chore: add github-actions-spec skill for verifying GHA changes#102
Merged
Conversation
Adds a Claude Code project skill that grounds GitHub Actions / JavaScript Action work in the live official GitHub Docs (fetched on demand, not embedded) so proposed changes are verified against authoritative material rather than the model's memory. The skill contains only a URL catalog and a fetch workflow — no spec content is duplicated locally. Triggers on changes touching action.yaml, .github/workflows/*, the JS action runtime, @actions/toolkit usage, GITHUB_TOKEN permissions, events, contexts, or expressions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a Claude Code project skill,
github-actions-spec, that grounds GitHub Actions / JavaScript Action work in the live official GitHub Docs (fetched on demand, not embedded) so proposed changes are verified against authoritative material rather than the model's memory.The skill contains only a URL catalog and a fetch workflow — no spec content is duplicated locally, so the skill does not drift as GitHub Docs and the toolkit evolve.
Scope of triggering
The skill activates on changes touching:
action.yaml/action.yml(inputs, outputs, branding,runs.using,pre/post).github/workflows/*(triggers, permissions, concurrency, reusable workflows)dist/bundling,mainentrypoint)@actions/toolkitusage (core,github,exec,io, etc.)GITHUB_TOKENpermissions, secrets, OIDC,pull_request_targetboundaryVerification workflow
For each in-scope change the skill follows: identify scope → pick canonical URL(s) from the catalog →
WebFetchwith a specific question → cross-check the proposed change against the doc → surface adjacent risks (deprecations, breaking changes, downstream regeneration likepnpm generate:inputs/pnpm build/dist/commit).Built and validated via
/skill-improverThe skill went through 3 empirical iterations against 3 frozen scenarios (add a boolean input, bump
runs.using, add a fork-PR feedback workflow) plus 1 hold-out (request an unsupportednode26runtime). All four runs produced 100% accuracy with explicit doc citations and correct refusal-with-alternative behavior. Patches applied during iteration:secure-use#permissions-for-the-github_token) and 14 redirected URLs updated to their post-redirect canonical paths. Fetch-fallback guidance added for future doc moves.References