Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Advanced GitHub Actions

Michael Heap
October 05, 2021
120

Advanced GitHub Actions

GitHub Actions is the most used CI/CD system on GitHub (with good reason!), and there are a ton of resources on how to get started. What about the next steps, how do you level up your Actions game once you’ve learned the basics?

This talk introduces you to advanced Actions topics such as dynamic matrix generation, API authentication using GitHub Applications, how to build and test your own problem matchers and more.

Michael Heap

October 05, 2021
Tweet

Transcript

  1. Michael Heap / Advanced GitHub Actions Nova 2021

  2. Michael Heap / Advanced GitHub Actions Nova 2021 Hi, I’m

    Michael
  3. Michael Heap / Advanced GitHub Actions Nova 2021 GitHub Actions

  4. Michael Heap / Advanced GitHub Actions Nova 2021 If A

    new issue doesn’t change the default template Then Add a comment asking for more information
  5. Michael Heap / Advanced GitHub Actions Nova 2021 If A

    deployment fails Then Attach the logs as a comment on the pull request
  6. Michael Heap / Advanced GitHub Actions Nova 2021 If We

    merge to main in repo X Then Update the submodule in repo Y
  7. Michael Heap / Advanced GitHub Actions Nova 2021 If A

    new issue is raised by a sponsor Then Apply the urgent label
  8. Michael Heap / Advanced GitHub Actions Nova 2021 It’s like:

    If then for
  9. Michael Heap / Advanced GitHub Actions Nova 2021 GitHub Actions

  10. Michael Heap / Advanced GitHub Actions Nova 2021 Advanced GitHub

    Actions
  11. Michael Heap / Advanced GitHub Actions Nova 2021 10 11

    Tips, 17 Minutes Ready?
  12. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 1:

    Debug Artifact name: Debug Artifacts on: push jobs: debug-artifacts: name: Debug Artifacts runs-on: ubuntu-latest steps: - name: Debug Artifacts uses: mheap/debug-artifact@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} Uploads event.json and .env as an artifact, which you can download and inspect to help debug
  13. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2:

    Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" - name: Cache node modules uses: actions/cache@v2 env: cache-name: cache-node-modules with: path: ~/.npm key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- ${{ runner.os }}-build- - run: npm install - run: npm test
  14. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2:

    Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" - name: Cache node modules uses: actions/cache@v2 env: cache-name: cache-node-modules with: path: ~/.npm key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- ${{ runner.os }}-build- - run: npm install - run: npm test
  15. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2:

    Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" cache: "npm" - run: npm install - run: npm test
  16. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 3:

    Use python in workflow.yml steps: - name: Display the path run: echo $PATH shell: bash steps: - name: Display the path run: echo ${env:PATH} shell: pwsh steps: - name: Display the path run: | import os print(os.environ['PATH']) shell: python
  17. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 3.5:

    Use any language in workflow.yml steps: - name: Show the environment variables with Perl run: | print %ENV shell: perl {0} steps: - name: Show the environment variables with PHP run: | print_r($_ENV); shell: php {0} steps: - name: Show the environment variables with Ruby run: | print ENV.to_h shell: ruby {0} steps: - name: Show the environment variables with Node run: | console.log(process.env) shell: node --harmony {0} Set the shell value to a template string in the following format: $ my_command --any-flags --here {0}
  18. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4:

    Interacting with the GitHub API
  19. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4:

    Interacting with the GitHub API # Check if a PR already exists for the branch PR_COUNT=$(gh pr list --author mheap --state all --json number | jq '. | length') # Add a comment if [[ $PR_COUNT -eq "0" ]]; then gh issue comment ${{ github.event.issue.number }} --body "Welcome, new contributor!" fi
  20. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4:

    Interacting with the GitHub API # Check if a PR already exists for the branch PR_COUNT=$(gh pr list --author mheap --state all --json number | jq '. | length') # Add a comment if [[ $PR_COUNT -eq "1" ]]; then gh issue comment ${{ github.event.issue.number }} --body "Welcome, new contributor!" fi on: pull_request jobs: welcome: runs-on: ubuntu-latest steps: - uses: actions/github-script@v5 with: script: | const creator = context.payload.sender.login const opts = github.rest.issues.listForRepo .endpoint.merge({ ... context.issue, creator, state: 'all' }) const issues = await github.paginate(opts) for (const issue of issues) { if (issue.number === context.issue.number) { continue } if (issue.pull_request) { return // Creator is already a contributor. } } await github.rest.issues.createComment ({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: 'Welcome, new contributor!' })
  21. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5:

    Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0' ]
  22. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5:

    Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ]
  23. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5:

    Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ] continue-on-error: ${{ matrix.php == '8.1' }}
  24. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5:

    Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ] continue-on-error: ${{ matrix.php == '8.1' }}
  25. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6:

    Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main
  26. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6:

    Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df - name: Do the specific thing uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036
  27. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6:

    Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df # pin@v2 - name: Do the specific thing uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036 # pin@main $ npx pin-github-action /path/to/.github/workflows/your-name.yml
  28. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions
  29. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions steps: - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true .github/workflows/docker.yml
  30. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions steps: - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true .github/workflows/docker.yml
  31. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha .github/workflows/docker.yml
  32. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha
  33. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} runs: using: "composite" steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha name: "Publish to Docker" description: "Pushes built artifacts to Docker" inputs: image_name: description: The name of the image to build required: true mheap/docker-build/action.yml
  34. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7:

    Composite Actions name: Docker Build and Push on: push: release: jobs: build: name: Build runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Build and Push uses: mheap/action-test@master with: image_name: mheap/action-test .github/workflows/docker.yml
  35. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8:

    Running non-JS actions without Docker
  36. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8:

    Running non-JS actions without Docker // Via https://github.com/peter-evans/python-action const core = require("@actions/core"); const exec = require("@actions/exec"); async function run() { try { const src = __dirname + "/src"; await exec.exec("python", [ `${src}/python_action.py`, inputs.message, inputs.sender ]); } catch (error) { core.setFailed(error.message); } } run(); GitHub Runners come preinstalled with: • Erlang • C++ • Fortran • Julia • Kotlin • Mono • Node • Perl • Python • Ruby • Swift
  37. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8:

    Running non-JS actions without Docker // Via https://github.com/peter-evans/python-action const core = require("@actions/core"); const exec = require("@actions/exec"); async function run() { try { const src = __dirname + "/src"; await exec.exec("python", [ `${src}/python_action.py`, inputs.message, inputs.sender ]); } catch (error) { core.setFailed(error.message); } } run(); GitHub Runners come preinstalled with: • Erlang • C++ • Fortran • Julia • Kotlin • Mono • Node • Perl • Python • Ruby • Swift ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠ ⚠⚠⚠⚠ The installed software and available versions may change between runner images ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠ ⚠⚠⚠⚠
  38. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9:

    Problem Matchers
  39. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9:

    Problem Matchers { "owner": "eslint-compact", "pattern": [ { "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\ \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((. +)\\)$", "file": 1, "line": 2, "column": 3, "severity": 4, "message": 5, "code": 6 } ] } badFile.js: line 50, col 11, Error - 'myVar' is defined but never used. (no-unused-vars)
  40. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9:

    Problem Matchers { "owner": "eslint-compact", "pattern": [ { "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\ \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((. +)\\)$", "file": 1, "line": 2, "column": 3, "severity": 4, "message": 5, "code": 6 } ] } [ { "file": "badFile.js", "line": "50", "column": "11", "severity": "Error", "message": "'myVar' is defined but never used.", "code": "no-unused-vars" } ] badFile.js: line 50, col 11, Error - 'myVar' is defined but never used. (no-unused-vars)
  41. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9:

    Problem Matchers JS Library https://github.com/mheap/problem- matcher React Testing UI https://github.com/mheap/problem- matcher-tester Deployed UI https://problem-matcher.netlify.app/
  42. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation on: push jobs: ci: runs-on: ubuntu-latest strategy: matrix: version: [12, 14, 16] steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }} - run: npm ci - run: npm test
  43. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation jobs: ci: strategy: matrix: version: [12, 14, 16] steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}
  44. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation jobs: ci: strategy: matrix: version: ${{ fromJson('["12","14","16"]') }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}
  45. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo '::set-output name=version_matrix::["12","14","16"]' outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}
  46. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation $ curl https://endoflife.date/api/nodejs.json | jq -c '[.[] | select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]' # ["12","14","16"]
  47. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo '::set-output name=version_matrix::["12","14","16"]' outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}
  48. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo "::set-output name=version_matrix::$(curl https://endoflife.date/api/nodejs.json | jq -c '[.[] | select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]')" outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}
  49. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10:

    Dynamic Matrix Generation
  50. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication
  51. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication GITHUB_TOKEN : Expiry = job-duration
  52. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication GITHUB_TOKEN : Expiry = job-duration on: push permissions: issues: write jobs: add-comment: runs-on: ubuntu-latest steps: - ...
  53. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Checks Contents Deployments Issues Metadata Packages Pull requests Projects Security events Commit statuses GITHUB_TOKEN : Expiry = job-duration
  54. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication PAT : Expiry = 7 days to Never
  55. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Pull requests PAT : Expiry = 7 days to Never
  56. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Pages Pull requests Webhooks Projects Secrets Single file Commit statuses PAT : Expiry = 7 days to Never
  57. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secrets Security events Single file Commit statuses Workflows Organization Permissions Members Administration Events Webhooks Projects Secrets Self-hosted runners Blocking users Team discussions PAT : Expiry = 7 days to Never
  58. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secrets Security events Single file Commit statuses Workflows Organization Permissions Members Administration Events Webhooks Projects Secrets Self-hosted runners Blocking users Team discussions PAT : Expiry = 7 days to Never https://github.com/github/roadmap/issues/184
  59. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Administration Checks Content references Contents Deployments Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secret scanning alerts Secrets Security events Single file Commit statuses Dependabot alerts Workflows Organization Permissions Members Administration Events Webhooks Plan Projects Secrets Self-hosted runners Blocking users Team discussions GitHub Application
  60. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication Repository Permissions Actions Administration Checks Content references Contents Deployments Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secret scanning alerts Secrets Security events Single file Commit statuses Dependabot alerts Workflows Organization Permissions Members Administration Events Webhooks Plan Projects Secrets Self-hosted runners Blocking users Team discussions GitHub Application
  61. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication jobs: get-temp-token: runs-on: ubuntu-latest steps: - name: Get Token id: get_workflow_token uses: peter-murray/workflow-application-token-action@v1 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} organization: "my-test-org"
  62. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication jobs: get-temp-token: runs-on: ubuntu-latest steps: - name: Get Token id: get_workflow_token uses: peter-murray/workflow-application-token-action@v1 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} organization: "my-test-org" - name: Use Application Token to create a release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} with: ....
  63. Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11:

    Authentication GitHub Applications = GREAT
  64. Michael Heap / Advanced GitHub Actions Nova 2021 github.com/mheap michaelheap.com/talk/github-nova-2021

    Questions! (probably via Slack)