#github-actions (2024-10)
Discussions related to GitHub Actions
2024-10-01
Repository level Actions Usage Metrics – public preview Repository level Actions Usage Metrics - public preview The post Repository level Actions Usage Metrics – public preview appeared first on The GitHub Blog.
Annotations in the GitHub Actions log view Annotations in the GitHub Actions log view The post Annotations in the GitHub Actions log view appeared first on The GitHub Blog.
2024-10-04
Thoughts on this proposal to skip specific commits using a skip ci message or PRs using a PR label for the cloudposse precommit action ?
https://github.com/cloudposse/github-action-pre-commit/issues/28
@Igor Rodionov bumping this up
2024-10-08
2024-10-14
Noticed error This environment is externally managed recently in setup-python, had to downgrade from ubuntu-latest to ubuntu-22.04 to fix pre-commit and other common github actions that rely on python dependencies
https://github.com/actions/setup-python/issues/952#issuecomment-2410802848
@Jeremy White (Cloud Posse) is this related to the issue you faced with a customer recently?
anyway @Igor Rodionov
2024-10-16
1
@Igor Rodionov @Yonatan Koren
Can we get reviews on this?
@Ben Smith (Cloud Posse) @Igor Rodionov
2024-10-17
hi, I am facing issue in setting up the github action pipeline for the ios(fastlane). I have fastfile.swift file in which I have defined the Lanes. now when i am running fastlane
Actions: Runner groups now available for organizations on Free plan Actions: Runner groups now available for organizations on Free plan The post Actions: Runner groups now available for organizations on Free plan appeared first on The GitHub Blog.
i have a private repo and i want to mirror it to a public repo. I want the public repo to be devoid of the commit history. Yet I also want the public repo to be set up in a manner that allows folks outside my org to make pull requests. I know I can do something like what is found here https://github.com/pixta-dev/repository-mirroring-action/blob/main/mirror.sh but I need some help modifying it.
2024-10-24
2024-10-27
Hello there,
I want Github Actions to auto-approve “tofu plan” but require review for “tofu apply” and then auto-merge when all workflows are successful. But as it is, Github Actions wants review whenever any stupid job is run within an environment with Required Approvers, so I created a “auto-approve” action and want to authenticate with my GitHub App - but it seems the approval HAS to be a Personal Token (probably because the required approvers can only be users, not apps) https://stackoverflow.com/questions/79044626/cant-approve-deployment-via-cli-rest-api-even-when-there-are-pending-deploys
Is anybody able to work around this issue ? Maybe with this new octo-sts https://www.chainguard.dev/unchained/the-end-of-github-pats-you-cant-leak-what-you-dont-have ?
I know I could fix this by creating different environments for plan and apply, but my OCD wants to make this work without it… maybe I should see a doctor instead ?
The new way of handling this is using repo/org rulesets
Then configuring an app bypass
Using required approvers is the old way of doing this, and yes, only works with PATs (aka real github accounts)
The app can then be configured to bypass the ruleset.
We do similar things in our org.
Aha ! I’m not sure how workflows can be protected by rulesets, but I will look into it. Thanks !
If I’m reading this correctly:
But as it is, Github Actions wants review whenever any stupid job is run within an environment with Required Approvers, so I created a “auto-approve” action and want to authenticate with my GitHub App
The “an environment with Required Approvers” can be bypassed with a ruleset. But you need to replace your old branch protections with new rulesets.
Are you referring to approval of merge requests, or workflow runs ? I don’t see how rulesets can make a app bypass a workflow approval? Forgive me if I’m too slow to understand
to clarify: In environment “prod” I have a deployment protection rule, requiring 1 review to approve workflow run.
I have two workflows: plan.yaml and apply.yaml :
plan.yaml requires access to “prod” environment secrets, but should be able to run without approval, while apply.yaml should require approval.
Thanks for your help !
So here’s an example of how we use rulesets. First we make them small, and specialized. Rulesets are additive, so all rulesets that apply will be required.
Then we allow apps like mergify to bypass the rule
but the rules are required for all humans
And then we deleted all branch protections
Now, I see github has renamed those to “classic branch protections”
In environment “prod” I have a deployment protection rule, requiring 1 review to approve workflow run.
I have two workflows: plan.yaml and apply.yaml :
plan.yaml requires access to “prod” environment secrets, but should be able to run without approval, while apply.yaml should require approval.
Sorry, I was solving how to do it with Pull Requests, not environment protection rules.
Yes, I saw that, but it seems to me that I would need a external service to interact with the hook and approve the workflow, which is a bit too much I don’t see how this usecase can work, without creating a GitHub user called “auto-approve” and create a personal access token for these approvals.
But thankyou for guidance !
Understood - I was under the impression it could be any GitHub action, but you are right it seems it must be a an app.
Out of curiosity, what is the approval logic you seek to implement?
Simplest possible approval: (at least I thought :)
• trunk based terraform repo
• GitHub environments test/prod
• matrix workflow for multiple root modules
• Reusable workflows are triggered:
• - when test tag is added to pr, tofu plan/apply runs automatically on test env (if all jobs succeed)
• - when prod tag is added to pr, tofu plan runs, adds plan output (tfcmt) to pr, and stores plan artifact to S3 - then if all jobs is succes’s, run apply in prod but wait for human workflow approval - when approved, tofu apply runs, changelog is written to github wiki, and pr is automerged.
2024-10-28
2024-10-29
2024-10-31
Actions Performance Metrics in public preview Actions Performance Metrics in public preview The post Actions Performance Metrics in public preview appeared first on The GitHub Blog.