Read the Github tutorial to understand the basic syntax and usages of github actions:
https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions
This example tutorial shows three big ways of running jobs in github actions
The easiest way to run a job is with an action already made, there are three types of actions:
- Officially made by github in "actions/"
- Action made by a verified marketplace user
- Third party actions
The most common action you will probably use is the checkout action that checkout your repository in your runner
- uses: actions/checkout@v3
An action for seting up node js, the with keyword allow you to specify arguments for the actions, in this case the node version
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
Made by AWS to configure your credentials, starting with aws-actions instead of just actions
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: 'eu-central-1'
The easiest way directly write bash to run some commands:
run: echo "Hello World!"
codeQL is a security tool for discovering vulnerabilities and we want to install and run it using bash commands.
In this example:
- Download and unzip codeQL
- Use the codeQL executable to download a codeQL extensions for javascript
- Create a database for our code located in src/
- Analyse the database to check if there is any vulnerabilities
codeql:
runs-on: ubuntu-latest
needs: lint
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: |
wget -q https://github.com/github/codeql-cli-binaries/releases/download/v2.12.3/codeql-linux64.zip
unzip codeql-linux64.zip
- name: CodeQL for js
run: |
./codeql/codeql pack download codeql/javascript-queries
./codeql/./codeql database create -l javascript ./db -s src/
- name: CodeQL analysis
run: ./codeql/./codeql database analyze --format=CSV --output=output.csv db
You can make custom actions using Docker or Javascript:
In this cases you specify directly the local directory where the action is located
- name: Use whispers in docker
uses: ./WhispersModule/
Inside the WhispersModule directory:
action.yml with metadata about your action:
name: "Whispers"
description: 'Simple whispers checking for leaked secrets'
author: 'Epita GDSC <gdsc.epita@gmail.com>'
runs:
using: docker
image: Dockerfile
It needs a dockerfile:
FROM python:3.8
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
An entrypoint script where you can put whatever bash commands / running other executables:
#!/bin/sh -l
pip install whispers
output=$(whispers src/)
if [ "$output" = "[]" ]
then
exit 0
fi
echo "Whispers error: $output"
exit 1
Warning don't forget to make it an executable or else you will get a permission error:
$ git add entrypoint.sh
$ git update-index --chmod=+x entrypoint.sh