Let's say you have similar, if not identical tasks in different GitHub Actions Workflows. For example, one of the most common task is actions/checkout. Perhaps you want to ensure all of your workflows are using v4 of actions/checkout. 

name: GitHub Action
run-name: ${{ github.workflow }} run by ${{ github.actor }}
on:
  push:
    branches:
      - main
jobs:
  github-action-job:
    runs-on: ubuntu-latest
    steps:      
      - name: Checkout the repository code
        uses: actions/checkout@v4

Let's create a workflow, perhaps with the following. Let's say this is in a YAML file named checkout.yml.

name: Checkout the repository code
run-name: ${{ github.workflow }} run by ${{ github.actor }}
on:
  workflow_call:
  workflow_dispatch:
jobs:
  checkout:
    runs-on: ubuntu-latest
    steps:      
      - name: Checkout the repository code
        uses: actions/checkout@v4

Now, let's create another workflow that will call checkout.yml. For example, perhaps this workflow is in a YAML file named main.yml. In this example, @main means that .github/workflows/main.yml is in the "main" branch of the my-organization/my-repo repository.

name: GitHub Action (POC)
run-name: ${{ github.workflow }} run by ${{ github.actor }}
on:
  workflow_dispatch:
jobs:  
  demo:
    uses: my-organization/my-repo/.github/workflows/checkout.yml@main

Instead of using @main, you can use the SHA.

In this example, d6e0428bb6c2102c47f495f4cc81f62486a168f1 is the SHA.

name: GitHub Action (POC)
run-name: ${{ github.workflow }} run by ${{ github.actor }}
on:
  workflow_dispatch:
jobs:  
  demo:
    uses: my-organization/my-repo/.github/workflows/main.yml@d6e0428bb6c2102c47f495f4cc81f62486a168f1

And if all goes well, the GitHub Action Workflow should return something like this.