---
marp: true
theme: custom-default
footer: '@Chris_L_Ayers - https://chris-ayers.com'
---
# CI/CD with GitHub Actions
## Chris Ayers

---

## Chris Ayers
### Senior Customer Engineer
Microsoft
Twitter: @Chris\_L\_Ayers
Mastodon: @Chrisayers@hachyderm.io
LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/)
Blog: [https://chris-ayers\.com/](https://chris-ayers.com/)
GitHub: [Codebytes](https://github.com/codebytes)
---

# Agenda
- YAML
- CI / CD
- Actions Overview
- Demos
---
# YAML
## **Yet Another Markup Language**
GitHub uses YAML for workflows
Demo: [Online Parser](https://yaml-online-parser.appspot.com/)
| Feature | Description |
| --------- | --------------------------------- |
| Lists | Start with a – |
| Key-Value | Key: value |
| Objects | Objects:
Properties of objects |
---
# What is CI/CD?

---

# Actions Overview
- Live in the `.github/workflows` folder
- Workflows are defined in YAML
- Workflows are Event Driven
---
# Events that trigger workflows
[https://docs.github.com/actions/using-workflows/events-that-trigger-workflows](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows)
- branch_protection_rule
- checks
- create
- delete
- deployment
- discussion
- fork
- issue_comment
- issues
- label
- page_build
- pull_request
- pull_request_review
- pull_request_review_comment
- push
- release
- schedule
- status
- workflow_call
- workflow_dispatch
---

# Workflows
- [Events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows) trigger workflows
- Workflows contain jobs
- Jobs contain steps
- Steps are commands or actions
---

# Jobs
- Workflows can contain multiple jobs
- Jobs run in parallel by default
- Each job runs on a [Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners)
- Steps and Shell Commands run in sequence
---
# Runners
- Specify the type of runner with `runs-on` (e.g., `ubuntu-latest`).
- GitHub provisions a new VM for each job.
- Steps in a job share information using the runner's filesystem.
- VM is decommissioned after job completion.
---
# Supported runners and hardware
- GitHub-hosted runner application is open source.
- OS: Windows, Linux, and macOS
- Runners include preinstalled software, updated weekly.
- There are also Large Hosted Runners
- Self-Hosted Runners
- You can install additional software on runners.
---

# DEMOS
---
# ACT
## Run Actions Locally
[nektos/act](https://github.com/nektos/act)

---
# Security
- Never use structured data as a secret
- Register all secrets used within workflows
- Audit how secrets are handled
- Use credentials that are minimally scoped
- Audit and rotate registered secrets
- Consider requiring review for access to secrets
- Use an action instead of an inline script (recommended)
- Use an intermediate environment variable
- Use OpenID Connect to access cloud resources
- Pin third-party actions to a full length commit SHA
---
# Actions Updates - Dependabot
- Actions are regularly updated for enhanced automation.
- Dependabot keeps GitHub Actions references in workflow.yml up-to-date.
- If newer action versions exist, Dependabot sends an update pull request.
- Dependabot also updates git references for reusable workflows.
`.github/dependabot.yml`
```yaml
version: 2
updates:
# See documentation for possible values
- package-ecosystem: "github-actions"
# Location of package manifests
directory: "/"
schedule:
interval: "weekly"
```
---
# Questions


---
# Resources
## Links
[https://docs.github.com](https://docs.github.com)
[https://skills.github.com](https://docs.github.com)
[codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos)
## Follow Chris Ayers
Twitter: @Chris\_L\_Ayers
Mastodon: @Chrisayers@hachyderm.io
LinkedIn: - [chris\-l\-ayers](https://linkedin.com/in/chris-l-ayers/)
Blog: [https://chris-ayers\.com/](https://chris-ayers.com/)
GitHub: [Codebytes](https://github.com/codebytes)