[Paper] Automation and Reuse Practices in GitHub Actions Workflows: A Practitioner's Perspective
Source: arXiv - 2601.11299v1
Overview
The paper investigates how software practitioners actually build, maintain, and reuse GitHub Actions workflows. By surveying 419 developers, the authors uncover which automation tasks are prioritized, how reusable components are adopted, and where pain points remain—offering a reality‑check for anyone who relies on CI/CD pipelines in GitHub.
Key Contributions
- Empirical survey of 419 GitHub Actions users covering their automation goals, preferred creation methods, and non‑functional priorities (e.g., reliability, security).
- Classification of automation tasks that developers most often automate (core CI/CD vs. security, performance, etc.).
- Analysis of reuse practices, contrasting the heavy reliance on reusable Actions with the relatively low adoption of reusable workflows.
- Identification of concrete challenges such as version‑pinning, maintenance overhead, and the prevalence of copy‑paste workarounds.
- Actionable recommendations for tooling, discovery mechanisms, and trust models to improve workflow maintainability.
Methodology
- Survey Design – The authors crafted a questionnaire that combined multiple‑choice, Likert‑scale, and open‑ended items to capture both quantitative trends and qualitative insights.
- Participant Recruitment – Invitations were sent through GitHub community channels, mailing lists, and social media, yielding 419 completed responses from a diverse set of developers (open‑source contributors, enterprise engineers, and hobbyists).
- Data Analysis – Quantitative answers were aggregated using descriptive statistics; qualitative responses were coded thematically to surface recurring pain points and best‑practice patterns.
- Triangulation – Findings were cross‑checked against existing literature on CI/CD and software reuse to ensure consistency and relevance.
Results & Findings
| Aspect | What the data shows |
|---|---|
| Automation focus | 78 % of respondents automate core CI/CD steps (build, test, deploy). Only ~30 % regularly automate security scans or performance monitoring. |
| Creation mechanisms | 62 % prefer writing YAML files manually; 28 % use the GitHub UI wizard; 10 % rely on external generators or templates. |
| Non‑functional priorities | Reliability (85 %) and speed (73 %) top the list; security (48 %) and maintainability (41 %) rank lower. |
| Reuse of Actions | 91 % have used at least one third‑party Action; 57 % report using the same Action across multiple repositories. |
| Reuse of workflows | Only 22 % have adopted reusable workflows, citing complexity and limited discovery as barriers. |
| Versioning pain points | 64 % struggle with keeping Action versions up‑to‑date; 38 % have experienced breaking changes after an Action update. |
| Copy‑paste behavior | 44 % admit they copy existing workflow snippets into their own repo to gain fine‑grained control and avoid dependency issues. |
In short, developers are enthusiastic about reusing ready‑made Actions but remain cautious about the stability and discoverability of those components, leading many to fall back on manual copying.
Practical Implications
- Tooling upgrades: CI/CD dashboards could surface “missing security checks” or “uncovered performance metrics” to encourage broader automation beyond the build‑test‑deploy triad.
- Version‑management helpers: Plugins that automatically pin Action versions, alert on upstream changes, or suggest safe upgrade paths would reduce the copy‑paste workaround.
- Marketplace enhancements: Better search filters (e.g., by reliability score, maintenance activity) and community‑verified badges could increase trust in reusable workflows.
- Template libraries: Organizations can publish internal, version‑controlled workflow templates that combine the flexibility of copy‑paste with the benefits of centralized updates.
- Policy enforcement: Enterprises can codify required security or performance steps in reusable workflow templates, making them mandatory across projects.
Developers can immediately apply these insights by auditing their existing pipelines: check whether critical quality gates (static analysis, dependency scanning) are missing, and consider swapping ad‑hoc copied snippets for vetted, version‑pinned Actions.
Limitations & Future Work
- Sample bias: The survey participants were self‑selected and skewed toward active GitHub users, possibly under‑representing teams that rely on alternative CI platforms.
- Static snapshot: Practices evolve quickly; the study captures a single point in time and may not reflect newer features (e.g., composite Actions) that could shift reuse patterns.
- Depth of qualitative analysis: While thematic coding identified major pain points, deeper ethnographic studies could uncover nuanced workflow design decisions.
Future research could longitudinally track how the adoption of reusable workflows changes after tooling improvements, or explore automated recommendation systems that suggest missing automation tasks based on repository characteristics.
Authors
- Hassan Onsori Delicheh
- Guillaume Cardoen
- Alexandre Decan
- Tom Mens
Paper Information
- arXiv ID: 2601.11299v1
- Categories: cs.SE
- Published: January 16, 2026
- PDF: Download PDF