#github-actions (2024-05)
Discussions related to GitHub Actions
2024-05-02
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Artifact Attestations public beta Artifact Attestations public beta The post Artifact Attestations public beta appeared first on The GitHub Blog.
Artifact Attestations public beta
Updates, ideas, and inspiration from GitHub to help developers build and design software.
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Dependabot pull requests jobs are now available to run on self hosted Actions runners Dependabot pull requests jobs are now available to run on self hosted Actions runners The post Dependabot pull requests jobs are now available to run on self hosted Actions runners appeared first on The GitHub Blog.
Dependabot pull requests jobs are now available to run on self hosted Actions runners
2024-05-03
2024-05-07
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Actions: New region support for Azure private networking Actions: New region support for Azure private networking The post Actions: New region support for Azure private networking appeared first on The GitHub Blog.
Actions: New region support for Azure private networking
Updates, ideas, and inspiration from GitHub to help developers build and design software.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Gah! just give me folder support for my workflows already….
2024-05-14
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
GitHub-hosted runners: Public Beta of Ubuntu 24.04 is now available GitHub-hosted runners: Public Beta of Ubuntu 24.04 is now available The post GitHub-hosted runners: Public Beta of Ubuntu 24.04 is now available appeared first on The GitHub Blog.
GitHub-hosted runners: Public Beta of Ubuntu 24.04 is now available
Updates, ideas, and inspiration from GitHub to help developers build and design software.
![Enrique Lopez avatar](https://avatars.slack-edge.com/2024-05-14/7117917100979_f2c3f3787602d61e1bb8_72.png)
Hi everybody new in the community, I was making a github action workflow that executes playwright tests, but then we realized that some of the endpoints are not exposed to internet, so my challenge now is to make a workflow_dispatch in github action that can trigger a workflow in AWS codepipeline (because here the endpoints are accessible), for that also I need to send some env variables declared in the workflow to codepipeline, have you guys done something like that? any document I can read to get more insights on how to achieve my goal?
![Piotr Pawlowski avatar](https://secure.gravatar.com/avatar/c7096abc362517a111c55dabb21ab68e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I would probably create w workflow with following steps:
• configure aws creds using this action
• trigger pipeline with aws cli and used --variables
to pass some envs form gha to codepipeline
never done this, though, so might miss something
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We use self-hosted GHA runners, deployed within VPCs. That way don’t have these problems.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
For non EKS, we use https://github.com/philips-labs/terraform-aws-github-runner
Terraform module for scalable GitHub action runners on AWS
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Lastly, just last month AWS announced this, but we haven’t tried it yet. https://aws.amazon.com/about-aws/whats-new/2024/04/aws-codebuild-managed-github-action-runners/
![Enrique Lopez avatar](https://avatars.slack-edge.com/2024-05-14/7117917100979_f2c3f3787602d61e1bb8_72.png)
@Erik Osterman (Cloud Posse) that sounds really interesting, sadly I haven’t done that before, thanks for sharing Erik
![Enrique Lopez avatar](https://avatars.slack-edge.com/2024-05-14/7117917100979_f2c3f3787602d61e1bb8_72.png)
do you have any other doc or link with some real example I can refer to?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
All of it’s documented in our paid/commercial reference architecture
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Which approach is most appealing? Maybe I can link you to something public
![Enrique Lopez avatar](https://avatars.slack-edge.com/2024-05-14/7117917100979_f2c3f3787602d61e1bb8_72.png)
Looks like the idea of having a self hosted runner is the better since it allows to keep everything in github actions, sounds cleaner
![Enrique Lopez avatar](https://avatars.slack-edge.com/2024-05-14/7117917100979_f2c3f3787602d61e1bb8_72.png)
@Erik Osterman (Cloud Posse) BTW, I received this comment form someone in my team when I suggested using self hosted runners:
I don’t think it’s a good idea to open any sort of direct network communication between GitHub and AWS private VPCs.
I don’t think that’s a valid concern since we are already using aws credentials in github, so to me the security concerns are already being shared between github and aws, but what do you think guys I can respond to be consice and claer and get allowed
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Are you free to join #office-hours ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
First problem, stop using any AWS credentials on GitHub. Use GitHub OIDC and IAM roles, so there are no hardcoded credentials.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Using CodeBuild/CodePipeline + GitHub is Identical to using GitHub + Self-hosted Runners, from a security/attack surface.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
You need to test your software. Your software is on GitHub. You need to test your software on AWS where it will run. I don’t see a world (with end-to-end automation) where these two things are disjoint.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
You should already have dev/staging/production, in entirely different AWS accounts.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Your CI technically, only needs access to test it in one of those accounts (or some other testing account).
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Fwiw, dozens of our customers use this exact pattern, this is the first time I’ve heard the concern. Self-hosted runners is usually an enterprise requirement rather than concern.
2024-05-15
2024-05-16
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
New dates for Actions larger runner multi-label deprecation New dates for Actions larger runner multi-label deprecation The post New dates for Actions larger runner multi-label deprecation appeared first on The GitHub Blog.
New dates for Actions larger runner multi-label deprecation
Updates, ideas, and inspiration from GitHub to help developers build and design software.
2024-05-17
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Updated dates for Actions runner using Node20 instead of Node16 by default Updated dates for Actions runner using Node20 instead of Node16 by default The post Updated dates for Actions runner using Node20 instead of Node16 by default appeared first on The GitHub Blog.
Updated dates for Actions runner using Node20 instead of Node16 by default
Updates, ideas, and inspiration from GitHub to help developers build and design software.
2024-05-20
![actions Archives - The GitHub Blog avatar](https://a.slack-edge.com/80588/img/services/rss_72.png)
Actions: Upcoming changes to GitHub-hosted macOS runners Actions: Upcoming changes to GitHub-hosted macOS runners The post Actions: Upcoming changes to GitHub-hosted macOS runners appeared first on The GitHub Blog.
Actions: Upcoming changes to GitHub-hosted macOS runners
Updates, ideas, and inspiration from GitHub to help developers build and design software.
2024-05-23
![Dhruv Tiwari avatar](https://secure.gravatar.com/avatar/c10f776d43e647eaaf3ff00328a0e42a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
Anyone facing issues with Affected Stacks, seems like it is unable to get the correct componentPath, runs previously successful are failing now: Previously:
Run set +e
set +e
TERRAFORM_OUTPUT_FILE="./terraform-${GITHUB_RUN_ID}-output.txt"
tfcmt \
--config /home/runner/work/_actions/cloudposse/github-action-atmos-terraform-plan/v2/config/summary.yaml \
-owner "Org" \
-repo "aws_infra_atmos" \
-var "target:ops-logging-deploy-org_vpc_logs-bucket" \
-var "component:org_vpc_logs-bucket" \
-var "componentPath:components/terraform/s3-bucket" \
Now:
Run set +e
set +e
TERRAFORM_OUTPUT_FILE="./terraform-${GITHUB_RUN_ID}-output.txt"
tfcmt \
--config /home/runner/work/_actions/cloudposse/github-action-atmos-terraform-plan/v2/config/summary.yaml \
-owner "Org" \
-repo "aws_infra_atmos" \
-var "target:ops-logging-deploy-org_vpc_logs-bucket" \
-var "component:org_vpc_logs-bucket" \
-var "componentPath:components/terraform/" \
Which eventually leads to failure This is my step snippet:
- name: Plan Atmos Component
uses: cloudposse/github-action-atmos-terraform-plan@v2
with:
component: ${{ matrix.component }}
stack: ${{ matrix.stack }}
atmos-config-path: /home/runner/work/_temp/atmos-config