Skill

gh-actions-validator

Validates GitHub Actions workflows for secure Google Cloud and Vertex AI deployments using Workload Identity Federation, OIDC, least-privilege IAM, and security scans.

GitHub Actions

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin jeremy-github-actions-gcp

Popularity

Parent stars

2,199

Parent forks

296

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/jeremy-github-actions-gcp:gh-actions-validator

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadWriteEditGrepGlobBash(git:*)Bash(gcloud:*)

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Validate and harden GitHub Actions workflows that deploy to Google Cloud (especially Vertex AI) using Workload Identity Federation (OIDC) instead of long-lived service account keys. Use this to audit existing workflows, propose a secure replacement, and add CI checks that prevent common credential and permission mistakes.

Supporting Files

references/ARD.mdreferences/PRD.mdreferences/errors.mdreferences/examples.mdscripts/setup-wif.shscripts/validate-workflow.sh

SKILL.md

62 lines · ~710 tokens

Similar Skills

github-actions-supply-chain

Reviews GitHub Actions workflows for supply chain risks: enforces SHA pinning, rates third-party actions, scopes permissions, checks triggers and inputs, and recommends updates.

ai-literacy-superpowers

github-actions-advanced

40.4k

Design, debug, and harden GitHub Actions CI/CD workflows including reusable workflows, matrix builds, self-hosted runners, OIDC authentication, caching, environments, secrets, and release automation.

antigravity-awesome-skills

securing-github-actions-workflows

Hardens GitHub Actions workflows against supply chain attacks, credential theft, and script injection using SHA pinning, minimal token permissions, and secure expression parsing.

7 files

cybersecurity-skills

Stats

LanguagePython

Parent stars2,199

Parent forks296

MaintenanceExcellent

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Gh Actions Validator

Overview

Prerequisites

Before using this skill, ensure:

GitHub repository with Actions enabled

Google Cloud project with billing enabled

gcloud CLI authenticated with admin permissions

Understanding of Workload Identity Federation concepts

GitHub repository secrets configured

Appropriate IAM roles for CI/CD automation

Instructions

Audit Existing Workflows: Scan .github/workflows/ for security issues

Validate WIF Usage: Ensure no JSON service account keys are used

Check OIDC Permissions: Verify id-token: write is present

Review IAM Roles: Confirm least privilege (no owner/editor roles)

Add Security Scans: Include secret detection and vulnerability scanning

Validate Deployments: Add post-deployment health checks

Configure Monitoring: Set up alerts for deployment failures

Document WIF Setup: Provide one-time WIF configuration commands

Output

- uses: actions/checkout@v4 - name: Authenticate to GCP (WIF) - name: Deploy to Vertex AI --project=${{ secrets.GCP_PROJECT_ID }} \ --region=us-central1 - name: Validate Deployment

Error Handling

See ${CLAUDE_SKILL_DIR}/references/errors.md for comprehensive error handling.

Examples

See ${CLAUDE_SKILL_DIR}/references/examples.md for detailed examples.

Resources