Michael Heap / Advanced GitHub Actions Nova 2021

Michael Heap / Advanced GitHub Actions Nova 2021 Hi, I’m Michael

Michael Heap / Advanced GitHub Actions Nova 2021 GitHub Actions

Michael Heap / Advanced GitHub Actions Nova 2021 If A new issue doesn’t change the default template Then Add a comment asking for more information

Michael Heap / Advanced GitHub Actions Nova 2021 If A deployment fails Then Attach the logs as a comment on the pull request

Michael Heap / Advanced GitHub Actions Nova 2021 If We merge to main in repo X Then Update the submodule in repo Y

Michael Heap / Advanced GitHub Actions Nova 2021 If A new issue is raised by a sponsor Then Apply the urgent label

Michael Heap / Advanced GitHub Actions Nova 2021 It’s like: If then for

Michael Heap / Advanced GitHub Actions Nova 2021 GitHub Actions

Michael Heap / Advanced GitHub Actions Nova 2021 Advanced GitHub Actions

Michael Heap / Advanced GitHub Actions Nova 2021 10 11 Tips, 17 Minutes Ready?

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 1: Debug Artifact name: Debug Artifacts on: push jobs: debug-artifacts: name: Debug Artifacts runs-on: ubuntu-latest steps: - name: Debug Artifacts uses: mheap/debug-artifact@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} Uploads event.json and .env as an artifact, which you can download and inspect to help debug

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2: Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" - name: Cache node modules uses: actions/cache@v2 env: cache-name: cache-node-modules with: path: ~/.npm key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- ${{ runner.os }}-build- - run: npm install - run: npm test

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2: Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" - name: Cache node modules uses: actions/cache@v2 env: cache-name: cache-node-modules with: path: ~/.npm key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- ${{ runner.os }}-build- - run: npm install - run: npm test

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 2: Automatic caching - uses: actions/setup-node@v2 with: node-version: "16" cache: "npm" - run: npm install - run: npm test

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 3: Use python in workflow.yml steps: - name: Display the path run: echo $PATH shell: bash steps: - name: Display the path run: echo ${env:PATH} shell: pwsh steps: - name: Display the path run: | import os print(os.environ['PATH']) shell: python

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 3.5: Use any language in workflow.yml steps: - name: Show the environment variables with Perl run: | print %ENV shell: perl {0} steps: - name: Show the environment variables with PHP run: | print_r($_ENV); shell: php {0} steps: - name: Show the environment variables with Ruby run: | print ENV.to_h shell: ruby {0} steps: - name: Show the environment variables with Node run: | console.log(process.env) shell: node --harmony {0} Set the shell value to a template string in the following format: $ my_command --any-flags --here {0}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4: Interacting with the GitHub API

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4: Interacting with the GitHub API # Check if a PR already exists for the branch PR_COUNT=$(gh pr list --author mheap --state all --json number | jq '. | length') # Add a comment if [[ $PR_COUNT -eq "0" ]]; then gh issue comment ${{ github.event.issue.number }} --body "Welcome, new contributor!" fi

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 4: Interacting with the GitHub API # Check if a PR already exists for the branch PR_COUNT=$(gh pr list --author mheap --state all --json number | jq '. | length') # Add a comment if [[ $PR_COUNT -eq "1" ]]; then gh issue comment ${{ github.event.issue.number }} --body "Welcome, new contributor!" fi on: pull_request jobs: welcome: runs-on: ubuntu-latest steps: - uses: actions/github-script@v5 with: script: | const creator = context.payload.sender.login const opts = github.rest.issues.listForRepo .endpoint.merge({ ... context.issue, creator, state: 'all' }) const issues = await github.paginate(opts) for (const issue of issues) { if (issue.number === context.issue.number) { continue } if (issue.pull_request) { return // Creator is already a contributor. } } await github.rest.issues.createComment ({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: 'Welcome, new contributor!' })

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5: Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0' ]

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5: Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ]

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5: Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ] continue-on-error: ${{ matrix.php == '8.1' }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 5: Testing Beta releases --- name: build on: [push] jobs: build: runs-on: ubuntu-latest strategy: matrix: php: [ '7.2', '7.3', '7.4', '8.0', '8.1' ] continue-on-error: ${{ matrix.php == '8.1' }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6: Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6: Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df - name: Do the specific thing uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 6: Secure Workflows jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Do the specific thing uses: mheap/do-thing@main jobs: build: name: Do Thing runs-on: ubuntu-latest steps: - uses: actions/checkout@db41740e12847bb616a339b75eb9414e711417df # pin@v2 - name: Do the specific thing uses: mheap/do-thing@73549280c1c566830040d9a01fe9050dae6a3036 # pin@main $ npx pin-github-action /path/to/.github/workflows/your-name.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions steps: - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true .github/workflows/docker.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions steps: - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true .github/workflows/docker.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha .github/workflows/docker.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions - uses: docker/setup-buildx-action@v1 - uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: docker/build-push-action@v2 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} runs: using: "composite" steps: - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/${{inputs.image_name}} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=sha name: "Publish to Docker" description: "Pushes built artifacts to Docker" inputs: image_name: description: The name of the image to build required: true mheap/docker-build/action.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 7: Composite Actions name: Docker Build and Push on: push: release: jobs: build: name: Build runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Build and Push uses: mheap/action-test@master with: image_name: mheap/action-test .github/workflows/docker.yml

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8: Running non-JS actions without Docker

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8: Running non-JS actions without Docker // Via https://github.com/peter-evans/python-action const core = require("@actions/core"); const exec = require("@actions/exec"); async function run() { try { const src = __dirname + "/src"; await exec.exec("python", [ `${src}/python_action.py`, inputs.message, inputs.sender ]); } catch (error) { core.setFailed(error.message); } } run(); GitHub Runners come preinstalled with: ● Erlang ● C++ ● Fortran ● Julia ● Kotlin ● Mono ● Node ● Perl ● Python ● Ruby ● Swift

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 8: Running non-JS actions without Docker // Via https://github.com/peter-evans/python-action const core = require("@actions/core"); const exec = require("@actions/exec"); async function run() { try { const src = __dirname + "/src"; await exec.exec("python", [ `${src}/python_action.py`, inputs.message, inputs.sender ]); } catch (error) { core.setFailed(error.message); } } run(); GitHub Runners come preinstalled with: ● Erlang ● C++ ● Fortran ● Julia ● Kotlin ● Mono ● Node ● Perl ● Python ● Ruby ● Swift ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠ ⚠⚠⚠⚠ The installed software and available versions may change between runner images ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠ ⚠⚠⚠⚠

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9: Problem Matchers

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9: Problem Matchers { "owner": "eslint-compact", "pattern": [ { "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\ \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((. +)\\)$", "file": 1, "line": 2, "column": 3, "severity": 4, "message": 5, "code": 6 } ] } badFile.js: line 50, col 11, Error - 'myVar' is defined but never used. (no-unused-vars)

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9: Problem Matchers { "owner": "eslint-compact", "pattern": [ { "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\ \s(Error|Warning|Info)\\s-\\s(.+)\\s\\((. +)\\)$", "file": 1, "line": 2, "column": 3, "severity": 4, "message": 5, "code": 6 } ] } [ { "file": "badFile.js", "line": "50", "column": "11", "severity": "Error", "message": "'myVar' is defined but never used.", "code": "no-unused-vars" } ] badFile.js: line 50, col 11, Error - 'myVar' is defined but never used. (no-unused-vars)

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 9: Problem Matchers JS Library https://github.com/mheap/problem- matcher React Testing UI https://github.com/mheap/problem- matcher-tester Deployed UI https://problem-matcher.netlify.app/

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation on: push jobs: ci: runs-on: ubuntu-latest strategy: matrix: version: [12, 14, 16] steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }} - run: npm ci - run: npm test

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation jobs: ci: strategy: matrix: version: [12, 14, 16] steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation jobs: ci: strategy: matrix: version: ${{ fromJson('["12","14","16"]') }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo '::set-output name=version_matrix::["12","14","16"]' outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation $ curl https://endoflife.date/api/nodejs.json | jq -c '[.[] | select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]' # ["12","14","16"]

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo '::set-output name=version_matrix::["12","14","16"]' outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation jobs: create_matrix: steps: - id: set-matrix run: echo "::set-output name=version_matrix::$(curl https://endoflife.date/api/nodejs.json | jq -c '[.[] | select(.eol > (now | strftime("%Y-%m-%d"))) | .cycle]')" outputs: version_matrix: ${{ steps.set-matrix.outputs.version_matrix }} ci: needs: create_matrix strategy: matrix: version: ${{ fromJson(needs.create_matrix.outputs.version_matrix) }} steps: - uses: actions/setup-node@v2 with: node-version: ${{ matrix.version }}

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 10: Dynamic Matrix Generation

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication GITHUB_TOKEN : Expiry = job-duration

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication GITHUB_TOKEN : Expiry = job-duration on: push permissions: issues: write jobs: add-comment: runs-on: ubuntu-latest steps: - ...

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Checks Contents Deployments Issues Metadata Packages Pull requests Projects Security events Commit statuses GITHUB_TOKEN : Expiry = job-duration

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication PAT : Expiry = 7 days to Never

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Pull requests PAT : Expiry = 7 days to Never

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Pages Pull requests Webhooks Projects Secrets Single file Commit statuses PAT : Expiry = 7 days to Never

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secrets Security events Single file Commit statuses Workflows Organization Permissions Members Administration Events Webhooks Projects Secrets Self-hosted runners Blocking users Team discussions PAT : Expiry = 7 days to Never

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Administration Contents Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secrets Security events Single file Commit statuses Workflows Organization Permissions Members Administration Events Webhooks Projects Secrets Self-hosted runners Blocking users Team discussions PAT : Expiry = 7 days to Never https://github.com/github/roadmap/issues/184

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Administration Checks Content references Contents Deployments Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secret scanning alerts Secrets Security events Single file Commit statuses Dependabot alerts Workflows Organization Permissions Members Administration Events Webhooks Plan Projects Secrets Self-hosted runners Blocking users Team discussions GitHub Application

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication Repository Permissions Actions Administration Checks Content references Contents Deployments Discussions Environments Issues Metadata Organization packages Packages Pages Pull requests Webhooks Projects Secret scanning alerts Secrets Security events Single file Commit statuses Dependabot alerts Workflows Organization Permissions Members Administration Events Webhooks Plan Projects Secrets Self-hosted runners Blocking users Team discussions GitHub Application

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication jobs: get-temp-token: runs-on: ubuntu-latest steps: - name: Get Token id: get_workflow_token uses: peter-murray/workflow-application-token-action@v1 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} organization: "my-test-org"

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication jobs: get-temp-token: runs-on: ubuntu-latest steps: - name: Get Token id: get_workflow_token uses: peter-murray/workflow-application-token-action@v1 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} organization: "my-test-org" - name: Use Application Token to create a release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} with: ....

Michael Heap / Advanced GitHub Actions Nova 2021 Tip 11: Authentication GitHub Applications = GREAT

Michael Heap / Advanced GitHub Actions Nova 2021 github.com/mheap michaelheap.com/talk/github-nova-2021 Questions! (probably via Slack)