#github-actions (2022-08)

Discussions related to GitHub Actions

2022-08-03

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

This is interesting: Tinder Security posted an article about how they look for potential security vulnerabilities in GitHub Actions workflows and they released the tool they built

Exploiting GitHub Actions on open source projectsattachment image
Authored by: Rojan Rijal, Tinder Security LabsJohnny Nipper, Product Security ManagerTanner Emek, Engineering Manager
TinderSec/gh-workflow-auditor

Script to audit GitHub Action Workflow files for potential vulnerabilities.

3
1
Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

It’s small right now, but it’s definitely interesting!

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
12:45:38 PM

GitHub Actions: Remove offline self-hosted runners GitHub Actions: Remove offline self-hosted runners

GitHub Actions: Remove offline self-hosted runners | GitHub Changelogattachment image

GitHub Actions: Remove offline self-hosted runners

2022-08-08

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
03:35:39 PM

GitHub Actions: runner images repository refresh GitHub Actions: runner images repository refresh

GitHub Actions: runner images repository refresh | GitHub Changelogattachment image

GitHub Actions: runner images repository refresh

2022-08-09

Adnan avatar

Anybody knows how to get workflow_dispatch inputs for a run via the GH api?

Like a workflow is triggered somewhere via the api with inputs/parameters, and now I want to get the currently running workflows and the inputs.

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
02:05:36 PM

GitHub Actions: Self-hosted runners now support Apple M1 hardware GitHub Actions: Self-hosted runners now support Apple M1 hardware

GitHub Actions: Self-hosted runners now support Apple M1 hardware | GitHub Changelogattachment image

GitHub Actions: Self-hosted runners now support Apple M1 hardware

1
actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
02:55:35 PM

GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22 GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22

GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22 | GitHub Changelogattachment image

GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
02:55:35 PM

GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners

GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners | GitHub Changelogattachment image

GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners

2022-08-10

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
04:25:34 PM

GitHub Pages: Builds with GitHub Actions GA GitHub Pages: Builds with GitHub Actions GA

GitHub Pages: Builds with GitHub Actions GA | GitHub Changelogattachment image

GitHub Pages: Builds with GitHub Actions GA

2022-08-17

sheldonh avatar
sheldonh

https://twitter.com/sheldon_hull/status/1559605904743583744 Anyone know an answer to this? I’m just jumping back in actions, and the lack of being able to setup a object at the top feels odd.

basically in azure pipelines

parameters:
- name: builds
  type: object
  default:
  - version1
  - version2
  - version3

then you could use it later in templating approach with things like this. It provided an object/list. Only example I’ve found involves arg splitting via cli, which feels pretty hacky.

Note: This is NOT a matrix build, which I know is supported. Instead it’s an object list not a string list that can be used to iterate or loop through.

- template: templates/install-version.yml@templates
   parameters:
       builds: ${{ parameters.builds }}

Is this where the power of Azure pipelines just shows it’s robustness over the github actions features that don’t have such rich templating features?

For those using both Azure Pipelines, and GitHub actions… is there a way to have a parameter “object” (ie a yaml list) that can be used later in the github action, not a string, but a yaml object to simplify reuse. I don’t want to do cli arg splitting a string to accomplish it

Andy avatar

Have been after a feature like this as well, but can’t see how to do it without storing multiple variables inside a single env variable.

For those using both Azure Pipelines, and GitHub actions… is there a way to have a parameter “object” (ie a yaml list) that can be used later in the github action, not a string, but a yaml object to simplify reuse. I don’t want to do cli arg splitting a string to accomplish it

sheldonh avatar
sheldonh

This is probably the first time that I’ve hit something that I’m like azure pipelines NAILS that isn’t elegant in another place.

Not as portable as simple yaml pipelines but incredibly flexible for templating and beyond what a matrix build can do

2022-08-18

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
10:15:38 PM

Merge group webhook event and GitHub Actions workflow trigger Merge group webhook event and GitHub Actions workflow trigger

Merge group webhook event and GitHub Actions workflow trigger | GitHub Changelogattachment image

Merge group webhook event and GitHub Actions workflow trigger

2022-08-22

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
06:05:40 PM

GitHub Actions: Improvements to reusable workflows GitHub Actions: Improvements to reusable workflows

GitHub Actions: Improvements to reusable workflows | GitHub Changelogattachment image

GitHub Actions: Improvements to reusable workflows

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
06:15:38 PM

GitHub Actions: Improvements to reusable workflows GitHub Actions: Improvements to reusable workflows

GitHub Actions: Improvements to reusable workflows | GitHub Changelogattachment image

GitHub Actions: Improvements to reusable workflows

2022-08-23

actions Archives | The GitHub Blog avatar
actions Archives | The GitHub Blog
10:15:42 PM

GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale

GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale | GitHub Changelogattachment image

GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale

2022-08-26

idan926 avatar
idan926

Blowing steam here about some stuff that people do in CI/CD! Can’t hold it anymore! Here is one of mine: npm install instead of npm ci

Join me and blow your steam too

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Good pro tip! I had to look it up to be honest, but will make this recommendation. https://betterprogramming.pub/npm-ci-vs-npm-install-which-should-you-use-in-your-node-js-projects-51e07cb71e26

idan926 avatar
idan926

Thanks! What is your pro tip for CI/CD?

Jim Park avatar
Jim Park

Tiny teams using release branches. Broseph(ette), semantic release is all you need.

cycjimmy/semantic-release-action

GitHub Action for Semantic Release

2022-08-27

2022-08-29

    keyboard_arrow_up