CI/CD & GitHub Actions with AI

Generate, modify, and troubleshoot CI/CD pipelines with Copilot. From workflow YAML to infrastructure as code.

โ† Back to AI-SDLC main site

๐Ÿ”„ GitHub Actions with Copilot

Generating Workflows

Copilot understands Actions syntax. Example prompts for common tasks.

Task Example Prompt
Add CI pipeline Create a GitHub Actions workflow that builds and tests on every PR to main
Add security scanning Add a CodeQL security scan step to our CI pipeline, running on every PR
Add deployment Add a deployment step to staging on merge to main, with manual approval for production
Matrix builds Update CI to test against Node 18, 20, and 22 on Ubuntu and Windows

Fixing Pipeline Failures

When a workflow fails, Copilot can diagnose and fix it:

  1. Copy the error output from the Actions log
  2. Paste into Copilot Chat: "This GitHub Actions workflow is failing with this error. What's wrong and how do I fix it?"
  3. For complex fixes, use agent mode: "Fix the CI pipeline failure. The error is [X]. Update the workflow YAML and any source files needed."

Example:

Our CI pipeline is failing on the deploy step with "Error: Resource not accessible by integration." Fix the permissions in the workflow YAML. The workflow needs to create deployments and write to packages.

Workflow Patterns

Common patterns to ask Copilot to generate:

  • PR validation: Build โ†’ Test โ†’ Lint โ†’ Security scan โ†’ Preview deploy
  • Release pipeline: Tag trigger โ†’ Build โ†’ Test โ†’ Stage deploy โ†’ Smoke tests โ†’ Prod deploy (manual gate)
  • Scheduled maintenance: Cron trigger โ†’ Dependency audit โ†’ Auto-PR for updates
  • Reusable workflows: Extract common steps into `.github/workflows/` callable workflows
๐Ÿ’ก Tip

Use `/explain` on existing workflow files before modifying them. Complex YAML with matrix strategies, conditions, and secrets can be hard to parse โ€” let Copilot explain it first.

๐Ÿ—๏ธ Infrastructure as Code

IaC Generation

Copilot generates infrastructure definitions across providers.

Provider Format Example Prompt
Azure Bicep / ARM Generate a Bicep template for an Azure App Service with managed identity, connected to Key Vault
AWS CloudFormation / CDK Create a CloudFormation template for an S3 bucket with versioning and lifecycle policy
Multi-cloud Terraform Generate a Terraform module for a PostgreSQL database with read replicas and SSL
Kubernetes YAML manifests Create a K8s deployment with 3 replicas, health checks, resource limits, and HPA

IaC Best Practices with AI

  1. Start with requirements: "I need [resource] with [constraints]. Generate the IaC."
  2. Ask for validation: "Review this Terraform for security issues and best practices."
  3. Generate tests: "Write Terratest / Bicep What-If tests for this infrastructure."
  4. Use agent mode for complex changes: multi-file updates across modules, variable files, and outputs

Example:

Generate a Terraform module for an Azure App Service with: - Managed identity (system-assigned) - Connected to existing Key Vault (var.keyvault_id) - Application Insights for monitoring - Deployment slots for blue-green deployment - Output the default hostname and managed identity ID

Custom CI Agents

Advanced: Create custom `.agent.md` files for CI-specific review. Example: "Review all changes to .github/workflows/ for: exposed secrets, missing permission scoping, use of deprecated actions, and missing concurrency controls." This catches pipeline misconfigurations before they reach main.

Self-Paced Resources

๐Ÿ”—
Hello GitHub Actions
Interactive GitHub Skills course on Actions basics
๐Ÿ”—
Create AI-Powered Actions
Build custom actions with AI assistance
๐Ÿ”—
Reusable Workflows
Learn to extract and share common workflow patterns
๐Ÿ”—
Secure Repository Supply Chain
Best practices for securing CI/CD pipelines

Part of the AI-SDLC workshop materials ยท See also: Agent Mode & Implementation ยท Testing & Review ยท Maintenance & Refactoring