Learning GitHub Actions: Automation and Integration of CI/CD with GitHub

Cover....1

Copyright....3

Table of Contents....6

Foreword....12

Preface....14

The Structure of This Book....15

Part I: Foundations....15

Part II: Building Blocks....15

Part III: Security and Monitoring....15

Part IV: Advanced Topics....15

Intended Audience....16

Continuing with GitHub Actions....17

Conventions Used in This Book....17

Using Code Examples....18

O’Reilly Online Learning....18

How to Contact Us....19

Acknowledgments....19

Part I. Foundations....22

Chapter 1. The Basics....24

What Is GitHub Actions?....25

Automation Platform....25

Framework....26

What Are the Use Cases for GitHub Actions?....27

Starter Workflows....28

Actions Marketplace....29

What Costs Are Involved?....31

The Free Model....31

The Paid Model....31

When Does Moving to GitHub Actions Make Sense?....34

Investment in GitHub....34

Use of Public Actions....34

Creating Your Own Actions....34

Artifact Management....34

Action Management....35

Conclusion....35

Chapter 2. How Does Actions Work?....36

An Overview....36

Triggering Workflows....38

Components....40

Steps....40

Runners....41

Jobs....41

Workflow....42

Workflow Execution....43

Conclusion....45

Chapter 3. What’s in an action?....46

The Structure of an action....47

Interfacing with actions....50

Using actions....53

Public actions and the Marketplace....53

Conclusion....57

Chapter 4. Working with Workflows....58

Creating the First Workflow in a Repository....58

Committing the Initial Workflow....63

Using the VS Code GitHub Actions Extension....80

Conclusion....86

Chapter 5. Runners....88

GitHub-Hosted Runners....88

What’s in the Runner Images?....90

Adding Additional Software on Runners....92

Self-Hosted Runners....93

Requirements for Self-Hosted Runners....94

Limits for Self-Hosted Runners....95

Security Considerations for Using Self-Hosted Runners....95

Setting Up a Self-Hosted Runner....96

Using a Self-Hosted Runner....99

Using Labels with Self-Hosted Runners....100

Troubleshooting Self-Hosted Runners....101

Removing a Self-Hosted Runner....103

Autoscaling Self-Hosted Runners....107

Just-in-Time Runners....107

Conclusion....107

Part II. Building Blocks....110

Chapter 6. Managing Your Workflow Environments....112

Naming Your Workflow and Workflow Runs....112

Contexts....114

Environment Variables....115

Default Environment Variables....116

Secrets and Configuration Variables....118

Managing Permissions for Your Workflow....124

Deployment Environments....126

Conclusion....136

Chapter 7. Managing Data Within Workflows....138

Working with Inputs and Outputs in Workflows....139

Defining and Referencing Workflow Inputs....139

Capturing Output from a Step....140

Capturing Output from a Job....141

Capturing Output from an Action Used in a Step....142

Defining Artifacts....143

Uploading and Downloading Artifacts....144

Adding Parameters....148

Using Caches in GitHub Actions....156

Using the Explicit Cache Action....157

Monitoring Caches....162

Activating a Cache with a Setup Action....164

Conclusion....166

Chapter 8. Managing Workflow Execution....168

Advanced Triggering from Changes....168

Triggering Based on Activity Types....169

Using Filters to Refine Triggers....171

Triggering Workflows Without a Change....173

Dealing with Concurrency....177

Running a Workflow with a Matrix....180

Workflow Functions....181

Conditionals and Status Functions....182

Conclusion....184

Part III. Security and Monitoring....186

Chapter 9. Actions and Security....188

Security by Configuration....189

Managing Execution of Workflows from Pull Requests....194

Workflow Permissions....195

The CODEOWNERS File....196

Protected Tags....197

Protected Branches....198

Repository Rules....199

Security by Design....202

Secrets....202

Securing Secrets....203

Tokens....204

Dealing with Untrusted Input....212

Securing Your Dependencies....220

Security by Monitoring....222

Scanning....223

Processing Pull Requests Securely....226

Vulnerabilities with Workflows in Pull Requests....228

Vulnerabilities with Source Code in Pull Requests....233

Adding a Pull Request Validation Script....236

Safely Handling Pull Requests....239

Conclusion....241

Chapter 10. Monitoring, Logging, and Debugging....244

Gaining More Observability....244

Understanding Status at a High Level....245

Creating Status Badges for Workflows....247

Working with Past States....253

Mapping Workflow Versions to Runs....253

Re-running Jobs in a Workflow....255

Debugging Workflows....262

Step Debug Logging....263

Debugging the Runner Environment....266

Activating Debugging....269

Augmenting and Customizing Logging....270

Adding Your Own Messages in Logs....270

Additional Log Customizations....272

Creating a Customized Job Summary....274

Conclusion....277

Part IV. Advanced Topics....278

Chapter 11. Creating Custom actions....280

Anatomy of an action....281

Types of Actions....284

Composite Action....284

Docker Container Action....288

Creating a JavaScript Action....292

Completing Your Action Creation....295

Publishing Actions on the GitHub Marketplace....297

Updating Actions on the Marketplace....303

Removing an Action from the Marketplace....306

The Actions Toolkit....306

Using Workflow Commands from the Toolkit....307

Local actions....310

Conclusion....312

Chapter 12. Advanced Workflows....314

Creating Your Own Starter Workflows....314

Creating a Starter Workflow Area....316

Creating a Starter Workflow File....316

Adding Supporting Pieces....318

Using the New Starter Workflow....320

Reusable Workflows....321

Inputs and Secrets....324

Outputs....326

Limitations....327

Required Workflows....329

Constraints....329

Example....330

Execution....334

Conclusion....336

Chapter 13. Advanced Workflow Techniques....338

Driving GitHub from Your Workflow....338

Using the GitHub CLI....339

Creating Scripts....340

Invoking GitHub APIs....341

Using a Matrix Strategy to Automatically Create Jobs....343

One-Dimensional Matrices....343

Multi-dimensional Matrices....344

Including Extra Values....348

Excluding Values....349

Handling Failure Cases....350

Defining Max Concurrent Jobs....351

Using Containers in Your Workflow....351

Using a Container as the Environment for a Job....352

Using a Container with a Step....354

Running Containers as Services in a Job....355

Conclusion....356

Chapter 14. Migrating to GitHub Actions....358

Prep....359

Source Code....359

Automation....361

Infrastructure....361

Users....362

Azure Pipelines....363

CircleCI....365

GitLab CI/CD....367

Jenkins....369

Travis CI....372

GitHub Actions Importer....374

Authentication....375

Planning....376

Build Steps and Related....378

Manual Tasks....380

File Manifest....381

Forecasting....382

Doing a Dry Run....384

Creating Custom Transformers for the Importer....385

Doing the Actual Migration....390

Conclusion....394

Index....396

About the Author....412

Colophon....412

Automate your software development processes with GitHub Actions, the continuous integration and continuous delivery platform that integrates seamlessly with GitHub. With this practical book, open source author, trainer, and DevOps director Brent Laster explains everything you need to know about using and getting value from GitHub Actions. You'll learn what actions and workflows are and how they can be used, created, and incorporated into your processes to simplify, standardize, and automate your work in GitHub.

This book explains the platform, components, use cases, implementation, and integration points of actions, so you can leverage them to provide the functionality and features needed in today's complex pipelines and software development processes. You'll learn how to design and implement automated workflows that respond to common events like pushes, pull requests, and review updates. You'll understand how to use the components of the GitHub Actions platform to gain maximum automation and benefit.

With this book, you will:

• Learn what GitHub Actions are, the various use cases for them, and how to incorporate them into your processes
• Understand GitHub Actions' structure, syntax, and semantics
• Automate processes and implement functionality
• Create your own custom actions with Docker, JavaScript, or shell approaches
• Troubleshoot and debug workflows that use actions
• Combine actions with GitHub APIs and other integration options
• Identify ways to securely implement workflows with GitHub Actions
• Understand how GitHub Actions compares to other options