GitHub Agentic Workflows entered public preview on June 11, 2026. Write CI/CD pipelines in plain Markdown — GitHub's runtime compiles them to standard Actions YAML. Here's everything you need to know to get started, with practical examples and real-world use cases.
GitHub Agentic Workflows is a new capability that lets you define CI/CD pipelines using natural language Markdown files instead of writing YAML by hand. GitHub's agentic runtime interprets your instructions, generates the appropriate Actions workflow YAML, and executes it — all within the familiar repository structure.
This is not a toy or a simplified UI overlay. The agentic runtime produces real,
standard .github/workflows/*.yml files that use the full Actions
ecosystem — marketplace actions, self-hosted runners, matrix strategies, environment
secrets, and deployment gates. You can inspect, debug, and even edit the generated YAML
after it's created.
The public preview launched June 11, 2026 for GitHub Team and Enterprise subscribers. Free and Pro plans have limited access to curated agentic templates. The feature is opt-in per repository and site-wide for organizations.
The core concept is simple: create a Markdown file in a designated directory (or annotate an existing issue/PR description), describe what you want to automate, and GitHub's agentic runtime handles the rest.
Here's the flow at a high level:
.github/agentic/.github/workflows/agentic-*.yml file
Create a file at .github/agentic/ci-pipeline.md in your repository:
# CI Pipeline
When someone pushes to main or opens a pull request against main:
1. Install project dependencies with `npm ci`
2. Run the test suite with `npm test`
3. Run ESLint for code quality checks
4. If tests pass and the branch is main, build and upload the production bundle as a GitHub release artifact
Use ubuntu-latest runners. The Node.js version should be 20.x.
Store npm cache for faster subsequent runs.
Save and commit the file. GitHub detects the new agentic workflow, compiles it to YAML,
and creates .github/workflows/agentic-ci-pipeline.yml with the equivalent
Actions configuration:
name: CI Pipeline (Agentic)
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: 'npm'
- run: npm ci
- run: npm test
- run: npx eslint .
- name: Build & Release
if: github.ref == 'refs/heads/main'
run: |
npm run build
gh release upload ${{ github.ref_name }} ./dist/ --clobber
env:
GH_TOKEN: ${{ github.token }}
The generated YAML is human-readable and editable. You can tweak it directly and the agent won't overwrite your changes unless you regenerate. This gives you the best of both worlds: natural language authoring and YAML-level control.
Agentic workflows shine for operations that benefit from high-level intent specification. Here are the most impactful use cases with real agentic workflow files.
Describe a code review workflow that runs on every pull request:
# PR Code Review
On every pull request opened or updated:
1. Checkout the PR branch
2. Run ESLint and Prettier — comment on any formatting or linting issues directly in the PR diff
3. Run `npm audit` for vulnerable dependencies — if any critical vulnerabilities are found, label the PR "security"
4. If the PR changes package.json, add the "dependencies" label
5. Approve the workflow run only if eslint and npm audit pass without errors
Post a summary comment to the PR listing what was checked and the results.
This replaces what previously required a multi-job YAML workflow with custom scripting to post comments via the GitHub API. The agent handles the action orchestration and API interactions automatically.
Automate dependency hygiene across your repository:
# Weekly Dependency Audit
Every Monday at 9:00 UTC:
1. Run `npm outdated` and create an issue listing all outdated packages grouped by severity
2. Run `npm audit` with full detail — if critical vulnerabilities exist, create a GitHub advisory discussion
3. For each package that is 3+ major versions behind, open a draft PR with the update using Dependabot-style automation
4. Label the created issue "dependencies" and "automated"
Run on ubuntu-latest with Node.js 22.x.
# PR Auto-Triage
On every pull request opened:
1. Read the PR title, description, and changed files
2. Add labels based on:
- File paths changed (frontend/, backend/, docs/, infra/)
- Keywords in the title (bug, feat, chore, docs, refactor)
3. If the PR changes more than 20 files, label it "large-pr" and request an additional reviewer
4. If the PR is from a first-time contributor, add "welcome" label and post a greeting comment
5. Check if the PR description template was filled — if not, add "needs-description" label
Use ubuntu-latest.
| Dimension | Agentic Workflows | Traditional YAML |
|---|---|---|
| Authoring | Natural language Markdown | Explicit YAML syntax |
| Learning curve | Low — describe what you want | Moderate-high — exact syntax required |
| Expressiveness | High-level intent; agent fills details | Full control over every step |
| Debugging | Preview compiled YAML; refine Markdown | Directly debug the YAML |
| Version control | Both .md source and generated .yml tracked | Single .yml source of truth |
| Predictability | Agent may interpret intent differently over time | Deterministic — same YAML, same result |
| Best for | Standard patterns, rapid prototyping, team onboarding | Complex workflows, precise control, compliance |
| Security | Prompt injection risk; sandboxed | Standard Actions security model |
Agentic workflows introduce a new attack surface: prompt injection. Because the agent reads natural language input from the repository (PR descriptions, issue comments, the Markdown file itself), an attacker who can contribute content might manipulate the agent's behavior.
For repositories with sensitive operations — deployment to production, database migrations, security scanning — I recommend keeping these as hand-written YAML workflows or at minimum reviewing every agentic workflow output before enabling automated execution. The generated YAML preview is your safety net.
Agentic
Rapidly sketch CI/CD logic in Markdown, inspect the generated YAML, and iterate. Perfect for new projects and experiments.
Traditional YAML
Multi-job matrix builds, custom actions, fine-grained conditionals, and deployment strategies need hand-crafted YAML for precision.
Traditional YAML
Production deployments, database changes, and security scanning benefit from deterministic, hand-reviewed YAML over agent-generated code.
As of June 2026, GitHub Agentic Workflows are in public preview:
GitHub has not announced pricing for general availability. The preview period is expected to run through Q3 2026 based on the current roadmap.
.github/agentic/ directory in your repository.md file (start with a simple CI pipeline).github/workflows/agentic-*.ymlFor teams building more sophisticated automation, agentic workflows can be combined with the web-mcp agentic web architecture to create end-to-end automated development pipelines. And for securing your existing Actions infrastructure, see my guide on GitHub Actions cache poisoning — a complementary security concern that affects both agentic and traditional workflows.
Setting up CI/CD pipelines — whether agentic or traditional — requires understanding your project's architecture, testing strategy, and deployment targets. If you're building a web application and need a robust delivery pipeline, I can help design and implement it.
I'm a full-stack web developer who builds production web applications and their CI/CD infrastructure. Based in Minsk and working worldwide, let's discuss your project.
Building a web application or setting up CI/CD? Tell me about your project — I'll help with architecture, implementation, and deployment.