I've been open sourcing projects at Avanade for some time. I've recently needed a ton of automation - from code scans for security vulnerabilities and licensing compliance to automatically merging pull requests after a certain amount of time.

I've just started a new role as Head of Open Technologies for Avanade - bringing together Open Innovation, Open Source, and supporting a broader community. I'll share some of the information I've learnt whilst using GitHub Actions to help my work.

So, what are GitHub Actions?

GitHub Actions provide automation for your code repositories. Each action is described in a YAML defined workflow file that let you execute logic based upon events like Pull Requests, Pushes to branches, issue creation etc.

Many projects need specific workflows and requirements, such as a restriction on the approved open-source licences, a desire to create issues based on '#TODO:' notes buried in code comments, or to make life easier.

How do you set up a GitHub action?

GitHub Actions YAML files are stored within a code repository, in a dot folder called .github/workflows/. You can define one or more workflows which developers can use to group together different related jobs and actions.

Each workflow defines a series of jobs. A job is made up of multiple steps. A step combines multiple actions. Finally, all of this runs on a runner somewhere - a machine or a container spun up to run and execute your workflow.

Finally, you define which event triggers which workflows. Got that?! This diagram might show better how everything fits together.

A diagram showing an event triggering a workflow. The next step shows a workflow running on a runner, a machine. This ends with outputs emitting from the runner. There is a box under the runner, showing a multiple steps in a job - the job example is a called a compliance scan. There are multiple steps, each step has an action. The first step is download a code repo, with the actions/checkout@v2 action. The second step is save cache, with the actions/cache@v2 repo. The final step is run licence scan, with any action you choose.
An example of the process running end to end

I'll talk about some of the Actions I used on my last project (working with Brain Control Devices, a robotics platform, and a robot) and some I'm trying out now. I will assume some familiarity with the GitHub flow, mainly pull requests, pushes, and branching. If not, I recommend a read!

Avanade/emtech-stretch-labs
Repositories related to Avanade’s exploration with Rocos, NextMind and Hello Robot. - Avanade/emtech-stretch-labs

Finding a GitHub Action

There are many different GitHub Actions available on the GitHub Marketplace.

GitHub Marketplace: actions to improve your workflow
Find the actions that help your team build better, together.

GitHub Actions for Azure - great for ML

Microsoft also maintains a specific list of GitHub Actions for Azure - and some of these are particularly useful for integrating MLOps, or the practices you need to deploy Machine Learning models in production alongside your code. GitHub Actions are helpful to improve collaboration between developers and data scientists to increase reproducibility and your machine learning development consistency.

Licence Compliance

I've tried some of the Open Source licence compliance tools, and I'm now looking at some of the commercial options - I don't have an opinion on those yet, but I can show you some of the OSS tools in use.

I'm still using ShiftLeftSecurity/scan-action from http://slscan.io/ and that tool supports many different programming languages.

For Python repositories, I particularly like andersy005/gh-action-py-liccheck which uses a pyproject.toml file format.

Here's an example of these actions in use:

Issues and Work Tracking

I like to use two actions for my issues and my work - one to create issues for Todos in code called ribtoks/tdg-github-action and another to make sure new pull requests are assigned to a GitHub project board related to the project called AdityaGovardhan/ga-pull-requests-projects.

Here's an example of these actions in use:

Where to learn more?

GitHub Actions make your life so much easier.  I recommend the Microsoft Learn path to get hands-on and try out some examples.

Automate your workflow with GitHub Actions - Learn
Learn how GitHub Actions enables you to automate your software development cycle and deploy applications to Azure.