Complex Workflow: Chaining dependent GraphQL API Mutations based on dynamic Webhook payloads in GitHub Actions

[Fortotest]

Select Topic Area

Question

Body

Hi API experts,

I am trying to build a complex CI/CD automation and have hit a wall regarding dynamic, dependent API calls.

My Setup:

1. An external service sends a repository_dispatch Webhook to my repo.
2. The payload of this Webhook is a dynamic JSON array (the number of items is not fixed), e.g., {"tasks": [{"id": 1, "action": "build_staging"}, {"id": 2, "action": "run_tests"}, {"id": 3, "action": "deploy_prod"}]}.
3. A GitHub Action workflow is triggered by this repository_dispatch.

The Complex Problem:
Inside the GitHub Action, I need to:

1. Parse the tasks array from the Webhook payload.
2. Loop (iterate) through each item in the tasks array.
3. For each item, I must execute a different GraphQL API Mutation (e.g., create a check-run, update a deployment_status, etc.).
4. Here is the most complex part: The second Mutation is dependent on the result of the first Mutation. (Example: I cannot run_tests for task 2 until the build_staging for task 1 is complete and returns its check_run_id).

How can I reliably manage this chain of dependent GraphQL API calls inside a single GitHub Action workflow? Is parsing this payload with jq in bash robust enough, or should I be using a custom script (like Node.js/TypeScript)?

More importantly, how do I securely handle authentication and state (like passing the check_run_id from one step to the next) for multiple, dynamic, chained API calls like this?

Thanks for any advanced insights.