Using GitHub Action Workflows

  • Actions are just that, actions which can be taken by a workflow.
  • Workflows are defined in the .github/workflows directory as yml files.
  • Workflows are run on top of standard platforms of: Linux, Windows, or MacOS X.
  • The Linux platform is base on Ubuntu and comes with a LOT of functionality pre-packaged. Everything you would want, or expect, in a build agent, such as:
    • curl
    • jq
    • netcat
    • zip
    • aws-cli
    • Node.js
    • PHP
    • Ruby
    • Go

  • If using a Docker container in the workflow, the underlying platform must support the container platform For example, Windows containers only run on Windows.

  • When using GitHub actions with public repositories, be very careful not to expose secrets. Do not allow the arbritary running of an action on a pull-request branch:
name: Redis Service Example 

on: 
  - push 
  - pull_request
  • Unlike a build system like Jenkins or Bamboo, GitHub Actions do not automatically checkout the source code.
  • The action will setup a workspace, but it will not automatically add the code to it.
  • Checkout the code with the checkout action:
jobs:
  dewit:
    runs-on: "ubuntu-latest"
    steps:
      - uses: actions/checkout@master
  • Secrets can be used within the GitHub Action by calling them with $,
    where the secret was previously defined in the secrets tab of the GitHub Repo console.
    Secrets are only ever able to be written in the GitHub console, so they are relatively safe for use even in a public repo.
jobs:
  dewit:
    runs-on: "ubuntu-latest"

    steps:
      - name: ls s3
        run: aws s3 ls s3://www.hubner.dev/
        env:
          AWS_ACCESS_KEY_ID: $
          AWS_SECRET_ACCESS_KEY: $
          AWS_REGION: $
          AWS_DEFAULT_REGION: $
  • Although ubuntu-latest includes Node.js and the aws-cli, it does not include the aws-sdk for Node.js.
    The aws-sdk for Node.js can be easily installed using npm, which is included in the ubuntu-latest environment
jobs:
  dewit:
    runs-on: "ubuntu-latest"

    steps:
      - uses: actions/checkout@master

      - name: npm install aws-sdk
        run: npm install aws-sdk

A simple workflow that will upload a website to S3 using the aws cli

  • Ever time a push is made to the master branch, this site will be uploaded to S3.
  • No accomodation for Cloudfront invalidations is made, but could be done easily using s3_website instead of aws s3 sync.

FILE: .github/workflows/deploy.yml

---

name: Deploy

on:
  push:
    branches:
      - master

jobs:
  deploy:
    runs-on: "ubuntu-latest"

    steps:
      - uses: actions/checkout@master

      - name: npm install aws-sdk
        run: npm install aws-sdk

      - name: sync to s3
        run: aws s3 sync . s3://www.hubner.dev/ --exclude '.git/*' --exclude '.github/*' --exclude 'node_modules/*' --exclude README.md --exclude package-lock.json --exclude package.json
        env:
          AWS_ACCESS_KEY_ID: $
          AWS_SECRET_ACCESS_KEY: $
          AWS_REGION: $
          AWS_DEFAULT_REGION: $
categories: github | githubactions |