GH-200 Preparation Details
Preparing for the GH-200 GitHub Actions certification exam? Start here with a complete, objective-wise GH-200 study guide designed to help you pass faster.
This guide brings together official Microsoft documentation, key concepts, and curated resources for every GH-200 exam objective, making it ideal for both beginners and last-minute revision.
Looking for the best GH-200 preparation resources in one place? This page covers everything you need to get exam-ready with confidence.
If this helped you, share it with others preparing for the GH-200 certification exam.
Exam Voucher for GH-200 with 1 Retake
Get 40% OFF with the combo
GH-200 Copilot Materials
Author and manage workflows (20–25%)
Configure workflow triggers and events
Configure workflows to run for scheduled, manual, webhook, and repository events
Choose appropriate scope, permissions, and events for workflow automation
Workflow syntax for GitHub Actions
Define and validate workflow_dispatch inputs and pass inputs to reusable workflows via workflow_call with inputs and secrets mapping
Workflow syntax for GitHub Actions
Design and implement workflow structure
Use jobs, steps, and conditional logic
Workflow syntax for GitHub Actions
Using conditions to control job execution
Implement dependencies between jobs
Workflow syntax for GitHub Actions
Use workflow commands and environment variables
Workflow commands for GitHub Actions
Store information in variables
Use service containers (services:) for dependent services (databases, queues); configure ports, health checks, and container options
Creating PostgreSQL service containers
Use strategy and matrix to generate job variations (OS, language/runtime versions); apply include/exclude; control fail-fast and max-parallel; optimize matrix size for cost and performance; account for runner image changes (Ubuntu 20.04 deprecation, Windows Server 2025 migration for windows-latest)
Running variations of jobs in a workflow
Workflow syntax for GitHub Actions
GitHub-hosted runners reference
Implement YAML anchors and aliases (&, * and merge <<) to reuse repeated mappings/steps within a single workflow file
Workflow syntax for GitHub Actions
Use predefined contexts (github, runner, env, vars, secrets, inputs, matrix, needs, strategy, job, steps, github.event, github.ref) to access workflow, repository, and runtime metadata; understand immutable actions behavior and version pinning requirements
Workflow syntax for GitHub Actions
Evaluate expressions with ${{ }} referencing contexts; distinguish static (workflow parse) vs runtime evaluation; prevent secret leakage in logs and expressions
Evaluate expressions in workflows and actions
Leverage editor tooling (GitHub Actions VS Code extension / YAML schema completion, metadata IntelliSense, validation) to author and maintain workflows efficiently
GitHub Actions VS Code Extension
Manage workflow execution and outputs
Configure caching and artifact management; apply retention policies via REST APIs
Caching dependencies to speed up workflows
Store and share data with workflow artifacts
REST API endpoints for GitHub Actions artifacts
Pass data between jobs and steps (artifacts, outputs, environment files via GITHUB_ENV and GITHUB_OUTPUT, reusable workflow outputs)
Passing information between jobs
Store and share data with workflow artifacts
Generate job summaries using GITHUB_STEP_SUMMARY for rich Markdown reports
Workflow commands for GitHub Actions
Add workflow status badges and environment protections
Adding a workflow status badge
Managing environments for deployment
Consume and troubleshoot workflows (15–20%)
Interpret workflow behavior and results
Identify workflow triggers and effects from configuration and logs
Diagnose failed workflow runs using logs and run history
Expand and interpret YAML anchors, aliases, and merged mappings when analyzing workflow configuration
Reusing workflow configurations
Workflow syntax for GitHub Actions
Interpret matrix expansions, correlate job names to matrix axes, analyze failures across variants, and selectively rerun individual matrix jobs
Running variations of jobs in a workflow
Workflow syntax for GitHub Actions
Access workflow artifacts and logs
Locate workflows, logs, and artifacts in the UI and via API
REST API endpoints for workflow runs
REST API endpoints for workflow jobs
REST API endpoints for GitHub Actions artifacts
Download and manage workflow artifacts
Downloading workflow artifacts
REST API endpoints for GitHub Actions artifacts
Store and share data with workflow artifacts
Use and manage workflow templates
Consume organization-level and reusable workflows
Consume non-public organization workflow templates
Creating workflow templates for your organization
Sharing actions and workflows with your enterprise
Use starter workflows (public and private/non-public templates); customize and adapt; distinguish from reusable workflows and composite actions
Creating workflow templates for your organization
Reusing workflow configurations
Differentiate starter workflows (copy scaffold, independent after creation) vs reusable workflows (central versioned definition invoked via workflow_call) vs composite actions (encapsulated step logic)
Reusing workflow configurations
Choosing what your workflow does
Contrast disabling and deleting workflows
Disabling and enabling a workflow
REST API endpoints for workflows
Author and maintain actions (15–20%)
Create and troubleshoot custom actions
Identify and implement action types (JavaScript, Docker, composite); understand immutable actions rollout on hosted runners and implications for version pinning and registry sources
Creating a Docker container action
GitHub-hosted runners reference
Using pre-written building blocks in your workflow
Troubleshoot action execution and errors
Define action structure and metadata
Specify required files, directory structure, and metadata
Using pre-written building blocks in your workflow
Implement workflow commands within actions
Workflow commands for GitHub Actions
Distribute and maintain actions
Select distribution models (public, private, marketplace)
Sharing actions and workflows with your enterprise
Sharing actions and workflows from your private repository
Publish actions to the GitHub Marketplace
Publishing actions in GitHub Marketplace
Releasing and maintaining actions
Managing releases in a repository
Apply versioning and release strategies
Releasing and maintaining actions
Using pre-written building blocks in your workflow
Manage GitHub Actions for the enterprise (20–25%)
Distribute and govern actions and workflows
Define and manage reusable components and templates
Reusing workflow configurations
Creating workflow templates for your organization
Sharing actions and workflows with your enterprise
Control access to actions and workflows within the enterprise
Enforcing policies for GitHub Actions in your enterprise
Managing GitHub Actions settings for a repository
Sharing actions and workflows from your private repository
Configure organizational use policies
Disabling or limiting GitHub Actions for your organization
Enforcing policies for GitHub Actions in your enterprise
Manage runners at scale
Configure and monitor GitHub-hosted and self-hosted runners
GitHub-hosted runners reference
Monitoring and troubleshooting self-hosted runners
Apply IP allow lists and networking settings
About Azure private networking for GitHub-hosted runners in your enterprise
Configuring private networking for GitHub-hosted runners in your organization
Manage runner groups and troubleshoot runner issues
Managing access to self-hosted runners using groups
Monitoring and troubleshooting self-hosted runners
Identify preinstalled software/tool versions on GitHub-hosted runners (image release notes, toolcache) and install additional software at runtime (setup-* actions, package managers, caching, container images, custom self-hosted images)
GitHub-hosted runners reference
Customizing GitHub-hosted runners
Caching dependencies to speed up workflows
Manage encrypted secrets and variables
Define and scope encrypted secrets and variables at the organization, repository, and environment levels
Understanding GitHub secret types
Using secrets in GitHub Actions
Store information in variables
Access and use secrets and variables in workflows and actions; manage secrets and variables programmatically via REST APIs
Using secrets in GitHub Actions
REST API endpoints for GitHub Actions Secrets
REST API endpoints for GitHub Actions variables
Secure and optimize automation (10–15%)
Implement security best practices
Use environment protections and approval gates
Managing environments for deployment
Configuring custom deployment protection rules
Identify and use trustworthy actions from the Marketplace
Security hardening for GitHub Actions
Using pre-written building blocks in your workflow
Mitigate script injection (sanitize/validate inputs, least-privilege permissions, avoid untrusted data in run:, proper shell quoting, prefer vetted actions over inline scripts)
Security hardening for GitHub Actions
Evaluate expressions in workflows and actions
Understand GITHUB_TOKEN lifecycle (ephemeral, scoped), configure granular permissions, contrast with PAT; restrict write scopes
Automatic token authentication
Security hardening for GitHub Actions
Use OIDC token (id-token permission) for cloud provider federation to eliminate long-lived cloud secrets
Configuring OpenID Connect in cloud providers
Configuring OpenID Connect in Azure
Configuring OpenID Connect in Amazon Web Services
Pin third-party actions to full commit SHAs; align with immutable actions enforcement on hosted runners; avoid floating @main/@v* without justification
Using pre-written building blocks in your workflow
Enforce action usage policies (organization/repository allow/deny lists, required reviewers for unverified actions)
Enforcing policies for GitHub Actions in your enterprise
Disabling or limiting GitHub Actions for your organization
Managing GitHub Actions settings for a repository
Generate and verify artifact attestations / provenance (e.g., SLSA, build metadata) and integrate into deployment verification
Using artifact attestations to establish provenance for builds
Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
Verifying attestations offline
Optimize workflow performance and cost
Configure caching and artifact retention for efficiency; apply retention policies programmatically via REST APIs
Caching dependencies to speed up workflows
REST API endpoints for GitHub Actions cache
REST API endpoints for GitHub Actions artifacts
Configuring the retention period for GitHub Actions artifacts and logs in your organization
Recommend strategies for scaling and optimizing workflows
Autoscaling with self-hosted runners
Viewing GitHub Actions metrics
This brings us to the end of the GH-200 GitHub Actions Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other GitHub certification exams, check out the GitHub section for those exams.
Follow Me to Receive Updates on the GH-200 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the links below so it can benefit others.
