Github Advanced features: Short-cycle your processes

Greg Heffner June 15, 2025

Welcome back!

In a previous blog, we covered the basics of GitHub, including how to create a repository, commit changes, and push code. In this blog, we will explore some of the more advanced features of GitHub, including automation, pull requests, and collaboration. In this article, we wil be building on that knowledge and showing a couple more advanced example use cases for GitHub. The first will use GitHub Actions and workflows with secrets to clear the Cloudflare cache on a website. The second will show how to download and sync files to a group of devices using self-hosted runners.

GitHub Actions: Automate Everything
GitHub Actions is a powerful automation tool built into GitHub. It lets you automate workflows for building, testing, and deploying code right from your repo. For example, you can set up an action to run a test every time you push code, or automatically deploy your site when you merge to the main branch. Actions are defined in YAML files under .github/workflows/ in your repo.

Custom Automation Example: Clearing Cloudflare Cache with GitHub Actions
GitHub Actions can be used for more than just code deployment—you can automate almost any task, including interacting with external APIs and updating documentation. Here’s a real-world example I use that clears Cloudflare cache when I need to make production changes.

• name: Clear Cloudflare Cache

on:
  workflow_dispatch:

jobs:
  clear-cache:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Purge Everything in Cloudflare Zone
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
        run: |
          curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" \
            -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
            -H "Content-Type: application/json" \
            --data '{"purge_everything":true}'


GitHub Secrets: Secure Your Credentials
When automating deployments or integrations, you often need to use API keys or other sensitive data. GitHub Secrets lets you securely store and use these values in your workflows. Secrets are encrypted and only exposed to workflows you authorize. To use a secret, add it in your repository settings, then reference it in your workflow file like ${{ secrets.MY_SECRET_KEY }}.

• Secret Example: Saving Cloudflare Credentials

When your workflow needs to interact with external services like Cloudflare, you should never hard-code sensitive information (such as API tokens or zone IDs) directly in your code. Instead, use GitHub Secrets to securely store these values.

To add your Cloudflare credentials as secrets:
  1. Go to your repository on GitHub.
  2. Click Settings → Secrets and variables → Actions.
  3. Click New repository secret.
  4. Add CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID with their respective values.

In your workflow, you can reference these secrets like this:
  ${{ secrets.CLOUDFLARE_API_TOKEN }} and ${{ secrets.CLOUDFLARE_ZONE_ID }}

This keeps your credentials safe and ensures they are only available to workflows you authorize.

What is a GitHub Self-Hosted Runner?
A GitHub self-hosted runner is a machine that you own and manage (such as a server, desktop, VM, or even a Raspberry Pi) that runs your GitHub Actions workflows. Instead of using GitHub’s cloud-hosted runners, you can use your own hardware to execute jobs. This gives you more control over the environment, allows access to private networks or internal resources, and can help with specialized hardware or software requirements.

When you register a self-hosted runner with your repository or organization, it listens for jobs from GitHub Actions. When a workflow targets it (using runs-on: [self-hosted, YourLabel]), the runner downloads the job, executes it locally, and reports the results back to GitHub. Self-hosted runners are especially useful for deployments, custom build environments, or syncing files across your own infrastructure.

How to Easily Install a Self-Hosted Runner
Setting up a self-hosted runner is straightforward. Here’s a quick guide:

• 1. Go to your repository on GitHub.
2. Click on Settings → Actions → Runners.
3. Click Add runner and choose your operating system.
4. Follow the instructions provided.

Example: Syncing Files to Multiple Devices with Self-Hosted Runners
Here’s an example workflow that syncs code to three different devices using workers and saving to a specific location:

• name: Sync All Repos locally

on:
  push:
    branches:
      - main

jobs:
  deploy_worker1:
    runs-on: [self-hosted, Worker1]
    steps:
      - name: Pull latest changes
        run: |
          cd /home/huey/www
          git pull

  deploy_worker2:
    runs-on: [self-hosted, Worker2]
    steps:
      - name: Pull latest changes
        run: |
          cd /home/huey/www
          git pull

  deploy_worker3:
    runs-on: [self-hosted, worker3]
    steps:
      - name: Pull latest changes
        run: |
          cd /home/huey/www
          git pull


In this workflow, each job targets a different self-hosted runner (Worker1, Worker2, worker3). When you push to the main branch, each worker pulls the latest changes from your repository. This approach helps you keep multiple environments in sync automatically, reducing manual deployment steps and the risk of errors.

You can view the full workflow file in the repository here:
https://github.com/gregheffner/www/blob/main/.github/workflows/sync.yml

Wrapping Up: Real-World GitHub Actions for Websites and Infrastructure
As you can see, GitHub’s advanced features—Actions, Secrets, and self-hosted runners—make it possible to automate almost every aspect of your development and deployment workflow. Whether you’re managing a static website, deploying containers, or keeping multiple servers in sync, there’s a GitHub Action for the job.

Here are some real-world workflow examples from my cicd repository:

• cache-clear.yaml – Clears the Cloudflare cache and updates a badge in your README.
• cloudflare-creds.yaml – Manages Cloudflare credentials securely for use in other workflows.
• cloudflareblock.yaml – Automates blocking or unblocking IPs in Cloudflare.
• deletepods.yaml – Deletes Kubernetes pods as part of a CI/CD pipeline.
• deploy.yaml – Handles deployment automation for your site or app.
• go-to-blue.yaml & go-to-green.yaml – Support blue/green deployment strategies.
• push-green-to-latest.yaml & retag.yaml – Automate Docker image tagging and promotion.