Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub ActionsでDevSecOpsごっこ
Search
Akira Moroo
June 13, 2022
Programming
0
45
GitHub ActionsでDevSecOpsごっこ
Akira Moroo
June 13, 2022
Tweet
Share
More Decks by Akira Moroo
See All by Akira Moroo
Exploring x86 MSR Space
retrage
0
1.3k
LLMでバイナリ解析支援
retrage
0
180
Practical Rust (Hypervisor) Firmware
retrage
3
1.7k
Bypassing UEFI Secure Boot with Thin-Hypervisor
retrage
0
1.1k
Porting Linux to Nabla Containers
retrage
0
1.2k
Network Boot from Bell Labs
retrage
2
1.6k
Unikernelで始める自作OS/OS Development with Unikernel
retrage
1
570
LLVM Backend Development for EFI Byte Code
retrage
2
960
EFI Byte Code Virtual Machine for Fun and Profit
retrage
2
2.1k
Other Decks in Programming
See All in Programming
2025 年のコーディングエージェントの現在地とエンジニアの仕事の変化について
azukiazusa1
24
12k
Android端末で実現するオンデバイスLLM 2025
masayukisuda
1
150
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
350
How Android Uses Data Structures Behind The Scenes
l2hyunwoo
0
440
rage against annotate_predecessor
junk0612
0
170
Android 16 × Jetpack Composeで縦書きテキストエディタを作ろう / Vertical Text Editor with Compose on Android 16
cc4966
1
200
もうちょっといいRubyプロファイラを作りたい (2025)
osyoyu
1
430
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
680
アセットのコンパイルについて
ojun9
0
120
AWS発のAIエディタKiroを使ってみた
iriikeita
1
180
ぬるぬる動かせ! Riveでアニメーション実装🐾
kno3a87
1
210
Compose Multiplatform × AI で作る、次世代アプリ開発支援ツールの設計と実装
thagikura
0
150
Featured
See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
GraphQLとの向き合い方2022年版
quramy
49
14k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
The Invisible Side of Design
smashingmag
301
51k
Raft: Consensus for Rubyists
vanstee
140
7.1k
A better future with KSS
kneath
239
17k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
580
Designing for humans not robots
tammielis
253
25k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Thoughts on Productivity
jonyablonski
70
4.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Transcript
GitHub ActionsͰ DevSecOpsͬ͜͝ June 13, 2022 ୈ5ճLTձ Akira Moroo (@retrage)
GitHub Actions (GHA) • GitHubʹ౷߹͞Ε͍ͯΔ • ઃఆϑΝΠϧΛஔ͢Δ͚ͩ • ߏԽ͞Ε͍ͯΔ •
࠷খ୯Ґ: step • ίϚϯυ࣮ߦ or action࣮ߦ • actionࣗ࡞Մೳ CI/CDαʔϏεͷ1ͭ Job Work f low Step
actionͷ࡞Γํ • GitHubϦϙδτϦԼʹ action.yamlΛஔ • action.yaml: actionΛఆٛ • ೖྗ (▪)
• ग़ྗ (▪) • ࣮ߦޙͷstepͰࢀরՄೳ • ࣮ߦํ๏ (▪) Yamlϙϯஔ͖Ͱ؆୯
actionͷछྨ ࣮ߦํ๏ʹΑͬͯ3छྨʹ͚ΒΕΔ • JavaScript action: JavaScriptͷΈͰهड़ • Docker container action:
ίϯςφΛ࣮ߦ • Composite action: ࠶ར༻ՄೳͳGHA work f low (stepͷू·Γ) • Docker container action͕Ұ൪ࣗ༝͕ߴ͍: • 👉 ڥΛด͡ࠐΊͯ͋͛Ε͓खܰʹDevSecOpsͬ͜͝Ͱ͖ͦ͏
Actionࣗ࡞ͯ͠Έͨ • ࣗ࡞UEFI SMM੩తղੳGhidraϓ ϥάΠϯΛར༻ • non-GUI GhidraΛ࣮ߦ • ೖྗ
(▪): ղੳରͷόΠφϦ • ग़ྗ (▪): ղੳ݁Ռ • ࣮ߦํ๏ (▪): Docker container
Actionࣗ࡞ͯ͠Έͨ • ೖྗ (▪) όΠφϦ͚ͩ • ϓϩϓϥͰOK • ग़ྗ (▪)
JUnit XML format • ղੳ݁Ռͷ࠶ར༻ੑ্ • ӈͷྫͰղੳ݁ՌΛطଘ ͷactionʹ͍ͯ͠Δ (▪) ϙΠϯτ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ ղੳ݁ՌͷJUnit XML formatग़ྗ ݕग़ͨ݁͠ՌΛΤϥʔͱͯ͠ใࠂ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ JUnit XML formatͰग़ྗ͢Δ͜ͱͰۤ࿑ͤͣʹղੳ݁ՌΛCIʹΈࠐΊͨ
Actionࣗ࡞ͯ͠Έͨ: վળ • ݡ͘ղੳ݁ՌΛग़ྗ͍ͨ͠ • ࠓճղੳϩάΛPythonͰύʔεͯ͠ແཧΓJUnit XML formatʹม • ϓϥάΠϯ͕JSON/XMLΛग़ྗ͢Δ͖
• ·ͱͳόΠφϦͷղੳ݁Ռදࣔػೳ͕΄͍͠ • JUnit XML formatGHAίʔυͷߦͱྻϨϕϧͷΞϊςʔγϣϯͷΈ • ؤுͬͯΤϥʔʹٯΞηϯϒϧ݁ՌΛදࣔ͢Δ͔͠ͳ͍
·ͱΊ • GitHub ActionsGitHubʹ౷߹͞ΕͨCI/CDαʔϏε • GHAͷaction؆୯ʹࣗ࡞Մೳ • Action3छྨ͋Δ͕ɺDocker container action͕Ұ൪ࣗ༝͕ߴ͍
• ࣗ࡞UEFI SMM੩తղੳGhidraϓϥάΠϯͷactionΛ࡞ͬͯΈͨ • JUnit XML formatͰग़ྗ͢Δ͜ͱͰղੳ݁Ռͷ࠶ར༻ੑ͕ߴ͘ͳͬͨ • ݱঢ়ͰόΠφϦͷղੳ݁Ռද͕ࣔඞཁ