Skip to main content
GitHub Actions
CHAPTER 05

Git and GitHub Fundamentals

Updated: May 15, 2026
20 min read

# CHAPTER 5

Git and GitHub Fundamentals

1. Introduction

GitHub Actions is deeply intertwined with the platform it lives on: GitHub. To write effective CI/CD pipelines, you must understand the underlying version control system (Git) and the collaborative workflows facilitated by GitHub (Pull Requests, Branches, and Merges). A pipeline is entirely event-driven; it watches how developers interact with the codebase. In this chapter, we will briefly review Git fundamentals and explore how GitHub Actions can be tailored to trigger only on specific branching strategies and collaboration events.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Understand the basic Git workflow (commit, push, branch, merge).
  • Distinguish between Git (the tool) and GitHub (the platform).
  • Configure workflows to trigger on specific branches (e.g., main vs. dev).
  • Understand how Pull Requests interact with GitHub Actions.
  • Utilize the actions/checkout step to load repository code.

3. Beginner-Friendly Explanation

Imagine writing a movie script with a team.
  • Git (The Time Machine): You write a scene, save a snapshot (commit), and write another. If you ruin the scene, Git allows you to instantly rewind time to the previous snapshot.
  • Branching (Alternate Universes): You want to experiment with killing off the main character. You create a "Branch" (an alternate universe). You write the crazy scene there. The main script is safe.
  • GitHub (The Writers' Room): The central hub where everyone uploads their alternate universes.
  • Pull Request (The Pitch): You ask the director: "Can we merge my crazy alternate universe into the official main script?"
  • GitHub Actions (The Fact Checker): Before the director says yes, an automated robot checks your alternate universe script to ensure you didn't introduce any plot holes.

4. Branching and Workflow Triggers

In enterprise development, nobody pushes code directly to the main (production) branch. Developers work on feature branches and submit Pull Requests. We want our CI/CD pipelines to behave differently depending on *where* the code is going.

Example: Triggering on Specific Branches

yaml
1234567 
on:
  push:
    branches:
      - main # Only run if pushed to main
  pull_request:
    branches:
      - main # Run when a PR is OPENED against main

In this scenario, if a developer pushes code to feature-login, the workflow *does not run*. But the moment they open a Pull Request asking to merge feature-login into main, the workflow fires!

5. The Critical Step: actions/checkout

By default, when GitHub spins up an Ubuntu runner, the server is completely empty. It does NOT have your code on it. To do anything useful, the very first step of almost every workflow must be to download your code from GitHub onto the runner.

We use an official marketplace action for this:

yaml
123456 
steps:
  - name: Checkout Repository
    uses: actions/checkout@v4
    
  - name: Now I can see my files
    run: ls -la # This will list all the files in your repo

Without actions/checkout@v4, your runner is just an empty Linux box.

6. Mini Project: Create Collaborative GitHub Workflow

Let's build a workflow that acts as a quality gate for Pull Requests.

Step-by-Step Walkthrough:

  1. 1. Create .github/workflows/pr-check.yml.
  1. 2. Paste the following code:

yaml
123456789101112131415161718 
name: Pull Request Quality Gate
on:
  pull_request:
    branches:
      - main

jobs:
  validate-code:
    runs-on: ubuntu-latest
    steps:
      - name: Get the code
        uses: actions/checkout@v4
      
      - name: Run a simulated quality check
        run: |
          echo "Checking code formatting..."
          sleep 2
          echo "Code meets quality standards!"
  1. 3. Commit this file directly to the main branch.
  1. 4. Now, create a new branch called test-branch. Make a tiny change to any file and commit it.
  1. 5. Go to the Pull requests tab in GitHub and open a new Pull Request from test-branch into main.
  1. 6. Observation: Look at the bottom of the Pull Request screen! GitHub has paused the merge process. You will see a yellow circle indicating the "Pull Request Quality Gate" workflow is running. Once it finishes, it turns into a green checkmark, giving reviewers confidence that the code is safe to merge.

7. Real-World Scenarios

An open-source project accepted Pull Requests from strangers on the internet. A malicious user submitted a Pull Request that deleted crucial database files. The maintainer was busy and clicked "Merge" without thoroughly reading the code. The main project broke. To prevent this, the maintainer configured a GitHub Action to trigger on pullrequest. The action ran automated tests on the stranger's code *before* it was allowed to be merged. The next time bad code was submitted, the Action failed, displaying a giant Red X on the Pull Request, physically preventing the maintainer from accidentally merging the destructive code.

8. Best Practices

  • Branch Protection Rules: Workflows running on Pull Requests are useless if a developer can just bypass them. In your GitHub repository settings, go to Branches -> Add Branch Protection Rule (for main). Check the box for "Require status checks to pass before merging." Select your Action. Now, it is mathematically impossible to merge broken code into production.

9. Security Recommendations

  • pullrequesttarget vs pullrequest: If you are managing an open-source repo, strangers can submit malicious code to steal your repository secrets via Actions. Never use repository secrets in workflows triggered by the standard pullrequest event from a forked repository. GitHub provides specialized security events (like pullrequesttarget) to handle this safely.

10. Troubleshooting Tips

  • Missing Files Error: If your pipeline immediately fails on Step 1 with npm: command not found or cannot open file, 99% of the time it is because you forgot to include - uses: actions/checkout@v4 as the very first step in your job.

11. Exercises

  1. 1. Why must actions/checkout be the first step in almost every CI/CD job?
  1. 2. Explain how a workflow triggered by on: pullrequest acts as a safety net for a development team.

12. FAQs

Q: Does actions/checkout cost me billing minutes to use? A: No, it is a free, official action provided by GitHub. You are only billed for the time the virtual machine (Runner) is powered on and executing the job.

13. Interview Questions

  • Q: Explain the operational workflow of integrating GitHub Actions with Branch Protection Rules to enforce code quality before a merge.
  • Q: A developer complains that their pipeline runner is executing commands on an empty directory, even though the workflow file is clearly inside a repository full of code. Identify the missing component in their YAML file.

14. Summary

In Chapter 5, we connected our automation engine to the collaborative power of Git. We learned that GitHub Actions is not just a blind script executor; it is deeply aware of the software development lifecycle. By utilizing branching strategies and Pull Request triggers, we transformed Actions into a proactive quality gate. Crucially, we learned how to bridge the gap between the GitHub repository and the empty cloud runner using the foundational actions/checkout step, setting the stage for true code analysis.

15. Next Chapter Recommendation

Now that our code is safely loaded onto the cloud runner, what should we do with it? It's time to build the software. Proceed to Chapter 6: Building CI Pipelines.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter GitHub Runners and Execution Environments
Next Chapter Building CI Pipelines

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 4

Related Quizzes 5

🧪 Related Labs 1