GitHub Actions

GitHub Actions logo. Source: GitHub 2022d.
GitHub Actions logo. Source: GitHub 2022d.

In any software project, there are repetitive tasks that can benefit from automation. Code reviews, branch management, pull request labelling, regression testing, issue triaging, release management, npm package publication, and cloud deployment are examples of such tasks. These are hard to do manually or consistently. GitHub Actions is feature of GitHub to automate these tasks.

Before 2018, third-party tools and services such as CircleCI, Jenkins and Travis CI were used to automate some of these tasks. Bots automated repetitive tasks. With GitHub Actions, it's now possible to do these more easily within the GitHub platform for code hosted at GitHub.

The GitHub Marketplace has thousands of free GitHub Actions shared by developers. This improves productivity for developers and teams. Actions can be executed for private/public repositories under free/paid plans, though limits differ.

Discussion

  • What are the use cases for GitHub Actions?
    GitHub Actions can be used to automate any part of a GitHub workflow. Source: Chandrasekara and Herath 2021, fig. 1.
    GitHub Actions can be used to automate any part of a GitHub workflow. Source: Chandrasekara and Herath 2021, fig. 1.

    While there are thousands of tasks that could be automated with GitHub Actions, we mention a few. The notable use case is CI/CD in which every commit triggers a build-and-test cycle so that code merges become simpler and errors are caught proactively.

    When making a software release, with Actions we can build the software for multiple architectures in parallel. Likewise, for software testing or code coverage, we can exercise the software across all variations of platform versions, browsers, operating systems, etc.

    Before publishing container images to a registry, it's a good idea to scan them for security vulnerabilities. After scanning, the resulting metadata is checked against security policies for compliance. These tasks can be part of a GitHub Actions workflow.

    GitHub itself uses Actions to track vulnerabilities in open source components they use. When an issue is raised, a workflow updates an internal database and reports it as per security policies.

  • What are the components of GitHub Actions?
    An event triggers a workflow of two jobs. Source: GitHub Docs 2022c.
    An event triggers a workflow of two jobs. Source: GitHub Docs 2022c.

    We describe the following components:

    • Workflow: Encapsulates a specific automation. Defined in a configurable YAML file at .github/workflows within the repository. A repository can have multiple workflows.
    • Event: Triggers a workflow. Pull request, new commit and new issue are examples of events. A REST API call, a manual trigger or a defined schedule can also trigger workflows. See the full list of events.
    • Job: A sequence of steps that define the actual execution of a workflow. A shell script or an action is executed. A workflow can have one or more jobs. Jobs can be defined to run in parallel or in sequence. Steps within a job are sequential and can share data.
    • Action: A custom application for the GitHub Actions platform. Encapsulates repetitive tasks and enables code reuse across workflows. Actions are steps in a job. Configured in a YAML file at .github/actions.
    • Runner: A server that runs a workflow. A runner runs a single job. GitHub provides Ubuntu Linux, Microsoft Windows, and macOS runners. Projects can also use self-hosted runners. Each workflow run creates a new virtual machine.
  • Could you describe some important features of GitHub Actions?
    Illustrating the basic elements of GitHub Actions. Source: Adapted from GitHub 2020a.
    Illustrating the basic elements of GitHub Actions. Source: Adapted from GitHub 2020a.

    Reusability is an essential feature. A workflow can reuse actions defined in the same repository, a public repository or a published image on Docker Hub. A workflow itself can be reused if defined in the same repository or a public repository.

    Actions can use variables. These are name-value pairs under env, which can be scoped to the entire workflow, a job or a step. In addition, workflows can use default environment variables. Examples include GITHUB_ACTION_PATH, GITHUB_EVENT_NAME, GITHUB_RUN_ID, RUNNER_ARCH, RUNNER_OS, and many more.

    Expressions are those within ${{…}}. In conjunction with if, they can be used to execute jobs or steps conditionally. Expressions include literals (null, true, false, numbers, strings), operators (index, compare, logical, etc.) and functions (contains, startsWith, join, toJSON, etc.).

    Contexts are objects that contain useful information. Available contexts include github, env, job, steps, runner, secrets, strategy, matrix, needs, and inputs. Default environment variables exist only on the runner. In other parts of the workflow, use contexts. For example, if: ${{ github.ref == 'refs/heads/main' }} executes the job only if the current branch is main.

  • What's the mechanism to pass data among jobs and workflows?
    Illustrating job output. Source: Adapted from GitHub Docs 2022m.
    Illustrating job output. Source: Adapted from GitHub Docs 2022m.

    To set an environment variable, here's an example showing two ways to do it: echo "action_state=yellow" >> $GITHUB_ENV within a run or action_state: yellow within env context. Subsequent steps of the job can access it via env.action_state. In shells, it can be accessed as $action_state (Linux) or $env::action_state (PowerShell).

    Suppose job2 depends on job1. Via outputs property, job1 can pass data to job2, which can access it via the needs context. Workflow artifacts allow for persistent data across jobs of the same workflow. Common artifacts include log files, core dumps, test results, code coverage results, screenshots, and binary files.

    To pass inputs to a workflow, the property inputs can be used. Each input has a name and sub-properties description, type, default and required. Within the workflow, inputs can be accessed via github.event.inputs.

  • What's the platform and language support for GitHub Actions?
    Build matrix can build software for different targets. Source: Gluon 2020.
    Build matrix can build software for different targets. Source: Gluon 2020.

    GitHub Actions is supported on Linux, Windows and macOS platforms. Workflows can be configured to use specific versions of these platforms or the latest version. This is specified via the job property runs-on. Another useful feature build matrix. With a single job definition, developers can execute variations of the job in parallel, such as for different OS or Node versions. This is specified with the job property strategy.matrix.

    For programming actions, GitHub Actions supports C, C++, C#, Go, Java, JavaScript, PHP, Python, Ruby, Scala, and TypeScript.

    Within a Docker environment any platform and any language can be used. The job property container includes container configuration including image, environment, ports and volumes to use. A developer can releases Docker images for various architectures.To facilitate this, Docker has published actions for QEMU setup (docker/setup-qemu), enhanced build capability (docker/setup-buildx), Docker Hub authentication (docker/login-action), and build and push images to Docker Hub (docker/build-push-action).

  • What are some best practices for GitHub Actions?

    Keep actions minimal to reduce wait times and favour reuse. Install only necessary dependencies. In fact, leverage GitHub's feature that can cache dependencies. In case of Node.js, publish the entire node_modules folder. Don't pollute the global environment with lots of variables. Variables can be scoped to narrower levels such as a job or a step. Don't overwrite default environment variables. To attribute action to authors, use the author metadata in YAML file. Version actions properly. Test actions before releasing them.

    From a security standpoint, avoid self-hosted runner in a public repository. Someone could take a fork and submit a pull request with malicious code. Use GitHub web interface to manage secrets. Never hardcode these actions in a YAML file. Don't dump context data into logs since this could expose sensitive information.

    Many Marketplace actions are not certified by GitHub. Have a security policy to either fully block them or allow them via forking. When reusing actions, pick a stable version rather than the latest on the master branch.

  • What tools can help developers create GitHub Actions?

    For many common use cases, developers need not create actions from scratch. The GitHub Marketplace has 12,000+ actions shared by developers and organizations. Of these, nearly 300 are from verified creators. Marketplace actions are grouped into many categories: API management, code quality, continuous integration, dependency management, IDEs, mobile, monitoring, security, testing, and more.

    Beginners can start with the official documentation. The GitHub Actions guides has tutorials and overviews on specific use cases. Take a look at the course material of GitHub Actions: Hello World. For a summary, consult the Actions Cheat Sheet.

    Details of VMs used by GitHub-hosted runners are available.

    Those using other CI/CD tools can read the migration guides. These are available for Azure Pipelines, CircleCI, GitLab CI/CD, Jenkins and Travis CI.

    To help developers build actions easily, toolkits are available. The official toolkit supports JavaScript, TypeScript and Docker. An alternative is Etcovitch's toolkit. A curated list of GitHub Actions is also available online.

Milestones

Apr
2008

GitHub is launched as an online software repository that uses Git, a decentralized version control system. By July, GitHub hosts 10,000 repositories. It's particularly popular among open source and Rails communities.

Oct
2018

Microsoft is in the process of acquiring GitHub. About the same time, GitHub Actions is announced. This makes GitHub more than just a code repository. Workflows can be automated. Sam Lambert, GitHub's platform head, describes this as "the biggest shift we've had in the history of GitHub."

Nov
2018

A study of 351 sampled open source projects on GitHub finds that 93 (26%) use bots. This excludes the newly launched GitHub Actions. Bots are used for ensuring license agreement signing, reporting integration failures, reviewing code, reviewing/merging pull requests, assigning reviewers, welcoming newcomers, running automated tests, building, creating issues, and more.

Nov
2019
Status of a GitHub Actions CI/CD pipeline execution. Source: Ekpang 2019.
Status of a GitHub Actions CI/CD pipeline execution. Source: Ekpang 2019.

Due to popular demand from developers, support for CI/CD becomes generally available. An example CI/CD pipeline would be to trigger a build and deploy to Heroku whenever a new commit happens on the master branch. Based on the project, GitHub can suggest suitable Actions workflows. It's now easy to publish/consume packages from GitHub Package Registry and other registries. Beta version of this feature was announced in August.

Sep
2020

With the release of GitHub Enterprise Server 2.22, GitHub Actions is for the first time supported in GitHub Enterprise Server. This includes support for enterprise features such as centralized self-hosted runners, runner groups to manage access controls, and custom workflow templates. By now, GitHub Actions is the most popular CI solution on GitHub.com.

Mar
2021
How developers are using GitHub Actions. Source: Adapted from Kinsman et al. 2021.
How developers are using GitHub Actions. Source: Adapted from Kinsman et al. 2021.

Kinsman et al. publish results of a study on how developers are using GitHub Actions on open source projects. The study considers the period Nov 2019 to Aug 2020. Of the 416k+ active repositories, only 0.7% are using actions. Python, Java and Ruby repositories are the top adopters. Common actions include repository checkout or environment setup. Most actions are in the categories of continuous integration, utilities and deployment. They also find that Actions doesn't result in faster merges of pull requests.

Oct
2021
An example of reusable workflow. Source: Adapted from Schelkopf 2021.
An example of reusable workflow. Source: Adapted from Schelkopf 2021.

Beta version of reusable workflows is introduced. Repetitive tasks can be encapsulated into actions or workflows. This reduces duplication and brings consistency. Like actions, workflows support inputs and outputs to pass data. In November, this feature becomes generally available.

Feb
2022

At the GitHub Marketplace, there are now 12,000+ Actions that developers can readily use.

Sample Code

  • # Source: https://github.github.io/actions-cheat-sheet/actions-cheat-sheet.html
# Accessed 2022-02-10

name: My Workflow
on:
  push:
    branches:
      - 'releases/*'
      - '!releases/**-alpha'
env:
  message: 'conversation'
  my_token: ${{ secrets.GITHUB_TOKEN }}
jobs:
  my_build:
    runs-on: ubuntu-latest
    steps:
      - name: Checking out our code
        uses: actions/checkout@master
      - name: Say something
        run: |
          echo "A little less ${message}"
          echo "A little more action"
  my_job:
    needs: my_build
    container:
      image: node:10.16-jessie
      env:
        NODE_ENV: development
      ports:
        - 80
      volumes:
        - my_docker_volume:/volume_mount
      options: --cpus 1
    services:
      redis:
        image: redis
        ports:
          - 6379/tcp
 

References

  1. Almeida, Bruno. 2021. "5 GitHub Actions CI/CD Best Practices." Blog, Cloud Central, NetApp, June 8. Accessed 2022-02-10.
  2. AlternativeTo. 2021. "GitHub Actions Alternatives." AlternativeTo, November 4. Accessed 2022-02-22.
  3. Catone, Josh. 2008. "GitHub Gist is Pastie on Steroids." Sitepoint, July 24. Accessed 2022-02-21.
  4. Chandrasekara, Chaminda and Pushpa Herath. 2021. "Hands-on GitHub Actions". Apress. Accessed 2022-02-10.
  5. Ekpang, Michael. 2019. "Creating a CI/CD pipeline using Github Actions." On Medium, September 27. Accessed 2022-02-21.
  6. Etcovitch, Jason. 2021. "GitHub Actions Toolkit." On GitHub, April 22. Accessed 2022-02-10.
  7. Friedman, Nat. 2019. "GitHub Actions now supports CI/CD, free for public repositories." Blog, GitHub, August 8. Accessed 2022-02-10.
  8. Giordano, Jason. 2019. "Intro to GitHub Actions." Blog, Developer Support, Microsoft, December 19. Accessed 2022-02-21.
  9. GitHub. 2020a. "Actions Cheat Sheet." GitHub, February 13. Accessed 2022-02-10.
  10. GitHub. 2021a. "Inside GitHub: How we use GitHub Actions." GitHub Universe 2021, on YouTube, October 28. Accessed 2022-02-10.
  11. GitHub. 2021b. "What is GitHub Actions? Benefits and examples." Whitepaper, GitHub. Accessed 2022-02-21.
  12. GitHub. 2022a. "GitHub Actions." Features, GitHub. Accessed 2022-02-10.
  13. GitHub. 2022b. "GitHub Actions Toolkit." GitHub, February 8. Accessed 2022-02-10.
  14. GitHub. 2022c. "Actions to improve your workflow." GitHub Marketplace. Accessed 2022-02-21.
  15. GitHub. 2022d. "GitHub Actions." GitHub. Accessed 2022-02-10.
  16. GitHub Docs. 2022a. "GitHub Actions." Documentation, GitHub. Accessed 2022-02-10.
  17. GitHub Docs. 2022b. "GitHub Actions guides." Documentation, GitHub. Accessed 2022-02-10.
  18. GitHub Docs. 2022c. "Understanding GitHub Actions." Documentation, GitHub. Accessed 2022-02-10.
  19. GitHub Docs. 2022d. "Quickstart for GitHub Actions." Documentation, GitHub. Accessed 2022-02-10.
  20. GitHub Docs. 2022e. "GitHub language support." Documentation, GitHub. Accessed 2022-02-10.
  21. GitHub Docs. 2022f. "Finding and customizing actions." Documentation, GitHub. Accessed 2022-02-22.
  22. GitHub Docs. 2022g. "Essential features of GitHub Actions." Documentation, GitHub. Accessed 2022-02-22.
  23. GitHub Docs. 2022h. "Expressions." Documentation, GitHub. Accessed 2022-02-22.
  24. GitHub Docs. 2022i. "Contexts." Documentation, GitHub. Accessed 2022-02-22.
  25. GitHub Docs. 2022j. "Environment variables." Documentation, GitHub. Accessed 2022-02-22.
  26. GitHub Docs. 2022k. "Reusing workflows." Documentation, GitHub. Accessed 2022-02-22.
  27. GitHub Docs. 2022l. "Using a build matrix for your jobs." Documentation, GitHub. Accessed 2022-02-22.
  28. GitHub Docs. 2022m. "Workflow syntax for GitHub Actions." Documentation, GitHub. Accessed 2022-02-22.
  29. GitHub Docs. 2022n. "Workflow commands for GitHub Actions." Documentation, GitHub. Accessed 2022-02-22.
  30. GitHub Docs. 2022o. "Storing workflow data as artifacts." Documentation, GitHub. Accessed 2022-02-22.
  31. GitHub Docs. 2022p. "Events that trigger workflows." Documentation, GitHub. Accessed 2022-02-22.
  32. GitHub Docs. 2022q. "Usage limits, billing, and administration." Documentation, GitHub. Accessed 2022-02-22.
  33. GitHub Docs. 2022r. "About continuous integration." Documentation, GitHub. Accessed 2022-02-22.
  34. Gluon. 2020. "Use GitHub Actions to automate your Gluon build and release cycle." Gluon, November 25. Accessed 2022-02-10.
  35. Greenberg, Ben. 2021. "GitHub Actions Is Not Only for CI/CD." Blog, Orbit, October 19. Accessed 2022-02-10.
  36. Iradier, Álvaro. 2020. "Image Scanning with GitHub Actions." Blog, Sysdig, January 14. Accessed 2022-02-10.
  37. Kellogg-Stedman, Lars. 2020. "Building multi-architecture images with GitHub Actions." Blog, The Odd Bit, September 25. Accessed 2022-02-22.
  38. Kinsman, Timothy, Mairieli Wessel, Marco A. Gerosa, and Christoph Treude. 2021. "How Do Software Developers Use GitHub Actions to Automate Their Workflows?" arXiv, v1, March 22. Accessed 2022-02-10.
  39. Kotti, Reethi. 2021. "Github Actions Security Best Practices." Salesforce Engineering, on Medium, October 19. Accessed 2022-02-10.
  40. Lardinois, Frederic. 2018. "GitHub launches Actions, its workflow automation tool." TechCrunch, October 16. Accessed 2022-02-10.
  41. Ross, Maya. 2020. "GitHub Enterprise Server 2.22 is here." Blog, GitHub, September 23. Accessed 2022-02-17.
  42. Saini, Shivansh. 2020. "Do GitHub Action like a Pro!" GitConnected, on Medium, July 4. Accessed 2022-02-10.
  43. Schelkopf, Jennifer. 2021. "GitHub Actions: reusable workflows is generally available." Blog, GitHub, November 29. Accessed 2022-02-17.
  44. Wessel, Mairieli, Bruno Mendes de Souza, Igor Steinmacher, Igor S. Wiese, Ivanilton Polato, Ana Paula Chaves, and Marco A. Gerosa. 2018. "The Power of Bots: Characterizing and Understanding Bots in OSS Projects." Proceedings of the ACM on Human-Computer Interaction, Vol. 2, Issue CSCW, Article No. 182, pp. 1–19, November. doi: 10.1145/3274451. Accessed 2022-02-10.
  45. Zilberman, Eyar. 2020. "Top 7 GitHub Actions best practices guide." Datree, March 6. Accessed 2022-02-10.

Further Reading

  1. Apolinario, Bernard, Sujith Nair, and Latha Natarajan. 2020. "GitHub Actions Overview." DevBlogs, Microsoft, July 16. Accessed 2022-02-10.
  2. Kra, Yonatan. 2021. "7 Github Actions Tricks I Wish I Knew Before I Started." Blog, December 3. Accessed 2022-02-10.
  3. Douglas, Brian. 2021. "7 advanced workflow automation features with GitHub Actions." Blog, GitHub, November 18. Accessed 2022-02-10.
  4. Baron, Daniela. 2021. "Debug Github Actions." Blog, February 15. Accessed 2022-02-10.
  5. Bos, Rob. 2021. "GitHub Actions & Security: Best practices." Blog, February 6. Accessed 2022-02-10.
  6. Chandrasekara, Chaminda and Pushpa Herath. 2021. "Hands-on GitHub Actions". Apress. Accessed 2022-02-10.

Article Stats

Author-wise Stats for Article Edits

Author
No. of Edits
No. of Chats
DevCoins
Avatar of user arvindpdmn arvindpdmn
5
0
1547
DevCoins due to articles, chats, their likes and article hits are included.
1806
Words
1
Authors
5
Edits
2
Chats
1
Likes
6539
Hits

Cite As

Devopedia. 2023. "GitHub Actions." Version 5, May 9. Accessed 2023-11-12. https://devopedia.org/github-actions
Contributed by
1 author

Last updated on
2023-05-09 07:57:05