book

Mastering GitHub Actions

Name: Mastering GitHub Actions
Author: Eric Chapman
ISBN: 9781805128625

by Eric Chapman

March 2024

Intermediate to advanced

490 pages

12h 21m

English

Packt Publishing

Read now

Unlock full access

Mastering GitHub Actions
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Part 1:Centralized Workflows to Assist with Governance
Chapter 1: An Overview of GitHub and GitHub Actions
Technical requirementsExploring the GitHub platformWalk-through of the overview interface and featuresThe different types of accounts on GitHubCreating a personal GitHub accountThe different types of plans on GitHubGitHub FreeGitHub TeamGitHub EnterpriseCreating an organization accountA brief introduction to GitHub ActionsAn overview of organization accountsManaging teamsOrganization defaultsGitHub ActionsThe .github repositoryTemplates and reusable workflow repositoriesReusable workflowsWorkflow templatesSummary
Chapter 2: Exploring Workflows
Technical requirementsExploring workflow capabilitiesEvents or triggersJobsStepsFeatures of a workflowUsing events to trigger workflowsWorkflow structuring and good habitsExploring workflow jobsUnderstanding how jobs workRunning jobs in a containerRunning servicesSummary
Chapter 3: Deep Dive into Reusable Workflows and Composite Actions
Technical requirementsSetting up the CLIIntroducing reusable workflowsReusable workflows versus normal workflowsUse cases for reusable workflowsLimitations of reusable workflowsUnderstanding composite actionsKey concepts of composite actionsUse cases for composite actionsLimitations of composite actionsCreating a reusable build pipelineMarking a workflow as a reusable workflowCreating a local composite actionDebugging techniques for workflowsact workflow debugging toolVisual Studio Code GitHub Actions pluginDebugging event dataRunner diagnostic loggingStep debug loggingWorkflow monitoring and alertingGitHub notification capabilitiesIntegrating GitHub Actions with SlackDatadogSummary
Chapter 4: Workflow Personalization Using GitHub Apps
Technical requirementsGitHub token optionsGitHub App tokensGitHub personal access tokensWorkflow tokensCreating a GitHub AppInstalling and managing the App’s credentialsLeveraging a GitHub App in various use casesSummary
Chapter 5: Utilizing Starter Workflows in Your Team
Technical requirementsWhat are starter workflows?Accessing starter workflowsStarter workflows in a private repositoryCreating our starter workflowUtilizing our starter workflowApplications of self-service reusable workflowsSummary
Part 2: Implementing Advanced Patterns within Actions
Chapter 6: Using HashiCorp Vault in GitHub
Technical requirementsUnderstanding what OIDC isHow to get an Identity token in a workflowOIDC in reusable workflowsSetting up a HashiCorp Cloud Vault instanceWhat is HashiCorp Cloud Vault?Creating a HashiCorp Cloud Platform accountAccessing your Vault clusterUnderstanding secret engines and where secrets are storedCreating a secret in Vault that GitHub Actions can accessAdding our Slack API token as a secretEnabling JWT authentication in HashiCorpEnabling JWT for GitHub-produced tokensWhat is JWKS?Creating a HashiCorp secret policyCreating a HashiCorp JWT roleSetting up a workflow to use HashiCorpExploring other security hardening techniquesImplementing CODEOWNERSOIDC action recommendationsHashiCorp actions recommendationsAzure Key VaultSummary

Chapter 7: Deploying to Azure Using OpenID Connect
Technical requirementsExploring our infrastructure using BicepWhy Bicep?Understanding the components of BicepAzure infrastructure requirementsDeploying locally with the Azure CLIUnderstanding the folder structureDeploying our resource group with the Azure CLIDeploying our container registry with the Azure CLIDeploying our container instance with the Azure CLIDeploying infrastructure alongside our application codeThe teardownAdding infrastructure to our repositoryBest practices and areas for improvementReusable workflows for applications and infrastructureAuthorizing our deployments with Azure and OIDCSubject patterns and their limitationsUsing OIDC for Azure in the reusable workflowCorrecting the trustSummary
Chapter 8: Working with Checks
Technical requirementsExploring check suites and checksWhat are checks?Introducing check suitesInteracting with the Checks APIUnderstanding commit statusesWhat are commit statuses?Interacting with commit statusesWhen should we use commit statuses over checks?Creating checks and check suitesUnderstanding how check suites workWorking with the GitHub APICreating a checkFailing and passing checksConclusionsPlaying with check outcomesCreating custom actionsWhat makes an action an action?Types of actionsDefining outputs in actionsLet’s create an actionPutting our action to useExploring further action opportunitiesBrandingCreating/updating check runsControlling check failuresCreating checks with different tokensSummary
Chapter 9: Annotating Code with Actions
Technical requirementsExploring annotations within checksThe structure of an annotationCreating annotations on a check runUnderstanding the validation rules for annotationsAnnotations in actionIntroducing annotation support for our RichChecks actionCreating annotations from build outputInfrastructure lintingDisplaying our resultsCreating annotations from a GitHub App using ProbotExploring Probot-powered appsThe importance of a spell checkerSummary
Chapter 10: Advancing with Event-Driven Workflows
Technical requirementsUnderstanding GitHub events more deeplyThe core of GitHub event payloadsTailored automation with eventsCreating an issue from a pull requestSubscribing to the eventIntroducing the GitHub Issues APICreating an issueLinking pull requests to issuesPromoting your new releasesWhat are GitHub releases?Creating a release manuallySubscribing to the eventCreating the communicationTargeting published releasesDesigning a chatbot using ChatGPTSubscribing to the event and collecting the dataCreating a conversation with OpenAIs APIsHelpful AI actions and appsCode Autopilot – AI coderOpenCommitSummary
Chapter 11: Setting Up Self-Hosted Runners
Technical requirementsExploring self-hosted runnersAction runner variantsAction runner groupsDeploying self-hosted runnersA local runner in actionExploring ARCHow does it work?Scaling optionsMonitoring and troubleshootingRunning ARC locallyA brief overview of KubernetesUnderstanding the importance of containersSetting up MinikubeInstalling HelmDeploying ARC on MinikubeUsing the cloud for your runsSetting up Kubernetes using BicepSetting up a GitHub AppDeploying the new ARCAdvanced techniques with ARCScaling in ARCRunning within a proxyRunner labelsCustomizing the runner specificationObserving our self-hosted infrastructureHousekeepingSummary
Part 3: Best Practices, Patterns, Tricks, and Tips Toolkit
Chapter 12: The Crawler Pattern
Technical requirementsIntroducing the crawler patternHow does this pattern work?Methods of feeding the matrixMaking bulk repository changesAdding permissions to all repositoriesAdding branch protectionMaking bulk content changesUnderstanding the workflowRolling out content in bulkSummary
Chapter 13: The Configuration Centralization Pattern
Technical requirementsUnderstanding the central configuration patternCreating a repository indexerSchedules in GitHub workflowsSetting up the indexerHosting the results using GitHub PagesConfiguring the repository for GitHub PagesCreating the action for the deploymentWhere to go nextSummary
Chapter 14: Using Remote Workflows to Kickstart Your Products
Technical requirementsIntroducing repository dispatch eventsAdvantages of repository dispatch eventsRequirements for creating a repository dispatch eventSetting up a repository dispatch workflowUnderstanding product kickstartersA brief overview of product kickstartersCreating template repositoriesBuilding a kickstarter templateInternal developer portal and other use casesAdding portal visibility for developersExploring other use casesSummary
Chapter 15: Housekeeping Tips for Your Organization
Technical requirementsManaging GitHub costsGitHub spending limitsAlerting on usageUsage monitoringWorkflow usage across the organizationOptimizing uploads and downloadsCompressible artifact actionMethods for eliminating GitHub storageUseful reporting techniques for your organizationCreating a dormant user reportCreating a user member contribution reportManaging your action updates with DependabotSummary
Chapter 16: Handy Workflows for Managing Your Software
Technical requirementsExploring commit and pull request lintersPR lintersCommit lintersSBOM generation as part of release managementYour actions toolkitBuilding and deploying pipelinesCommunity action listsGitHub certificationsSummary
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Mastering GitHub Actions

7 Deploying to Azure Using OpenID Connect

In this chapter, we’ll embark on an exciting journey of deploying applications to Azure using the dynamic combination of GitHub Actions and OpenID Connect (OIDC) authentication. With a focus on security and efficiency, we’ll explore various configuration options to create workflows that seamlessly authenticate and authorize themselves against Azure resources. Leveraging the robust capabilities of the Azure CLI and Bicep, we’ll establish the core infrastructure required for our deployments. By implementing a secure connection between GitHub Actions and Azure, we’ll ensure that our workflows possess the necessary permissions to interact with Azure resources, safeguarding sensitive information.

Our exploration ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781805128625

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mastering GitHub Actions

by Eric Chapman

7

Deploying to Azure Using OpenID Connect

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.