$30 off During Our Annual Pro Sale. View Details »

Advanced GitHub Actions

Michael Heap
October 05, 2021
240

Advanced GitHub Actions

GitHub Actions is the most used CI/CD system on GitHub (with good reason!), and there are a ton of resources on how to get started. What about the next steps, how do you level up your Actions game once you’ve learned the basics?

This talk introduces you to advanced Actions topics such as dynamic matrix generation, API authentication using GitHub Applications, how to build and test your own problem matchers and more.

Michael Heap

October 05, 2021
Tweet

Transcript

  1. Michael Heap / Advanced GitHub Actions
    Nova 2021

    View Slide

  2. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Hi, I’m Michael

    View Slide

  3. Michael Heap / Advanced GitHub Actions
    Nova 2021
    GitHub Actions

    View Slide

  4. Michael Heap / Advanced GitHub Actions
    Nova 2021
    If
    A new issue doesn’t change the
    default template
    Then
    Add a comment asking for more
    information

    View Slide

  5. Michael Heap / Advanced GitHub Actions
    Nova 2021
    If
    A deployment fails
    Then
    Attach the logs as a comment on
    the pull request

    View Slide

  6. Michael Heap / Advanced GitHub Actions
    Nova 2021
    If
    We merge to main in repo X
    Then
    Update the submodule in repo Y

    View Slide

  7. Michael Heap / Advanced GitHub Actions
    Nova 2021
    If
    A new issue is raised by a sponsor
    Then
    Apply the urgent label

    View Slide

  8. Michael Heap / Advanced GitHub Actions
    Nova 2021
    It’s like:
    If then for

    View Slide

  9. Michael Heap / Advanced GitHub Actions
    Nova 2021
    GitHub Actions

    View Slide

  10. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Advanced
    GitHub Actions

    View Slide

  11. Michael Heap / Advanced GitHub Actions
    Nova 2021
    10 11 Tips, 17 Minutes
    Ready?

    View Slide

  12. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 1: Debug Artifact
    name: Debug Artifacts
    on: push
    jobs:
    debug-artifacts:
    name: Debug Artifacts
    runs-on: ubuntu-latest
    steps:
    - name: Debug Artifacts
    uses: mheap/debug-artifact@v1
    env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    Uploads event.json and .env as
    an artifact, which you can download
    and inspect to help debug

    View Slide

  13. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 2: Automatic caching
    - uses: actions/setup-node@v2
    with:
    node-version: "16"
    - name: Cache node modules
    uses: actions/cache@v2
    env:
    cache-name: cache-node-modules
    with:
    path: ~/.npm
    key: ${{ runner.os }}-build-${{ env.cache-name }}-${{
    hashFiles('**/package-lock.json') }}
    restore-keys: |
    ${{ runner.os }}-build-${{ env.cache-name }}-
    ${{ runner.os }}-build-
    - run: npm install
    - run: npm test

    View Slide

  14. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 2: Automatic caching
    - uses: actions/setup-node@v2
    with:
    node-version: "16"
    - name: Cache node modules
    uses: actions/cache@v2
    env:
    cache-name: cache-node-modules
    with:
    path: ~/.npm
    key: ${{ runner.os }}-build-${{ env.cache-name }}-${{
    hashFiles('**/package-lock.json') }}
    restore-keys: |
    ${{ runner.os }}-build-${{ env.cache-name }}-
    ${{ runner.os }}-build-
    - run: npm install
    - run: npm test

    View Slide

  15. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 2: Automatic caching
    - uses: actions/setup-node@v2
    with:
    node-version: "16"
    cache: "npm"
    - run: npm install
    - run: npm test

    View Slide

  16. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 3: Use python in workflow.yml
    steps:
    - name: Display the path
    run: echo $PATH
    shell: bash
    steps:
    - name: Display the path
    run: echo ${env:PATH}
    shell: pwsh
    steps:
    - name: Display the path
    run: |
    import os
    print(os.environ['PATH'])
    shell: python

    View Slide

  17. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 3.5: Use any language in workflow.yml
    steps:
    - name: Show the environment variables with Perl
    run: |
    print %ENV
    shell: perl {0}
    steps:
    - name: Show the environment variables with PHP
    run: |
    print_r($_ENV);
    shell: php {0}
    steps:
    - name: Show the environment variables with Ruby
    run: |
    print ENV.to_h
    shell: ruby {0}
    steps:
    - name: Show the environment variables with Node
    run: |
    console.log(process.env)
    shell: node --harmony {0}
    Set the shell value to a template string in the following format:
    $ my_command --any-flags --here {0}

    View Slide

  18. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 4: Interacting with the GitHub API

    View Slide

  19. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 4: Interacting with the GitHub API
    # Check if a PR already exists for the branch
    PR_COUNT=$(gh pr list --author mheap --state all --json
    number | jq '. | length')
    # Add a comment
    if [[ $PR_COUNT -eq "0" ]]; then
    gh issue comment ${{ github.event.issue.number }}
    --body "Welcome, new contributor!"
    fi

    View Slide

  20. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 4: Interacting with the GitHub API
    # Check if a PR already exists for the branch
    PR_COUNT=$(gh pr list --author mheap --state all --json
    number | jq '. | length')
    # Add a comment
    if [[ $PR_COUNT -eq "1" ]]; then
    gh issue comment ${{ github.event.issue.number }}
    --body "Welcome, new contributor!"
    fi
    on: pull_request
    jobs:
    welcome:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/github-script@v5
    with:
    script: |
    const creator = context.payload.sender.login
    const opts = github.rest.issues.listForRepo
    .endpoint.merge({
    ...
    context.issue,
    creator,
    state: 'all'
    })
    const issues = await github.paginate(opts)
    for (const issue of issues) {
    if (issue.number === context.issue.number) {
    continue
    }
    if (issue.pull_request) {
    return // Creator is already a contributor.
    }
    }
    await github.rest.issues.createComment
    ({
    issue_number: context.issue.number,
    owner: context.repo.owner,
    repo: context.repo.repo,
    body: 'Welcome, new contributor!'
    })

    View Slide

  21. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 5: Testing Beta releases
    ---
    name: build
    on: [push]
    jobs:
    build:
    runs-on: ubuntu-latest
    strategy:
    matrix:
    php: [ '7.2', '7.3', '7.4', '8.0' ]

    View Slide

  22. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 5: Testing Beta releases
    ---
    name: build
    on: [push]
    jobs:
    build:
    runs-on: ubuntu-latest
    strategy:
    matrix:
    php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ]

    View Slide

  23. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 5: Testing Beta releases
    ---
    name: build
    on: [push]
    jobs:
    build:
    runs-on: ubuntu-latest
    strategy:
    matrix:
    php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ]
    continue-on-error: ${{ matrix.php == '8.1' }}

    View Slide

  24. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 5: Testing Beta releases
    ---
    name: build
    on: [push]
    jobs:
    build:
    runs-on: ubuntu-latest
    strategy:
    matrix:
    php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ]
    continue-on-error: ${{ matrix.php == '8.1' }}

    View Slide

  25. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 6: Secure Workflows
    jobs:
    build:
    name: Do Thing
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Do the specific thing
    uses: mheap/do-thing@main

    View Slide

  26. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 6: Secure Workflows
    jobs:
    build:
    name: Do Thing
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Do the specific thing
    uses: mheap/do-thing@main
    jobs:
    build:
    name: Do Thing
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df
    - name: Do the specific thing
    uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036

    View Slide

  27. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 6: Secure Workflows
    jobs:
    build:
    name: Do Thing
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Do the specific thing
    uses: mheap/do-thing@main
    jobs:
    build:
    name: Do Thing
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df # pin@v2
    - name: Do the specific thing
    uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036 # pin@main
    $ npx pin-github-action /path/to/.github/workflows/your-name.yml

    View Slide

  28. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions

    View Slide

  29. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    steps:
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    .github/workflows/docker.yml

    View Slide

  30. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    steps:
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    .github/workflows/docker.yml

    View Slide

  31. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{
    steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    .github/workflows/docker.yml

    View Slide

  32. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{ steps.meta.outputs.labels }}
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha

    View Slide

  33. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    - uses: docker/setup-buildx-action@v1
    - uses: docker/login-action@v1
    with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}
    - uses: docker/build-push-action@v2
    with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
    labels: ${{
    steps.meta.outputs.labels }}
    runs:
    using: "composite"
    steps:
    - name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
    images: |
    ghcr.io/${{inputs.image_name}}
    tags: |
    type=ref,event=branch
    type=ref,event=pr
    type=semver,pattern={{version}}
    type=sha
    name: "Publish to Docker"
    description: "Pushes built artifacts to
    Docker"
    inputs:
    image_name:
    description: The name of the image to
    build
    required: true
    mheap/docker-build/action.yml

    View Slide

  34. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 7: Composite Actions
    name: Docker Build and Push
    on:
    push:
    release:
    jobs:
    build:
    name: Build
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
    uses: actions/checkout@v2
    - name: Build and Push
    uses: mheap/action-test@master
    with:
    image_name: mheap/action-test
    .github/workflows/docker.yml

    View Slide

  35. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 8: Running non-JS actions without Docker

    View Slide

  36. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 8: Running non-JS actions without Docker
    // Via https://github.com/peter-evans/python-action
    const core = require("@actions/core");
    const exec = require("@actions/exec");
    async function run() {
    try {
    const src = __dirname + "/src";
    await exec.exec("python", [
    `${src}/python_action.py`,
    inputs.message,
    inputs.sender
    ]);
    } catch (error) {
    core.setFailed(error.message);
    }
    }
    run();
    GitHub Runners come preinstalled with:
    ● Erlang
    ● C++
    ● Fortran
    ● Julia
    ● Kotlin
    ● Mono
    ● Node
    ● Perl
    ● Python
    ● Ruby
    ● Swift

    View Slide

  37. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 8: Running non-JS actions without Docker
    // Via https://github.com/peter-evans/python-action
    const core = require("@actions/core");
    const exec = require("@actions/exec");
    async function run() {
    try {
    const src = __dirname + "/src";
    await exec.exec("python", [
    `${src}/python_action.py`,
    inputs.message,
    inputs.sender
    ]);
    } catch (error) {
    core.setFailed(error.message);
    }
    }
    run();
    GitHub Runners come preinstalled with:
    ● Erlang
    ● C++
    ● Fortran
    ● Julia
    ● Kotlin
    ● Mono
    ● Node
    ● Perl
    ● Python
    ● Ruby
    ● Swift
    ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠
    ⚠⚠⚠⚠
    The installed software and
    available versions may change
    between runner images
    ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠
    ⚠⚠⚠⚠

    View Slide

  38. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 9: Problem Matchers

    View Slide

  39. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 9: Problem Matchers
    {
    "owner": "eslint-compact",
    "pattern": [
    {
    "regexp":
    "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\
    \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((.
    +)\\)$",
    "file": 1,
    "line": 2,
    "column": 3,
    "severity": 4,
    "message": 5,
    "code": 6
    }
    ]
    }
    badFile.js: line 50, col 11, Error - 'myVar' is defined but never used.
    (no-unused-vars)

    View Slide

  40. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 9: Problem Matchers
    {
    "owner": "eslint-compact",
    "pattern": [
    {
    "regexp":
    "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\
    \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((.
    +)\\)$",
    "file": 1,
    "line": 2,
    "column": 3,
    "severity": 4,
    "message": 5,
    "code": 6
    }
    ]
    }
    [
    {
    "file": "badFile.js",
    "line": "50",
    "column": "11",
    "severity": "Error",
    "message": "'myVar' is defined but never used.",
    "code": "no-unused-vars"
    }
    ]
    badFile.js: line 50, col 11, Error - 'myVar' is defined but never used.
    (no-unused-vars)

    View Slide

  41. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 9: Problem Matchers
    JS Library
    https://github.com/mheap/problem-
    matcher
    React Testing UI
    https://github.com/mheap/problem-
    matcher-tester
    Deployed UI
    https://problem-matcher.netlify.app/

    View Slide

  42. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    on: push
    jobs:
    ci:
    runs-on: ubuntu-latest
    strategy:
    matrix:
    version: [12, 14, 16]
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}
    - run: npm ci
    - run: npm test

    View Slide

  43. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    jobs:
    ci:
    strategy:
    matrix:
    version: [12, 14, 16]
    steps:
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}

    View Slide

  44. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    jobs:
    ci:
    strategy:
    matrix:
    version: ${{ fromJson('["12","14","16"]') }}
    steps:
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}

    View Slide

  45. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    jobs:
    create_matrix:
    steps:
    - id: set-matrix
    run: echo '::set-output name=version_matrix::["12","14","16"]'
    outputs:
    version_matrix: ${{ steps.set-matrix.outputs.version_matrix }}
    ci:
    needs: create_matrix
    strategy:
    matrix:
    version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }}
    steps:
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}

    View Slide

  46. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    $ curl https://endoflife.date/api/nodejs.json | jq -c '[.[] | select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]'
    # ["12","14","16"]

    View Slide

  47. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    jobs:
    create_matrix:
    steps:
    - id: set-matrix
    run: echo '::set-output name=version_matrix::["12","14","16"]'
    outputs:
    version_matrix: ${{ steps.set-matrix.outputs.version_matrix }}
    ci:
    needs: create_matrix
    strategy:
    matrix:
    version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }}
    steps:
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}

    View Slide

  48. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation
    jobs:
    create_matrix:
    steps:
    - id: set-matrix
    run: echo "::set-output name=version_matrix::$(curl https://endoflife.date/api/nodejs.json | jq -c '[.[] |
    select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]')"
    outputs:
    version_matrix: ${{ steps.set-matrix.outputs.version_matrix }}
    ci:
    needs: create_matrix
    strategy:
    matrix:
    version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }}
    steps:
    - uses: actions/setup-node@v2
    with:
    node-version: ${{ matrix.version }}

    View Slide

  49. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 10: Dynamic Matrix Generation

    View Slide

  50. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication

    View Slide

  51. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    GITHUB_TOKEN : Expiry = job-duration

    View Slide

  52. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    GITHUB_TOKEN : Expiry = job-duration
    on: push
    permissions:
    issues: write
    jobs:
    add-comment:
    runs-on: ubuntu-latest
    steps:
    - ...

    View Slide

  53. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Checks
    Contents Deployments
    Issues Metadata Packages
    Pull requests Projects
    Security events
    Commit statuses
    GITHUB_TOKEN : Expiry = job-duration

    View Slide

  54. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    PAT : Expiry = 7 days to Never

    View Slide

  55. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Pull requests
    PAT : Expiry = 7 days to Never

    View Slide

  56. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Administration
    Contents Discussions Environments
    Issues Metadata
    Pages Pull requests Webhooks Projects
    Secrets Single file
    Commit statuses
    PAT : Expiry = 7 days to Never

    View Slide

  57. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Administration
    Contents Discussions Environments
    Issues Metadata Organization packages Packages
    Pages Pull requests Webhooks Projects
    Secrets Security events Single file
    Commit statuses Workflows
    Organization Permissions
    Members Administration Events Webhooks
    Projects Secrets Self-hosted runners
    Blocking users Team discussions
    PAT : Expiry = 7 days to Never

    View Slide

  58. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Administration
    Contents Discussions Environments
    Issues Metadata Organization packages Packages
    Pages Pull requests Webhooks Projects
    Secrets Security events Single file
    Commit statuses Workflows
    Organization Permissions
    Members Administration Events Webhooks
    Projects Secrets Self-hosted runners
    Blocking users Team discussions
    PAT : Expiry = 7 days to Never
    https://github.com/github/roadmap/issues/184

    View Slide

  59. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Administration Checks Content references
    Contents Deployments Discussions Environments
    Issues Metadata Organization packages Packages
    Pages Pull requests Webhooks Projects
    Secret scanning alerts Secrets Security events Single file
    Commit statuses Dependabot alerts Workflows
    Organization Permissions
    Members Administration Events Webhooks
    Plan Projects Secrets Self-hosted runners
    Blocking users Team discussions
    GitHub Application

    View Slide

  60. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    Repository Permissions
    Actions Administration Checks Content references
    Contents Deployments Discussions Environments
    Issues Metadata Organization packages Packages
    Pages Pull requests Webhooks Projects
    Secret scanning alerts Secrets Security events Single file
    Commit statuses Dependabot alerts Workflows
    Organization Permissions
    Members Administration Events Webhooks
    Plan Projects Secrets Self-hosted runners
    Blocking users Team discussions
    GitHub Application

    View Slide

  61. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    jobs:
    get-temp-token:
    runs-on: ubuntu-latest
    steps:
    - name: Get Token
    id: get_workflow_token
    uses: peter-murray/workflow-application-token-action@v1
    with:
    application_id: ${{ secrets.APPLICATION_ID }}
    application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
    organization: "my-test-org"

    View Slide

  62. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    jobs:
    get-temp-token:
    runs-on: ubuntu-latest
    steps:
    - name: Get Token
    id: get_workflow_token
    uses: peter-murray/workflow-application-token-action@v1
    with:
    application_id: ${{ secrets.APPLICATION_ID }}
    application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
    organization: "my-test-org"
    - name: Use Application Token to create a release
    uses: actions/create-release@v1
    env:
    GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
    with: ....

    View Slide

  63. Michael Heap / Advanced GitHub Actions
    Nova 2021
    Tip 11: Authentication
    GitHub Applications = GREAT

    View Slide

  64. Michael Heap / Advanced GitHub Actions
    Nova 2021
    github.com/mheap
    michaelheap.com/talk/github-nova-2021
    Questions!
    (probably via Slack)

    View Slide