ghaymah_dev/github-actions-demos
1
0
نسخ 0
الشفرة المشكلات طلبات السحب Actions Packages المشاريع الإصدارات الويكي النشاط
الملفات
a8e19a2631e426de6ee8c11a6446d89cbfb4e51c
github-actions-demos/slides/Slides.md
Chris Ayers 8b749702bd updated slides
2023-10-01 22:28:46 +00:00

5.3 KiB
خام اللوم التاريخ

marp, theme, footer
marp theme footer
true custom-default @Chris_L_Ayers - https://chris-ayers.com

CI/CD with GitHub Actions

Chris Ayers

bg right w:90%

bg left:40%

Chris Ayers

Senior Customer Engineer
Microsoft

Twitter: @Chris_L_Ayers Mastodon: @Chrisayers@hachyderm.io LinkedIn: - chris-l-ayers Blog: https://chris-ayers.com/ GitHub: Codebytes

bg left fit

Agenda

  • YAML
  • CI / CD
  • Actions Overview
  • Demos

YAML

Yet Another Markup Language

GitHub uses YAML for workflows

Demo: Online Parser

Feature Description
Lists Start with a
Key-Value Key: value
Objects Objects:
Properties of objects

What is CI/CD?

flowchart LR subgraph Continuous Integration direction LR A[Code] --Check In--> B[Build] B -- Auto --> C[Unit Tests] C -- Auto --> D[Dev Release] D -- Auto --> E[Additional Tests] end
flowchart LR subgraph Continuous Delivery direction LR G[Code] --Check In--> H[Build] H -- Auto --> I[Unit Tests] I -- Auto --> J[Dev Release] J -- Auto --> K[Additional Tests] K --Manual--> L[Release] end linkStyle 4 color:red;
flowchart LR subgraph Continuous Deployment direction LR M[Code] --Check In--> N[Build] N -- Auto --> O[Unit Tests] O -- Auto --> P[Dev Release] P -- Auto --> Q[Additional Tests] Q -- Auto --> R[Release] end linkStyle 4 color:green;

bg

Actions Overview

  • Actions are Event Driven
  • Live in the .github/workflows folder
  • Workflows are defined in YAML

bg right:60% w:700

Workflows

  • Events trigger workflows
  • Workflows contain jobs
  • Jobs contain steps
  • Steps are commands or actions

bg right:65% w:725

Jobs

  • Workflows can contain multiple jobs
  • Each job runs on a Runner

ACT

Run Actions Locally

nektos/act

bg right:50% 95%

bg right fit

DEMOS

Security

  • Never use structured data as a secret
  • Register all secrets used within workflows
  • Audit how secrets are handled
  • Use credentials that are minimally scoped
  • Audit and rotate registered secrets
  • Consider requiring review for access to secrets
  • Use an action instead of an inline script (recommended)
  • Use an intermediate environment variable
  • Use OpenID Connect to access cloud resources
  • Pin third-party actions to a full length commit SHA

Actions Updates - Dependabot

  • Actions are regularly updated for enhanced automation.
  • Dependabot keeps GitHub Actions references in workflow.yml up-to-date.
  • If newer action versions exist, Dependabot sends an update pull request.
  • Dependabot also updates git references for reusable workflows.

.github/dependabot.yml

version: 2
updates:
  # See documentation for possible values
  - package-ecosystem: "github-actions"
    # Location of package manifests
    directory: "/" 
    schedule:
      interval: "weekly"

Questions

bg auto bg

Resources

<script type="module"> import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs'; mermaid.initialize({ startOnLoad: true }); </script>