TopicTrick Logo
Topictrick
GitHubDevOps

GitHub Actions: Artifacts and Outputs

TT
TopicTrick Team
GitHub Actions: Artifacts and Outputs
← Back to GitHub Mastery

GitHub Actions: Artifacts and Outputs

"A job is a silo. Artifacts and Outputs are the bridges that allow data to flow through your factory."

In a professional pipeline, you have multiple Jobs.

  • Job 1: Compiles your app into a .zip file.
  • Job 2: Deploys that .zip file to the server. The Problem: Job 2 has NO access to the files from Job 1. When Job 1 finishes, its computer is wiped clean.

Artifacts and Outputs solve this. They allow you to "Save" a file or a piece of text so other jobs can use it later. This 1,500+ word guide explores the "State Management" of your pipeline.

1. What are Artifacts? (The "Warehouse")

An Artifact is a Persisted File.

  • Use Case: Storing a "PDF Report," a "Compiled Binary," or "Test Screenshots."
  • Storage: GitHub stores these for 90 days (by default).

How to Upload:

yaml


How to Download (in a different job):


yaml




2. Job Outputs: The "Variable" Bridge


Sometimes you don't need a whole file; you just need a single word (e.g., a Version Number or a Docker Tag).


    

  • The Strategy: One step calculates the value and "Sets" it as an output.
    • 



yaml


Now, any other job in your file can access ${{ needs.my_job.outputs.my_tag }}.




3. The "Matrix" Data Flow


In $2026$, we use Matrix Builds (Module 114).


    

  • If you build for Windows, Linux, and Mac simultaneously, you will have 3 different artifacts.
    • 

  • You should name them uniquely: app-windows, app-linux, app-macos.
    • 

  • Later, your "Release" job can download ALL of them and group them into one professional download page for your users.
    • 





4. Performance: Artifact Retention


GitHub gives you a "Quota" for storage.


    

  • If you save $1$GB of artifacts for every single "Push," you will run out of space in one day.
    • 

  • The Fix: Set retention-days: 1 for temporary build files, and only use retention-days: 90 for the final "Release" binaries.
    • 





5. Security: Don't store Secrets in Artifacts


Artifacts are Public to anyone who can see your repo settings.


    

  • The Warning: Never store .env files or "Private Keys" as artifacts. Anyone can download them and see your password.
    • 

  • If you need to share a secret between jobs, use Encrypted Secrets (Module 119) or OIDC instead.
    • 





Summary: The Data Checklist


    

  1. Files vs Text: Use Artifacts for files; use Outputs for single variables.
    2. 

  2. Naming: Be specific (test-results-unit vs test-results-e2e).
    3. 

  3. Needs: Use the needs keyword in YAML to ensure Job 2 waits for Job 1's outputs.
    4. 

  4. Retention: Keep your storage clean by setting short life-spans for temp artifacts.
    5. 

  5. Security: Audit your artifacts gallery once a week to ensure no sensitive data is leaked.
    6. 



Artifacts and Outputs are the "Nerves" of your CI/CD system. By mastering the persistence of files and the passing of variables, you gain the ability to build massive, multi-stage pipelines that are both perfectly organized and incredibly powerful. You graduate from "Running a script" to "Architecting a Factory."




Part of the GitHub Mastery Course — engineering the flow.