---
marp: true
theme: custom-default
footer: '@Chris_L_Ayers - https://chris-ayers.com'
---
# CI/CD with GitHub Actions
## Chris Ayers
---
## Chris Ayers
### Senior Customer Engineer
Microsoft
Twitter: @Chris\_L\_Ayers
Mastodon: @Chrisayers@hachyderm.io
LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/)
Blog: [https://chris-ayers\.com/](https://chris-ayers.com/)
GitHub: [Codebytes](https://github.com/codebytes)
---
# Agenda
- YAML
- CI / CD
- Actions Overview
- Demos
---
# YAML
## **Yet Another Markup Language**
GitHub uses YAML for workflows
Demo: [Online Parser](https://yaml-online-parser.appspot.com/)
| Feature | Description |
| --- | --- |
| Lists | Start with a – |
| Key-Value | Key: value |
| Objects | Objects:
Properties of objects |
---
# What is CI/CD?
flowchart LR
subgraph Continuous Integration
direction LR
A[Code] --Check In--> B[Build]
B -- Auto --> C[Unit Tests]
C -- Auto --> D[Dev Release]
D -- Auto --> E[Additional Tests]
end
flowchart LR
subgraph Continuous Delivery
direction LR
G[Code] --Check In--> H[Build]
H -- Auto --> I[Unit Tests]
I -- Auto --> J[Dev Release]
J -- Auto --> K[Additional Tests]
K --Manual--> L[Release]
end
linkStyle 4 color:red;
flowchart LR
subgraph Continuous Deployment
direction LR
M[Code] --Check In--> N[Build]
N -- Auto --> O[Unit Tests]
O -- Auto --> P[Dev Release]
P -- Auto --> Q[Additional Tests]
Q -- Auto --> R[Release]
end
linkStyle 4 color:green;
---
# Actions Overview
- Actions are Event Driven
- Live in the .github/workflows folder
- Workflows are defined in YAML
---
# Workflows
- [Events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows) trigger workflows
- Workflows contain jobs
- Jobs contain steps
- Steps are commands or actions
---
# Jobs
- Workflows can contain multiple jobs
- Each job runs on a [Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners)
---
# ACT
## Run Actions Locally
[nektos/act](https://github.com/nektos/act)
---
# DEMOS
---
# Security
- Never use structured data as a secret
- Register all secrets used within workflows
- Audit how secrets are handled
- Use credentials that are minimally scoped
- Audit and rotate registered secrets
- Consider requiring review for access to secrets
- Use an action instead of an inline script (recommended)
- Use an intermediate environment variable
- Use OpenID Connect to access cloud resources
- Pin third-party actions to a full length commit SHA
---
# Actions Updates - Dependabot
- Actions are regularly updated for enhanced automation.
- Dependabot keeps GitHub Actions references in workflow.yml up-to-date.
- If newer action versions exist, Dependabot sends an update pull request.
- Dependabot also updates git references for reusable workflows.
```.github/dependabot.yml```
```yaml
version: 2
updates:
# See documentation for possible values
- package-ecosystem: "github-actions"
# Location of package manifests
directory: "/"
schedule:
interval: "weekly"
```
---
# Questions
---
# Resources
## Links
[https://docs.github.com](https://docs.github.com)
[https://skills.github.com](https://docs.github.com)
[https://docs.github.com/actions/security-guides](https://docs.github.com/actions/security-guides)
[codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos)
## Follow Chris Ayers
Twitter: @Chris\_L\_Ayers
Mastodon: @Chrisayers@hachyderm.io
LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/)
Blog: [https://chris-ayers\.com/](https://chris-ayers.com/)
GitHub: [Codebytes](https://github.com/codebytes)