I want to use Github actions to transfer files to a remote server via SFTP (only option for this server) when I push up to Github.
I am using this Action https://github.com/marketplace/actions/ftp-deploy
I have created a file in my repo in .github/workflows/main.yml and I have added:
on: push
name: Publish Website
jobs:
FTP-Deploy-Action:
name: FTP-Deploy-Action
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2.1.0
with:
fetch-depth: 2
- name: FTP-Deploy-Action
uses: SamKirkland/FTP-Deploy-Action#3.1.1
with:
ftp-server: ${{ secrets.FTP_SERVER }}
ftp-username: ${{ secrets.FTP_USERNAME }}
ftp-password: ${{ secrets.FTP_PASSWORD }}
I have created a Secret for this repo which contains the following:
FTP_SERVER: sftp.server.com, FTP_USERNAME: user, FTP_PASSWORD: password
I can see the action running in Github but it errors out on the FTP-Deploy-Action task.
##[error]Input required and not supplied: ftp-server
This is in secrets and does work with Filezilla.
Would anyone know if I've set this up wrongly?
I was able to get it working on my own repo. I think the issue may be possibly on how your secrets were setup. That error usually shows when required parameters of a github action were not provided so curious if the keys are different or whether they were saved as empty. I would delete FTP_SERVER secret and create it again to be sure.
Workflow Success Run
Workflow Code
- name: FTP-Deploy-Action
uses: SamKirkland/FTP-Deploy-Action#3.1.1
with:
ftp-server: ${{ secrets.FTP_SERVER }}
ftp-username: ${{ secrets.FTP_USERNAME }}
ftp-password: ${{ secrets.FTP_PASSWORD }}
local-dir: toupload
UPDATE: Added example per comment left below,
Example secret creation for reference. Basically create a secret per entry rather than comma separated grouped secret
Source: https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
Related
We merge everything to develop. Once a week we merge everything from develop to master. This weekly master merge contains 50+ commits from 10+ issues with 10+ pull requests. In our weekly master merge we want a description with all the related issues or related PRs. I tried different actions, tools or ways to do that. Now Im trying to use the devops-infra action-pull-request (which we already use for the weekly master merge). I tried using different actions where the output should be the related PRs and use this output in the body of your action. I tried using different outputs (url or PR number) of this action but nothing seems to work. The body is just always empty when I look into the logs. Is it a bug? Am I doing something wrong? Is it outdated? Here is my action:
name: weekly master merge
on:
workflow_dispatch:
jobs:
createPullRequest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0
- name: Release Changelog Builder
uses: buildsville/list-pull-requests#v1
id: list
with:
token: ${{ secrets.ALL }}
Labels: '["app/admin"]'
skip_hour: '24'
- name: Set output variables
id: vars
run: |
pr_title="Releases week #$(date +%W)"
body=${{ steps.list.outputs.pulls }}
echo "pr_title=$pr_title" >> $GITHUB_OUTPUT
echo "body=$body >> $GITHUB_OUTPUT
- name: Create Pull Request
uses: devops-infra/action-pull-request#v0.5.3
id: test
with:
github_token: ${{ secrets.ALL }}
source_branch: test
target_branch: main
title: ${{ steps.vars.outputs.pr_title }}
#body: ${{ steps.list.outputs.pulls }}
body: ${{ steps.vars.outputs.outval }}
#body: ${{ steps.test.outputs.* }}
#body: ${{ steps.test.outputs.url }}
It doesnt matter what I do, the PR from this action always has a body full of commits (default body of this action).
This is a test repository with a PAT with most of the permissions. Im just trying to change the body. The comments are some things I tested before but they didnt work either.
Im pretty new to all of this but for my understanding im doing everything correctly. Once again, I tried a bunch of different things...
I hope someone can help me out with this github action issue.
I am trying to set a github action pipeline that parse the some tags and invoke another reusable workflow.
Here is what the code looks like:
name: release per tag
on:
release:
types: [ published ]
permissions:
actions: write
checks: write
contents: write
deployments: write
issues: write
packages: write
pull-requests: write
repository-projects: write
security-events: write
statuses: write
jobs:
get_project_folder:
name: "Find project folder"
runs-on: ubuntu-latest
outputs:
project_folder: ${{ steps.regex-match.outputs.name }}
steps:
- id: regex-match
uses: actions-ecosystem/action-regex-match#v2
with:
text: ${{ github.event.release.tag_name }}
regex: '.*(?=\-)'
- id: to-variable
run: echo "::set-output name=project_name::${{ steps.regex-match.outputs.match }}"
build_release_package:
name: "Invoke standard release tag yaml"
uses: ./.github/workflows/standard_release_tag.yaml
with:
project_name: ${{ needs.get_project_folder.outputs.project_folder }}
environment: Production
secrets:
INSTALL_PKG_PAT: ${{ secrets.INSTALL_PKG_PAT }}
HOST_URL: ${{ secrets.HOST_URL }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
ENV: prod
Somehow this pipeline is not being able to call the standard_release_tag.yaml even it exists on the repository.
Is this something happened to anyone? I googled but only saw this happen for a different trigger event and was fixed by Github team.
Thanks.
Solved by validating that the pipeline was invoking and old version of the yaml pipeline.
I was reading about protected tags and how they can be created
on Github through the Settings tab of a particular repository.
I have a github actions workflow which:
Creates a new release
Since it creates a new release, it also creates a new tag
Uploads files and data to the release
Here is an example of my workflow, which has only some of the key parts.
name: myExample
on:
push:
branches: [ master ]
permissions:
contents: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- name: Set up Python 3.8.3
uses: actions/setup-python#v3
with:
python-version: "3.8.3"
... Some Steps ...
- name: Create Release
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{env.VERSION}}
release_name: ${{env.RELEASE_STRING}}
draft: false
prerelease: false
- name: Upload Release Asset 1
id: upload-release-asset-1
uses: actions/upload-release-asset#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./test.zip
asset_name: test.zip
asset_content_type: application/zip
... Some Steps ...
I imagine I need to primarily focus on the section:
permissions:
contents: write
What do I need to change so that this workflow can write protected tags and generally can work with protected tags?
Currently, my rule for protected tags is:
*
According to this article, it says "GitHub Apps require the Repository administration: write permission to modify a protected tag."
I looked at Github Actions permissions in this article, but I don't see those permissions.
I now thought I need to create a Personal Access Token and use it according to this article and this article. When creating a PAT, I didn't immediately see exactly what was described above with Repository administration: write. Perhaps if I'm an admin or maintainer of the repo, then if I create a PAT with full repo permissions then that would do it, since the token is associated with me who is admin and therefore, I can create a release on the protected branch as an admin. I haven't tested this yet, it is just a theory after searching around.
You can set the permissions at a job level so rather than grant the whole action, you set write and can limit to the job:
version:
permissions: write-all
name: versioning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3.3.0
with:
fetch-depth: '0'
- name: Bump version and push tag
uses: anothrNick/github-tag-action#1.61.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEFAULT_BUMP: patch
WITH_V: "true"
needs: [terraform, security]
You can create a Personal Access Token of your account or one of a technical user and use this token while checking out the repo:
- name: Checkout
uses: actions/checkout#v3
with:
token: ${{ secrets.PAT }}
The used account need to admin of the repo, then you will be able to update the protected tag whithin github action
I have a GitHub Actions workflow implemented on the main branch of my repository which creates a new release of my package in GitHub. Then I have another workflow implemented which should be triggered on the creation of a release. This trigger, however, is not working.
Please note that GitHub abandoned their own actions/create-release#v1 project and advises to use the softprops release action.
My workflow template is as follows:
name: Main release
on:
push:
branches:
- main
jobs:
release:
name: 'Release main'
runs-on: ubuntu-latest
steps:
- name: 'Checkout source code'
uses: 'actions/checkout#v2'
with:
ref: ${{ github.ref }
- name: Release
uses: softprops/action-gh-release#v1
with:
draft: false
body_path: CHANGELOG.md
name: ${{ steps.version.outputs.version }}
tag_name: ${{ github.ref }}
token: ${{ github.token }}
My on:release:created trigger workflow is as follows:
name: Act on release created
on:
release:
types: [created]
jobs:
build:
name: Build
environment: dev_environment
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Test
run: |
echo $RELEASE_VERSION
echo ${{ env.RELEASE_VERSION }}
The release and tags are correctly added in GitHub, so everything looks to work fine except that the workflow that should be triggered on the release is not executed.
How do I solve this?
The GitHub Actions documentation on performing tasks in a workflow states the following:
When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
This means that you will have to create a personal access token and add this token to you repository secrets.
To generate a new personal access token go to your personal developer settings and generate a new token. Then go to your repository settings and add a new secret containing the personal access token, name it i.e. PAT.
In your release workflow template, replace:
token: ${{ github.token }}
With:
token: ${{ secrets.PAT }}
Now the on release created event the workflow will be triggered!
Note: This approach seems is a bit hacky, but is currently the only known workaround for this issue and can be considered a major design flaw of workflow integrations.
As an addendum to the answer given above, I found the workflow_run event trigger to work well for this use case:
on:
workflow_run:
workflows: ["Main release"]
types: [completed]
You can add conditions for various release tags and all if required apart from this.
Does GitHub action support nested templates? For example, here is an example of Azure Pipeline yaml where it calls another yaml file:
- job: BuildFunctions
steps:
- ${{ each func in parameters.functionApps }}:
- template: yaml/build-functionapps.yml
parameters:
Is it possible to call a yaml file from another yaml file in GitHub actions?
You can use composite run steps actions. These are actions that are solely defined in YAML (documentation).
You can now specify containers, other composite actions (up to a depth of 9) and node actions in additional to the previously available run steps
node actions likely refers to leaf actions, i.e. actions that don't call any other actions.
Source: https://github.com/actions/runner/issues/646#issuecomment-901336347
Workflow
[...]
jobs:
job:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: ./.github/workflows/composite-action
[...]
Composite run steps action
.github/workflows/composite-action/action.yml (same repository as the workflow)
name: "My composite action"
description: "Checks out the repository and does something"
runs:
using: "composite"
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: 12
- run: npm test
shell: bash
- run: |
echo "Executing action"
shell: bash
Old limitations:
What does composite run steps currently support?
For each run step in a composite action, we support:
name
id
run
env
shell
working-directory
In addition, we support mapping input and outputs throughout the action.
See docs for more info.
What does Composite Run Steps Not Support
We don't support setting conditionals, continue-on-error, timeout-minutes, "uses" [remark: i.e. using other actions], and secrets on individual steps within a composite action right now.
(Note: we do support these attributes being set in workflows for a step that uses a composite run steps action)
Source: https://github.com/actions/runner/issues/646
I think using the composite action pattern, you can achieve what you want.
You need to define the steps which you think will be reused in other places, and make it parameterized, by providing inputs. In my opinion, it's more powerful than how templates work in gitlab or in other similar platforms.
This way, you are defining a function, which can take inputs, and get stuff done for you, based on those inputs.
Also, even though the docs suggest that, you should create your leaf action as a separate public repo, and use it in your base action- it's not necessary, you can simply have a structure like below(taken the example from one of our live workflow), and use those leaf actions in your workflow-
.github
- actions
- deploy-to-k8s
- action.yaml
- publish-image
- action.yaml
- workflows
- deploy-from-pr.yaml <-- this will make use of all the actions defined
Here's how the deploy-from-pr.yaml workflow looks like-
name: deploy-from-pr
on:
pull_request:
branches:
- master
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
deploy-from-pr:
name: Deploy from PR to Development
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set version
id: release
run: echo ::set-output name=version::$(git describe --always)
# custom action to build and push image
- name: Build & publish image
uses: ./.github/actions/publish-image # see how it's referred from same repo directly
with:
registry: ${{ env.REGISTRY }}
registry_username: ${{ github.REGISTRY_USERNAME }}
registry_password: ${{ secrets.REGISTRY_PASSWORD }}
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
# custom action to deploy into kubernetes
- name: Deploy to kubernetes
uses: ./.github/actions/deploy-to-k8s # see how it's referred from same repo directly
with:
digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}
cluster_name: ${{ secrets.CLUSTER_NAME }}
overlay_path: .k8s/overlays/dev
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
Github Gist
You can check the deploy-to-k8s/action.yaml, to see how it's written.
No, it is not. I asked the exact same question in the GitHub Forum:
Is it possible to create / publish Actions without Docker or JS by having the code in the Workflow Syntax / YML?
As mentioned in the document: Currently, types of actions only lists
Docker container and JavaScript, so there is no such feature to
achieve your requirement.
Source: https://github.community/t/how-to-create-ready-to-use-action-without-docker-js/124889/2
This would have eased creating templates for users as system administrator.
You can also use reusable workflows.