#github-actions (2022-08)
Discussions related to GitHub Actions
2022-08-03
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
This is interesting: Tinder Security posted an article about how they look for potential security vulnerabilities in GitHub Actions workflows and they released the tool they built
![attachment image](https://miro.medium.com/max/1200/1*EzQU5oLHP5Oyf3ZsJFWE3A.png)
Authored by: Rojan Rijal, Tinder Security Labs | Johnny Nipper, Product Security Manager | Tanner Emek, Engineering Manager |
Script to audit GitHub Action Workflow files for potential vulnerabilities.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
It’s small right now, but it’s definitely interesting!
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Remove offline self-hosted runners GitHub Actions: Remove offline self-hosted runners
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Remove offline self-hosted runners
2022-08-08
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: runner images repository refresh GitHub Actions: runner images repository refresh
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: runner images repository refresh
2022-08-09
![Adnan avatar](https://secure.gravatar.com/avatar/86fbcb1983990cec4ffd9e7f6b009669.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
Anybody knows how to get workflow_dispatch inputs for a run via the GH api?
Like a workflow is triggered somewhere via the api with inputs/parameters, and now I want to get the currently running workflows and the inputs.
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Self-hosted runners now support Apple M1 hardware GitHub Actions: Self-hosted runners now support Apple M1 hardware
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Self-hosted runners now support Apple M1 hardware
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22 GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: The Ubuntu 18.04 Actions runner image is being deprecated and will be removed by 12/1/22
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Ubuntu 22.04 is now generally available on GitHub-hosted runners
2022-08-10
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Pages: Builds with GitHub Actions GA GitHub Pages: Builds with GitHub Actions GA
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Pages: Builds with GitHub Actions GA
2022-08-17
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
https://twitter.com/sheldon_hull/status/1559605904743583744 Anyone know an answer to this? I’m just jumping back in actions, and the lack of being able to setup a object at the top feels odd.
basically in azure pipelines
parameters:
- name: builds
type: object
default:
- version1
- version2
- version3
then you could use it later in templating approach with things like this. It provided an object/list. Only example I’ve found involves arg splitting via cli, which feels pretty hacky.
Note: This is NOT a matrix build, which I know is supported. Instead it’s an object list not a string list that can be used to iterate or loop through.
- template: templates/install-version.yml@templates
parameters:
builds: ${{ parameters.builds }}
Is this where the power of Azure pipelines just shows it’s robustness over the github actions features that don’t have such rich templating features?
For those using both Azure Pipelines, and GitHub actions… is there a way to have a parameter “object” (ie a yaml list) that can be used later in the github action, not a string, but a yaml object to simplify reuse. I don’t want to do cli arg splitting a string to accomplish it
![Andy avatar](https://avatars.slack-edge.com/2020-05-21/1161682414896_20498c74fddfeb29e652_72.jpg)
Have been after a feature like this as well, but can’t see how to do it without storing multiple variables inside a single env variable.
For those using both Azure Pipelines, and GitHub actions… is there a way to have a parameter “object” (ie a yaml list) that can be used later in the github action, not a string, but a yaml object to simplify reuse. I don’t want to do cli arg splitting a string to accomplish it
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
This is probably the first time that I’ve hit something that I’m like azure pipelines NAILS that isn’t elegant in another place.
Not as portable as simple yaml pipelines but incredibly flexible for templating and beyond what a matrix build can do
2022-08-18
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Merge group webhook event and GitHub Actions workflow trigger Merge group webhook event and GitHub Actions workflow trigger
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
Merge group webhook event and GitHub Actions workflow trigger
2022-08-22
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Improvements to reusable workflows GitHub Actions: Improvements to reusable workflows
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Improvements to reusable workflows
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Improvements to reusable workflows GitHub Actions: Improvements to reusable workflows
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Improvements to reusable workflows
2022-08-23
![actions Archives | The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale
![attachment image](https://github.blog/wp-content/uploads/2022/04/Engineering-Security.png?fit=1200%2C630)
GitHub Actions: Enhancements to OpenID Connect support to enable secure cloud deployments at scale
2022-08-26
![idan926 avatar](https://avatars.slack-edge.com/2022-08-26/4023489617424_629396a6d9e126c991a2_72.png)
Blowing steam here about some stuff that people do in CI/CD! Can’t hold it anymore! Here is one of mine: npm install instead of npm ci
Join me and blow your steam too
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Good pro tip! I had to look it up to be honest, but will make this recommendation. https://betterprogramming.pub/npm-ci-vs-npm-install-which-should-you-use-in-your-node-js-projects-51e07cb71e26
![attachment image](https://miro.medium.com/max/1000/1*P0sn6Tmv1vMYCwXqUOvRBw.png)
And what exactly is the difference?
![idan926 avatar](https://avatars.slack-edge.com/2022-08-26/4023489617424_629396a6d9e126c991a2_72.png)
Thanks! What is your pro tip for CI/CD?
![Jim Park avatar](https://secure.gravatar.com/avatar/e166c478c5b78e93a5fb116d92a2dc7e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
Tiny teams using release branches. Broseph(ette), semantic release is all you need.
GitHub Action for Semantic Release