GitHub Actions Certification Guide 2026: GH-200 Is a Workflow Operations Exam
The GitHub Actions certification (GH-200) is not a YAML trivia quiz. The January 2026 study guide update makes the exam a practical test of whether you can author, troubleshoot, secure, and govern automation at scale. If you only memorize on: push examples, you will miss questions about reusable workflows, enterprise policies, runner groups, OIDC, artifact attestations, matrix behavior, caching, and secure use of third-party actions.
Use the official Microsoft Learn certification page for current scheduling and logistics: learn.microsoft.com/credentials/certifications/github-actions. Use the official GH-200 study guide for the exam objectives: Study guide for Exam GH-200.
free GitHub Actions certification questionsPractice questions with detailed explanations
GH-200 Exam Snapshot
| Item | 2026 detail |
|---|---|
| Certification | GitHub Actions |
| Exam code | GH-200 |
| Level | Intermediate |
| Roles | Administrator, Developer, DevOps Engineer, Solution Architect, Student |
| Exam time | 100 minutes |
| Delivery | Proctored exam scheduled through Pearson VUE |
| Languages listed | English, Spanish, Portuguese (Brazil), Korean, Japanese |
| Passing score | 700 or greater on Microsoft credential exams |
| Last updated | February 5, 2026 page update; skills measured as of January 2026 |
| Price | Region-based at scheduling |
Microsoft's exam details page says the exam is proctored and may include interactive components. It also states that GitHub exams do not provide Microsoft Learn access during the exam, so you need recall plus hands-on fluency before test day.
The Five GH-200 Domains
The official study guide lists five skill areas:
| Domain | Weight |
|---|---|
| Author and manage workflows | 20-25% |
| Consume and troubleshoot workflows | 15-20% |
| Author and maintain actions | 15-20% |
| Manage GitHub Actions for the enterprise | 20-25% |
| Secure and optimize automation | 10-15% |
The two largest domains are workflow authoring and enterprise management. Security and optimization is smaller by percentage, but it cuts across the whole exam because insecure workflow design can appear inside workflow, enterprise, runner, and action questions.
What Changed in the January 2026 Objectives
The official study guide notes that the exam changed significantly in January 2026: new objectives were added, some were removed, existing objectives moved, and all were reworded. The current guide includes topics that are easy to miss if you study from older blog posts:
workflow_dispatchinputs and reusable workflow inputs/secrets viaworkflow_call- Service containers, health checks, and matrix strategy controls such as
include,exclude,fail-fast, andmax-parallel - YAML anchors, aliases, and merge keys inside workflow files
- Runtime vs static expression evaluation and the full set of contexts
- Job summaries through
GITHUB_STEP_SUMMARY - Starter workflows vs reusable workflows vs composite actions
- Immutable actions behavior and version pinning expectations
- Runner image changes and toolcache awareness
- Organization and repository action allow/deny policies
- OIDC federation, least-privilege
GITHUB_TOKENpermissions, and artifact attestations
That is why hands-on practice matters. You need to know how GitHub Actions behaves when a workflow is parsed, when jobs start, when a matrix expands, when a reusable workflow is called, and when a secret is unavailable because of scope or event context.
Study Strategy by Domain
1. Author and Manage Workflows
Build workflows from scratch. Cover triggers, scheduled runs, manual dispatch, repository events, job dependencies, conditions, environment variables, contexts, expressions, matrix jobs, service containers, outputs, artifacts, caches, status badges, and environment protection rules.
Hands-on task: create a workflow with a matrix, a service container, a cache, a job output passed to a dependent job, and a Markdown job summary.
2. Consume and Troubleshoot Workflows
Practice reading logs and run history. Know how to locate artifacts, rerun failed jobs, interpret matrix failures, and distinguish copied starter workflows from centrally maintained reusable workflows. Understand what happens when a workflow is disabled versus deleted.
Hands-on task: intentionally break a workflow three ways: bad YAML, missing secret, and failed service container health check. Fix each from logs.
3. Author and Maintain Actions
Know the differences between JavaScript actions, Docker container actions, and composite actions. Study action.yml, inputs, outputs, branding, versioning, release tags, Marketplace distribution, private action use, and workflow commands inside actions.
Hands-on task: write a small composite action, tag it, pin it by SHA in a workflow, and compare that with calling it by a moving version tag.
4. Manage GitHub Actions for the Enterprise
This is a large domain. Study runner groups, self-hosted runners, GitHub-hosted runner images, organization policies, action usage restrictions, non-public templates, reusable components, secrets and variables at org/repo/environment scope, and REST API management for logs, artifacts, workflow runs, secrets, and variables.
Hands-on task: diagram how a workflow would be governed differently in a personal repo, an organization repo, and a regulated enterprise repo.
5. Secure and Optimize Automation
Security topics are concrete. Know least-privilege permissions, GITHUB_TOKEN lifecycle, PAT vs GITHUB_TOKEN, OIDC id-token permission, secret leakage prevention, script-injection risks, full-SHA pinning for third-party actions, untrusted input handling, required reviewers for environments, caching strategy, artifact retention, and artifact attestations.
Hands-on task: take a workflow that uses cloud credentials as a long-lived secret and redesign it with OIDC, explicit token permissions, action SHA pinning, and environment approvals.
A 4-Week GH-200 Study Plan
Week 1: Workflow Fundamentals
Read the official study guide and GitHub Actions documentation on workflows. Build 5 small workflows: push/PR, scheduled, manual dispatch, matrix, and reusable workflow. Do not copy blindly; explain every context and expression.
Week 2: Actions, Reuse, and Troubleshooting
Create one composite action and one reusable workflow. Then troubleshoot broken runs using logs, artifacts, reruns, and job summaries. Compare starter workflows, reusable workflows, and composite actions until the distinction is automatic.
Week 3: Enterprise and Runner Management
Study policies, runner groups, self-hosted runners, GitHub-hosted runner images, variables, secrets, environments, and organization-level governance. This is where many developer-only candidates are weakest.
Week 4: Security, Optimization, and Timed Practice
Review OIDC, GITHUB_TOKEN permissions, script injection, action pinning, artifact attestations, caching, and retention. Take timed practice sets. For every missed question, reproduce the behavior in a test repository if possible.
Exam-Day Advice
Budget time as if every question matters. You have 100 minutes, and Microsoft does not publish exact item counts on the public exam page. If an item includes a workflow snippet, read the trigger, event context, permissions, secrets scope, and if condition before choosing an answer.
Use elimination. Wrong answers often overgrant permissions, expose secrets to untrusted events, use a PAT where OIDC or GITHUB_TOKEN is safer, confuse composite actions with reusable workflows, or treat a starter workflow as centrally managed after it has been copied.
Official Sources
- GitHub Actions certification page: https://learn.microsoft.com/en-us/credentials/certifications/github-actions/
- GH-200 study guide: https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/gh-200
- GitHub certifications overview: https://docs.github.com/en/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications
- GitHub Actions documentation: https://docs.github.com/en/actions
Buy on Amazon
Learning path on Pluralsight