GitHub Actions
Giovanni Tirloni
gtirloni at ocadu.ca
Sat Jun 20 14:40:34 UTC 2020
It runs automatically, there's no authorization required.
This would be a problem with Jenkins runners because that meant arbitrary code could be executed on our infrastructure.
It's less of a problem with GitHub Actions because the CI jobs run on GitHub-owned runners (so they deal with any abuse, not us) and PRs from other repositories do not have access to the secrets stored in our repositories (i.e. even if a PR were to trigger a deploy job, it wouldn't have access to, say, the SSH private key or some other token required for that).
________________________________
From: Antranig Basman <antranig.basman at colorado.edu>
Sent: Saturday, June 20, 2020 05:47
To: fluid-work at lists.idrc.ocad.ca <fluid-work at lists.idrc.ocad.ca>; Giovanni Tirloni <gtirloni at ocadu.ca>
Subject: Re: GitHub Actions
Cheers, this is brilliant work and great to reduce our dependence on
Jenkins. Does the CI job run automatically for every update to a PR, or
is there some equivalent of the old "ok to test" system?
On 19/06/2020 13:31, Giovanni Tirloni wrote:
> Hi Tony,
>
> I translated the Jenkins configuration that lived in the ci-service
> repository:
>
> https://github.com/fluid-project/ci-service/blob/master/jenkins_jobs/infusion-pull-request.yml
>
> Into the GitHub Actions workflow configuration that lives in each code
> repository:
>
> https://github.com/fluid-project/infusion/blob/master/.github/workflows/main.yml
>
> Instead of using our Jenkins node (located in the IDRC datacenter), it's
> using the GitHub-hosted runners.
>
>
>
> Here we say the workflow should run on pushes and PRs for the master
> branch only:
>
> on: push: branches: [ master ] pull_request: branches: [ master ]
>
>
>
> The CI job runs on ubuntu-latest (for now, there's a PR to run it on
> Windows as well):
>
> jobs: build: runs-on: ubuntu-latest
>
>
> The build strategy means GitHub will template/duplicate the build
> definition for each of these values. They are just strings but it means
> we're testing against Node.js 10.x and 12.x:
>
> strategy: matrix: node-version: [10.x, 12.x]
>
>
>
> We pass the HEADLESS env var so our tests run in Firefox/Chrome headless:
>
> env: HEADLESS: true
>
>
> Then come the actual build instructions. We first do a Git checkout of
> the repo:
>
>
> steps: - uses: actions/checkout at v2
>
>
>
>
> Then we install the Node.js version we want, based on that matrix
> definition above.
>
> - name: Use Node.js ${{ matrix.node-version }} uses:
> actions/setup-node at v1 with: node-version: ${{ matrix.node-version }}
>
>
> And the usual build commands in separate Steps:
>
> - name: Install Node.js dependencies run: npm install - name: Code
> linter run: $(npm bin)/grunt lint - name: Browser tests run: $(npm
> bin)/testem ci --file tests/testem.js - name: Node.js tests run: $(npm
> bin)/nyc node tests/node-tests/basic-node-tests.js
>
>
>
> We are not using any special Action but there's a marketplace of them:
> https://github.com/marketplace?type=actions . They are basically Git
> repos with docker images or Javascript to run arbitrary code.
>
>
> The syntax reference for Workflow files is here:
> https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
>
> Regards,
> Giovanni
>
>
> ------------------------------------------------------------------------
> *From:* Tony Atkins <tony at raisingthefloor.org>
> *Sent:* Friday, June 19, 2020 06:20
> *To:* Giovanni Tirloni <gtirloni at ocadu.ca>
> *Cc:* fluid-work at lists.idrc.ocad.ca <fluid-work at lists.idrc.ocad.ca>
> *Subject:* Re: GitHub Actions
> Hi, Gio.
>
> Great to hear this. I know we could all work our way through the
> documentation and experiment with our own projects in time, but It'd be
> great for maintainers in the community to save time by learning from
> what you had to do. Would you be able to briefly write up what you had
> to do or possibly demo/present briefly in an upcoming meeting?
>
> Cheers,
>
>
> Tony
>
> On Tue, 16 Jun 2020 at 21:46, Giovanni Tirloni <gtirloni at ocadu.ca
> <mailto:gtirloni at ocadu.ca>> wrote:
>
> Hello,
>
> It seems GitHub Actions is working as expected.
>
> With that in mind, I'd like to disable Jenkins for the two Fluid
> repos that have builds enabled: Infusion and Kettle.
>
> Please let me know if there are any concerns.
>
> Regards,
> Giovanni
>
> ------------------------------------------------------------------------
> *From:* Giovanni Tirloni <gtirloni at ocadu.ca <mailto:gtirloni at ocadu.ca>>
> *Sent:* Monday, April 20, 2020 18:10
> *To:* fluid-work at lists.idrc.ocad.ca
> <mailto:fluid-work at lists.idrc.ocad.ca>
> <fluid-work at lists.idrc.ocad.ca <mailto:fluid-work at lists.idrc.ocad.ca>>
> *Subject:* GitHub Actions
> Hello,
>
> We're running an experiment to see if GitHub Actions [0] is a good
> replacement for our current Jenkins-based CI system.
>
> I've enabled Actions in the fluid-project/infusion repository today.
> Every new PR (and updates to old PRs) and commits to the master
> branch will trigger CI builds in both GitHub Actions and Jenkins.
> We'll run them in parallel for a while to collect usage data.
>
> The GitHub Actions workflow has a few benefits for us:
>
> * GitHub-owned runners so we don't need to worry about maintaining
> our own servers
> * Configuration As Code: the CI configuration lives in the
> repository and can be modified with PRs
> * Better integration with the GitHub UI
>
> We'll be trying more customizations in the near future but for now
> the GitHub Actions workflow in the Infusion repository more or less
> mimics the actions of the Jenkins-based pipeline configuration in
> the fluid-project/ci-service repository. For example, it doesn't yet
> publish a new Infusion build when commits are made to the master
> branch, that's coming next as it requires changes to how we do
> deployments.
>
> If you notice any issues or have any feedback, please feel free to
> reach out. If we have a good experience with Actions, we'll add it
> to more repositories.
>
> 0 - https://github.com/features/actions
>
> Regards,
> *Giovanni Tirloni*
> DevOps Engineer
> Inclusive Design Research Centre, OCAD University
> https://idrc.ocadu.ca <https://idrc.ocadu.ca/>
> _______________________________________________________
> fluid-work mailing list - fluid-work at lists.idrc.ocad.ca
> <mailto:fluid-work at lists.idrc.ocad.ca>
> To unsubscribe, change settings or access archives,
> see https://lists.idrc.ocad.ca/mailman/listinfo/fluid-work
> <https://secure-web.cisco.com/1Fy-8-ua8W6t3cX3JF5jTBrt88lp9HKvCSV88HJAKxL7x75oqEU4qXmAa_9sgV6xQku8aZu8pnTzBjqNSlXP4DN1CWek1LTAPA5l1EGY0qilcVP6rOKfAkT2izCYY63UYigTB2DTH5Bf6xssOBCLbM_ADTukmeMoifPbqB0VtX1UP4q4QuVz709QJiBzTbJAIaHm1NqcoyEtThtgvrNxQCYLHesamfYcbGNWlii_k2JQS3fTbbpfSG6GsGYJAmkOp5ctLbPjiWWKHK7WscDf4P2eewODDIl-MChsRIxzNIAXUz0HbaqxFGQArrXImWpuUo6XVFoJtFNJIrmVhDWJS4rnCTgAfyax2wXJKBV2lFcCnfofkTpjwanxh67e8aWA_qOChtYtb5Tqwhjlu87DJBvtjQZAOh_5lChfHUcrgq8OaCy9rOBwIK8ZOnTIrtyKZemKQhMeC1MnbULvZHgRpBg/https%3A%2F%2Flists.idrc.ocad.ca%2Fmailman%2Flistinfo%2Ffluid-work>
>
>
> _______________________________________________________
> fluid-work mailing list - fluid-work at lists.idrc.ocad.ca
> To unsubscribe, change settings or access archives,
> see https://secure-web.cisco.com/1Fy-8-ua8W6t3cX3JF5jTBrt88lp9HKvCSV88HJAKxL7x75oqEU4qXmAa_9sgV6xQku8aZu8pnTzBjqNSlXP4DN1CWek1LTAPA5l1EGY0qilcVP6rOKfAkT2izCYY63UYigTB2DTH5Bf6xssOBCLbM_ADTukmeMoifPbqB0VtX1UP4q4QuVz709QJiBzTbJAIaHm1NqcoyEtThtgvrNxQCYLHesamfYcbGNWlii_k2JQS3fTbbpfSG6GsGYJAmkOp5ctLbPjiWWKHK7WscDf4P2eewODDIl-MChsRIxzNIAXUz0HbaqxFGQArrXImWpuUo6XVFoJtFNJIrmVhDWJS4rnCTgAfyax2wXJKBV2lFcCnfofkTpjwanxh67e8aWA_qOChtYtb5Tqwhjlu87DJBvtjQZAOh_5lChfHUcrgq8OaCy9rOBwIK8ZOnTIrtyKZemKQhMeC1MnbULvZHgRpBg/https%3A%2F%2Flists.idrc.ocad.ca%2Fmailman%2Flistinfo%2Ffluid-work
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.idrc.ocad.ca/pipermail/fluid-work/attachments/20200620/9653827e/attachment.html>
More information about the fluid-work
mailing list