I wonder if the whole local machine >> github >> live server is the best and most secure workflow.
No, I absolutely wouldn’t do that. (And it “feels wrong” because you’re making github an unchecked gateway to your website.) Ideally, though, it’s less of a security concern, and more of a breaking-things concern.
What I would do (and have done, in fact) is more like this:
local machine » [github] » server (dev/testing) « server (live site)
- local machine (contributor) pushes to github
(I leave github out sometimes, which is why it’s in brackets above)
- github auto-pushes to a dev repo on the server.
This repo might also be a testing site.
Additionally, the push may not be automatic depending on how much you trust the contributor.
- the server (admin, you) pulls the dev repo to the live repo (the site itself) when ready (this step is definitely not automated).