GitHub Actions Tips & Tricks
Related Components
Security
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
Tips & Tricks
Write Complex Steps in github-script
Rather than try some impossible concoction of YAML, use typescript to define your CI/CD logic.
https://github.com/actions/github-script
Easily Write Files in Workflows
The 1arp/create-a-file-action
action is convenient for writing files.
- name: Create ${{ steps.vars.outputs.argocd_app_root }}/config.yaml
uses: 1arp/[email protected]
with:
path: "some/dir"
file: config.yaml
content: |
name: "${{ github.event.deployment.payload.app }}"
manifests: "${{ steps.vars.outputs.argocd_app_manifests }}"
namespace: "${{ inputs.namespace }}"
Checkout and Run Private GitHub Actions
GitHub Enterprise users can now use private actions natively within the organization.
https://github.blog/changelog/2022-01-21-share-github-actions-within-your-enterprise/
- name: Checkout Shared Actions
uses: actions/checkout@v2
with:
repository: acme/actions
path: ./.github/actions
token: ${{ secrets.CROSS_REPO_TOKEN }}
- name: Hello World
uses: ./.github/actions/hello-world
id: hello-world
Use Empty Commits to Trigger Actions
git commit --allow-empty --message 'bump'
Use workflow_dispatch
to Manually Trigger Workflows
In this example, the workflow will trigger on workflow_dispatch
and prompt the user to enter the required input for delete
. Note, delete
is just an example; the input parameters can be whatever you want.
on:
# Enable manual runs
workflow_dispatch:
inputs:
delete:
description: 'Set to "true" to actually delete stuff'
required: true
default: 'false'
Known Limitations
There are a lot of non-obvious limitations when working with GitHub Actions. Here are the ones we’ve been bit by in developing workflows. Also, make sure to check out the Public Roadmap for GHA.
Roadmap Items
These are some roadmap items we’re excited to see implemented:
General
-
Set in GitHub Actions running on self-hosted runner hangs indefinitely. Nothing meaningful in logs. The issue may be due to higher resource requirements for the
summerwind/actions-runner-dind
GHA runner. Increasing the resources may resolve the issue. -
Not all event types will run off of branches. Learn more here https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-
A single workflow cannot build and then
use
the derived docker image. Docker image must exist before workflow is started. -
Workflow approval steps are a GitHub Enterprise feature. https://docs.github.com/en/actions/managing-workflow-runs/reviewing-deployments
-
GitHub Actions can only be used from public repos unless using GitHub Enterprise with an “enterprise” account to support
internal
(not “private”) repositories. To use in private repos, you need togit clone
the repo anduse
the local path to the action. https://github.blog/changelog/2022-01-21-share-github-actions-within-your-enterprise/ https://github.com/github/roadmap/issues/254
https://github.com/github/roadmap/issues/74
-
GitHub Actions cron jobs automatically disable after 60 days of inactivity (no new commits) https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow
-
The
GITHUB_TOKEN
is scoped to only permit operations on the current repo of the GitHub Action workflow -
No ternary operator https://github.com/actions/runner/issues/409
-
No way to restrict who can edit workflows to a subset of users with write permissionshttps://github.com/actions/runner/issues/494
Composite Actions
-
Composite actions do not supportif
conditional. https://github.com/actions/runner/issues/834 Update! Released 2021-11-09 https://github.blog/changelog/2021-11-09-github-actions-conditional-execution-of-steps-in-actions/ -
Composite actions do not support post-run capabilities https://github.community/t/no-post-run-capability-for-composite-actions/139046/4
-
Composite actions cannot call other composite actionshttps://github.com/actions/runner/issues/862
Shared Workflows
-
GitHub Actions shared workflows can only be private in GitHub Enterprise using an
internal
(notprivate
) repo.. https://docs.github.com/en/actions/learn-github-actions/reusing-workflows -
Private reusable workflows is in the GitHub Roadmap https://github.com/github/roadmap/issues/51
-
Reusable workflows can't call other reusable workflows.
-
Reusable workflows stored within a private repository can only be used by workflows within the same repository (unless using GitHub Enterprise).
-
Any environment variables set in an
env
context defined at the workflow level in the caller workflow are not propagated to the called workflow. For more information about theenv
context, see "Context and expression syntax for GitHub Actions." -
You can't set the concurrency of a called workflow from the caller workflow. For more information about
jobs.<job_id>.concurrency
, see "Workflow syntax for GitHub Actions." -
The
strategy
property is not supported in any job that calls a reusable workflow.
References
-
Helpful github actions by ReviewDog https://github.com/reviewdog/reviewdog
-
deployment
documentation https://docs.github.com/en/rest/reference/deployments , https://docs.github.com/en/rest/reference/deployments#create-a-deployment