I was trying to make a GitHub action using some simple scripts (which I already use locally) that I would like to run inside a docker container.
A new issue should trigger the event to update the said issue with its content based on some processing. An example of this might be:
Say I have a list of labels defined in my script and it checks the issue's title and adds a label to the issue.
I'm still reading the GitHub Action's documentation so I may be not completely informed but the issue I seem to have is that in my local machine these scripts use gh cli for doing such tasks (eg. adding labels). So I was wondering if I need to have the gh installed in that docker container or is there a better way to update the issue? I'm very much willing to make these scripts from scratch again using the GitHub's event payloads and stuff as long as I don't have to write in TypeScript.
I've looked around the documentation and couldn't find anything that talked about updating issues. Also couldn't find a similar question being asked here; it may be that I've missed something so if that is the case direct me to relevant material and I would very much appreciate it.
An option could be (as you said) to install GH in that docker container, and then run GH commands.
Example using a container:
jobs:
build:
runs-on: ubuntu-latest
container:
image: docker://myrepoandimagewithghinstalled
steps:
- name: Github CLI Authentication
run: gh auth login --hostname <your hostname>
- name: Github CLI commands execution samples
run: |
gh command1
gh command2
gh command3
Another option could be to install GH directly on the OS (for exemple ubuntu-latest), authenticate, and then use the "run" option to execute GH command.
Example installing GH on the OS:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Install Github CLI
run: |
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0
sudo apt-add-repository https://cli.github.com/packages
sudo apt update
sudo apt install gh
- name: Github CLI Authentication
run: gh auth login --hostname <your hostname>
- name: Github CLI commands execution samples
run: |
gh command1
gh command2
gh command3
Finally, you could also create a script consuming the Github API service to update an ISSUE and execute the script using the run option.
Example to execute a Python script in your workflow:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout repo content
uses: actions/checkout#v2 # checkout the repository content to github runner.
- name: setup python
uses: actions/setup-python#v2
with:
python-version: 3.8 #install the python needed
- name: execute py script # run the run.py to get the latest data
run: |
python run.py
env:
key: ${{ secrets.key }} # if run.py requires passwords..etc, set it as secrets
- name: export index
.... # use crosponding script or actions to help export.
Related
I used to publish gem packages to GitHub Packages using the following GitHub Actions and it was always successful.
name: Deploy to Github Packages
on:
release:
types:
- published
env:
ORGANIZATION: MYGITHUBNAME
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Set up JDK 8
uses: actions/setup-java#v3
with:
java-version: 8
distribution: temurin
- name: gradlew build
run: |
VERSION=$(echo $RELEASE_TAG_NAME | sed -E 's/(v)(.*)/\2/')
./gradlew gem -Pversion=$VERSION
- name: Set up Ruby
uses: actions/setup-ruby#v1
with:
ruby-version: 3.0
- name: Setup Release Credentials
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: |
mkdir -p $HOME/.gem
touch $HOME/.gem/credentials
chmod 600 $HOME/.gem/credentials
echo "---" >$HOME/.gem/credentials
echo ":github: Bearer ${GITHUB_TOKEN}" >> $HOME/.gem/credentials
- name: Publish Gem to GitHub Packages
run: |
PACKAGE=$(find build/gems -type f | sort | tail -n 1)
gem push --KEY github --host https://rubygems.pkg.github.com/${ORGANIZATION} ${PACKAGE}`
However, with the repository I created today, it suddenly stopped working.
Also, when I create it in an existing repository, it succeeds.
The error message when it fails is:
Pushing gem to https://rubygems.pkg.github.com/MYGITHUBNAME...
Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
Error: Process completed with exit code 1.
When I use PAT to push the gem from my local environment, it succeeds, but it doesn't appear in the "packages" of the repository.
If anyone knows what is causing this, please let me know.
Thank you.
Unified repository and gem names (failed)
I cloned the repository where gem push was successful and tried with a different repository and Gem name (failed)
This was solved!
Apparently, an item called Workflow permissions has been added to the repository's Settings > Actions > General, and it seems that the existing repository has Read and Write permissions, but the new repository has read-only permissions, hence the permission denied error.
After changing this to Read and Write, I was able to push packages.
If this information is incorrect, could someone please correct it?
Thank you.
I am relatively new to GitHub workflows and testing. I am working in a private GitHub repository with a dozen colleagues. We want to avoid using services like CircleCI for the time being and see how much we can do with just the integrated GitHub actions, since we are unsure about the kind of access a third party service would be getting to the repo.
Currently, we have two workflows (each one tests the same code for a separate Python environment) that get triggered on push or pull request in the master branch.
The steps of the workflow are as follows (the full workflow yml file is given at the bottom):
Install Anaconda
Create the conda environment (installing dependencies)
Patch libraries
Build a 3rd party library
Run python unit tests
It would be amazing to know immediately which part of the code failed given some new pull requests. Right now, every aspect of the codebase gets tested by a single python file run_tests.py. I was thinking of splitting up this file and creating a workflow per aspect I want to test separately, but then I would have to create a whole new environment, patch the libraries and build the 3rd party library every time I want to conduct a single test. These tests already take quite some time.
My question is now: is there any way to avoid doing that? Is there a way to build everything on the Linux server and re-use that, so that they don't need to be rebuilt every test? Is there a way to display a badge per python test that fails/succeeds, so that we can give more information than just "everything passed" or "everything failed". Is such a thing better suited for a service like CircleCI (or other recommendations are also welcome)?
Here is the full yml file for the workflow for the Python 3 environment. The Python2 one is identical except for the anaconda environment steps.
name: (Python 3) install and test
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches: [ master ]
pull_request:
branches: [ master ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
defaults:
run:
shell: bash -l {0}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
# Install Anaconda3 and update conda package manager
- name: Install Anaconda3
run: |
wget https://repo.anaconda.com/archive/Anaconda3-2020.11-Linux-x86_64.sh --quiet
bash Anaconda3-2020.11-Linux-x86_64.sh -b -p ~/conda3-env-py3
source ~/conda3-env-py3/bin/activate
conda info
# Updating the root environment. Install dependencies (YAML)
# NOTE: The environment file (yaml) is in the 'etc' folder
- name: Install ISF dependencies
run: |
source ~/conda3-env-py3/bin/activate
conda-env create --name isf-py3 --file etc/env-py3.yml --quiet
source activate env-py3
conda list
# Patch Dask library
- name: Patch dask library
run: |
echo "Patching dask library."
source ~/conda3-env-py3/bin/activate
source activate env-py3
cd installer
python patch_dask_linux64.py
conda list
# Install pandas-msgpack
- name: Install pandas-msgpack
run: |
echo "Installing pandas-msgpack"
git clone https://github.com/abast/pandas-msgpack.git
# Applying patch to pandas-msgpack (generating files using newer Cython)
git -C pandas-msgpack apply ../installer/pandas_msgpack.patch
source ~/conda3-env-py3/bin/activate
source activate env-py3
cd pandas-msgpack; python setup.py install
pip list --format=freeze | grep pandas
# Compile neuron mechanisms
- name: Compile neuron mechanisms
run: |
echo "Compiling neuron mechanisms"
source ~/conda3-env-py3/bin/activate
source activate env-py3
pushd .
cd mechanisms/channels_py3; nrnivmodl
popd
cd mechanisms/netcon_py3; nrnivmodl
# Run tests
- name: Testing
run: |
source ~/conda3-env-py3/bin/activate
source activate env-py3
export PYTHONPATH="$(pwd)"
dask-scheduler --port=38786 --dashboard-address=38787 &
dask-worker localhost:38786 --nthreads 1 --nprocs 4 --memory-limit=100e15 &
python run_tests.py
Many thanks in advance
Tried:
Building everything in a single github workflow, testing everything in the same workflow.
Expected:
Gaining information on specific steps that failed or worked. Displaying this information as a badge on the readme page.
Actual result:
Only the overall success status can be displayed as badge. Only the success status of "running all tests" is available.
I couldn't make this workflow work, I'm always receiving this error every step must define a "uses" or "run" key, but looking at my script I don't see any issues, can someone pls help me fix this? It does not seem like a - problem as it usually is.
# This is a basic workflow to help you get started with Actions
name: Build Digital Ocean Image
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches:
- '*'
- '*/*'
- '**'
- '!master'
pull_request:
branches: [ "master" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
packages:
runs-on: ubuntu-latest
steps:
- name: Install packages
run: |
apt-get install curl -y
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install packer
apt-get install ansible -y
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
# runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout
uses: actions/checkout#v3
# Runs a single command using the runners shell
- name: Packer init
env:
DIGITALOCEAN_TOKEN=${{ secrets.DIGITALOCEAN_TOKEN }}
run: packer init
working-directory: /home/runner/work/packer-do-custom-images/demo
# Runs a set of commands using the runners shell
- name: Packer build
run: packer build .
working-directory: /home/runner/work/packer-do-custom-images/demo
The runs-on directive is missing (commented!), just add/uncomment it after the name, like:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
To fix the issue.
I would suggest to use the actionlint tool to discover error like this, as example:
> actionlint .github/workflows/test.yaml
.github/workflows/test.yaml:35:3: "runs-on" section is missing in job "build" [syntax-check]
|
35 | build:
| ^~~~~~
UPDATE:
As side notes also the env variable as issue: you should use : instead of = like:
- name: Packer init
env:
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
I had two github action, one of merge-staging-in-to-master, the other one is CI.
The merge-staging-in-to-master was triggered by manually.
And CI was triggered by push to master.
But, when I triggered the merge-staging-in-to-master manually, the CI does nothing...
The expectation I want is invoke the CI action after merge-staging-in-to-master was done.
There is my code below.
merge-staging-in-to-master.yml
# This is a basic workflow to help you get started with Actions
name: merge-staging-to-master
# Controls when the workflow will run
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Allows external webhook trigger
repository_dispatch:
types:
- merge-staging-to-master
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
merge-staging-to-master:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
# Runs a set of commands using the runners shell
- name: Run a multi-line script
run: |
git fetch origin --unshallow
git checkout -t remotes/origin/master
git pull origin master
git config --global user.name "user"
git config --global user.email "user#mail.com"
git merge staging -m "[AUTO] merge staging back to master"
git push
CI.yml
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ master ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-18.04
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '14'
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth#v0'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y libcairo2-dev libjpeg-dev libpango1.0-dev libgif-dev librsvg2-dev
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud#v0'
- name: Build
run: sudo npm install --build-from-source && npx prisma generate dev && npm run build
- name: Deploy
run: npm run deploy
This is a builtin feature of GitHub actions to prevent jobs from triggering more jobs and potentially burning through your action minutes in a very short time (all the while blocking hosted runners for others as well).
The GitHub actions tokens used to authenticate have a special flag on them by which GitHub knows the token is from an Actions workflow.
If you know what you're doing you can use a PAT or Oauth App token to authenticate your git push instead, that will trigger further workflows. If you search the GitHub marketplace you'll find a few actions that can retrieve an OAuth App token.
I'm working on a github action that creates an app on ArgoCD. The problem is that I want to execute it only once, the first time that it gets push with the k8s yamls.
Is there any way to restrict the github action to the first push on the repo?
I have been looking to the github triggers, but I was not able to find any relation.
This is a sample of the action:
on: push
name: deploy-argo-app
jobs:
deploy-argo-app:
name: Deploy new app on ArgoCD
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Install Argo Cli
run: |
VERSION=$(curl --silent "https://api.github.com/repos/argoproj/argo-cd/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/$VERSION/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd
- name: Create app
run: |
argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default
I found kind of a workaround.
on: push
name: deploy
jobs:
deploy:
if: github.run_number == 1
Basically "github.run_number" gives you the push number. It will work only on the first push and then it will be ignore.
I have been looking for something similar, but I needed to know the first push on any given branch.
First, you can see everything available to you on your Github context by running this worfklow:
- name: Dump GitHub context
id: github_context_step
run: echo '${{ toJSON(github) }}'
I was able to see that on the first push to any branch the
github.event.before = 0000000000000000000000000000000000000000
and
github.event.created = true
whereas for any subsequent push to that same branch the github.event.before will give a numerical reference to the previous commit, and the github.event.created will be false.
Slightly related, but maybe still useful for people who find themselves on the same hunt I was on!