github-actions-demos/slides/Slides.md

marp, theme, footer

marp	theme	footer
true	custom-default	@Chris_L_Ayers - https://chris-ayers.com

CI/CD with GitHub Actions

Chris Ayers

---

Chris Ayers

Senior Customer Engineer
Microsoft

Twitter: @Chris_L_Ayers Mastodon: @Chrisayers@hachyderm.io LinkedIn: - chris-l-ayers Blog: https://chris-ayers.com/ GitHub: Codebytes

---

Agenda

• YAML
• CI / CD
• Actions Overview
• Demos

---

YAML

Yet Another Markup Language

GitHub uses YAML for workflows

Demo: Online Parser

Feature	Description
Lists	Start with a –
Key-Value	Key: value
Objects	Objects: Properties of objects

---

Workflows / Pipelines

---

What is CI/CD?

---

Actions Overview

• Live in the .github/workflows folder
• Workflows are defined in YAML
• Workflows are Event Driven

---

Events that trigger workflows

https://docs.github.com/actions/using-workflows/events-that-trigger-workflows

• branch_protection_rule
• checks
• create / delete
• deployment
• discussion
• fork
• issue_comment
• issues
• label

• page_build
• pull_request
• pull_request_review
• pull_request_review_comment
• push
• release
• schedule
• status
• workflow_call / workflow_dispatch

---

Workflows

• Events trigger workflows
• Workflows contain jobs
• Jobs contain steps
• Steps are commands or actions

---

Jobs

• Workflows can contain multiple jobs
• Jobs run in parallel by default
• Each job runs on a Runner
• Steps and Shell Commands run in sequence

---

Runners

• Specify the type of runner with runs-on (e.g., ubuntu-latest).
• GitHub provisions a new VM for each job.
• Steps in a job share information using the runner's filesystem.
• VM is decommissioned after job completion.

---

Supported runners and hardware

• GitHub-hosted runner application is open source.
• OS: Windows, Linux, and macOS
  • Runners include preinstalled software, updated weekly.
  • There are also Large Hosted Runners
• Self-Hosted Runners
• You can install additional software on runners.

---

DEMOS

---

ACT

Run Actions Locally

nektos/act

---

Security

• Never use structured data as a secret
• Register all secrets used within workflows
• Audit how secrets are handled
• Use credentials that are minimally scoped
• Audit and rotate registered secrets
• Consider requiring review for access to secrets

• Use an action instead of an inline script (recommended)
• Use an intermediate environment variable
• Use OpenID Connect to access cloud resources
• Pin third-party actions to a full length commit SHA

---

Actions Updates - Dependabot

• Actions are regularly updated for enhanced automation.
• Dependabot keeps GitHub Actions references in workflow.yml up-to-date.
• If newer action versions exist, Dependabot sends an update pull request.
• Dependabot also updates git references for reusable workflows.

.github/dependabot.yml

version: 2
updates:
  # See documentation for possible values
  - package-ecosystem: "github-actions"
    # Location of package manifests
    directory: "/" 
    schedule:
      interval: "weekly"

---

DEMOS

---

Bonus - Private Networking

• GitHub Actions is triggered.
• Actions service creates a runner.
• The runner service deploys the GitHub-hosted runner's NIC into your Azure VNET.
• The runner agent picks up the workflow job.
• The runner sends logs back to the GitHub Actions service.
• NIC accesses private resources.

---

Questions

---

Resources

Links

• https://docs.github.com
• https://skills.github.com
• codebytes/github-actions-demos
• https://learn.microsoft.com/en-us/training/paths/automate-workflow-github-actions/

Follow Chris Ayers

Twitter: @Chris_L_Ayers Mastodon: @Chrisayers@hachyderm.io LinkedIn: - chris-l-ayers Blog: https://chris-ayers.com/ GitHub: Codebytes

<script type="module"> import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs'; mermaid.initialize({ startOnLoad: true }); </script>