The Wonderful World of GitHub Actions
Heads up! This information might be outdated since it was last updated over a year ago. Please double-check the information before relying on it.
I’ve been open sourcing projects at Avanade for some time. I’ve recently needed a ton of automation - from code scans for security vulnerabilities and licensing compliance to automatically merging pull requests after a certain amount of time.
I’ve just started a new role as Head of Open Technologies for Avanade - bringing together Open Innovation, Open Source, and supporting a broader community. I’ll share some of the information I’ve learnt whilst using GitHub Actions to help my work.
So, what are GitHub Actions?
GitHub Actions provide automation for your code repositories. Each action is described in a YAML defined workflow file that let you execute logic based upon events like Pull Requests, Pushes to branches, issue creation etc.
Many projects need specific workflows and requirements, such as a restriction on the approved open-source licences, a desire to create issues based on ‘#TODO:’ notes buried in code comments, or to make life easier.
How do you set up a GitHub action?
GitHub Actions YAML files are stored within a code repository, in a dot folder called .github/workflows/. You can define one or more workflows which developers can use to group together different related jobs and actions.
Each workflow defines a series of jobs. A job is made up of multiple steps. A step combines multiple actions. Finally, all of this runs on a runner somewhere - a machine or a container spun up to run and execute your workflow.
Finally, you define which event triggers which workflows. Got that?! This diagram might show better how everything fits together.
I’ll talk about some of the Actions I used on my last project (working with Brain Control Devices, a robotics platform, and a robot) and some I’m trying out now. I will assume some familiarity with the GitHub flow, mainly pull requests, pushes, and branching. If not, I recommend a read!
Repositories related to Avanade’s exploration with Rocos, NextMind and Hello Robot. - Avanade/emtech-stretch-labs
Finding a GitHub Action
There are many different GitHub Actions available on the GitHub Marketplace.
Find the actions that help your team build better, together.
GitHub Actions for Azure - great for ML
Microsoft also maintains a specific list of GitHub Actions for Azure - and some of these are particularly useful for integrating MLOps, or the practices you need to deploy Machine Learning models in production alongside your code. GitHub Actions are helpful to improve collaboration between developers and data scientists to increase reproducibility and your machine learning development consistency.
Licence Compliance
I’ve tried some of the Open Source licence compliance tools, and I’m now looking at some of the commercial options - I don’t have an opinion on those yet, but I can show you some of the OSS tools in use.
I’m still using ShiftLeftSecurity/scan-action from http://slscan.io/ and that tool supports many different programming languages.
For Python repositories, I particularly like andersy005/gh-action-py-liccheck which uses a pyproject.toml file format.
Here’s an example of these actions in use:
Issues and Work Tracking
I like to use two actions for my issues and my work - one to create issues for Todos in code called ribtoks/tdg-github-action and another to make sure new pull requests are assigned to a GitHub project board related to the project called AdityaGovardhan/ga-pull-requests-projects.
Here’s an example of these actions in use:
Where to learn more?
GitHub Actions make your life so much easier. I recommend the Microsoft Learn path to get hands-on and try out some examples.
Learn how GitHub Actions enables you to automate your software development cycle and deploy applications to Azure.