole-to-assume: IAM role ARN for OIDCrole-session-name: Session name
Example (with secrets):
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
Example (with OIDC - preferred):
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubActionsRole
role-session-name: GitHubActions-${{ github.run_id }}
aws-region: us-east-1
azure/login
Latest Version: v2 (v2.0.0)
SHA: 6c251865b4e6290e7b78be643ea2d005a6c79ee5
Description: Login to Azure
Common Inputs:
creds: Azure credentials JSONclient-id: Service principal client ID (for OIDC)tenant-id: Azure tenant ID (for OIDC)subscription-id: Azure subscription ID (for OIDC)
Example:
- name: Azure Login
uses: azure/login@6c251865b4e6290e7b78be643ea2d005a6c79ee5 # v2.0.0
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
Testing and Code Quality
codecov/codecov-action
Latest Version: v4 (v4.0.1)
SHA: e0b68c6749509c5f83f984dd99a76a1c1a231044
Description: Upload code coverage to Codecov
Common Inputs:
token: Codecov tokenfiles: Coverage files to uploadfail_ci_if_error: Fail CI if upload fails
Example:
- name: Upload coverage to Codecov
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage/lcov.info
fail_ci_if_error: true
github/super-linter
Latest Version: v5 (v5.7.2)
SHA: 45fc0d88288beee4701c62761281edfee85655d7
Description: Run multiple linters in one action
Common Inputs:
validate_all_codebase: Lint entire codebase or just changesdefault_branch: Default branch namedisable_errors: Don't fail on errors
Example:
- name: Lint code
uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.7.2
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Notifications
slackapi/slack-github-action
Latest Version: v1 (v1.25.0)
SHA: 6c661ce58804a1a20f6dc5fbee7f0381b469e001
Description: Send Slack notifications
Common Inputs:
webhook-url: Slack webhook URLpayload: JSON payload to send
Example:
- name: Notify Slack
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
payload: |
{
"text": "Build completed: ${{ job.status }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Status:* ${{ job.status }}\
*Branch:* ${{ github.ref }}"
}
}
]
}
Release and Publishing
actions/create-release
Note: Deprecated. Use gh release create or softprops/action-gh-release instead.
softprops/action-gh-release
Latest Version: v2 (v2.0.2)
SHA: 9d7c94cfd0a1f3ed45544c887983e9fa900f0564
Description: Create GitHub releases
Common Inputs:
tag_name: Release tag (default: from tag trigger)name: Release namebody: Release descriptiondraft: Create as draftprerelease: Mark as prereleasefiles: Files to upload
Example:
- name: Create Release
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.2
with:
tag_name: ${{ github.ref }}
name: Release ${{ github.ref_name }}
body_path: CHANGELOG.md
draft: false
prerelease: false
files: |
dist/*.zip
dist/*.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
actions/github-script
Latest Version: v7 (v7.0.1)
SHA: 60a0d83039c74a4aee543508d2ffcb1c3799cdea
Description: Run JavaScript with GitHub API access
Common Inputs:
script: JavaScript code to executegithub-token: GitHub token (default:${{ github.token }})
Example:
- name: Create comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,