Multiple github actions defined in repository fails - github

The problem I'm facing is that the Packer build fails.
This is the error I get:
Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/vsts-agent/actions-runner/_work/repo/repo/.github/actions/packer-build'. Did you forget to run actions/checkout before running your local action?
The jsonnet steps work fine and they are coming from a custom action as well. Both actions are defined correctly in the repository. When I rerun checkout after the jsonnet steps the packer build works...however, I lose the jsonnet files.
Has anyone found a work around for this? Here is my config
name: Build
on: push
jobs:
Build_Image:
name: build
runs-on: [self-hosted, tsa]
steps:
- uses: azure/login#v1.1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: azure/get-keyvault-secrets#v1.0
with:
keyvault: scotty-packer-nonprod
secrets: "MANAGED-IMAGE-SUBSCRIPTION-ID"
id: morePipelineSecrets
- uses: azure/get-keyvault-secrets#v1.0
with:
keyvault: github-actions-nonprod
secrets: "RESOURCE-GROUP, SUBSCRIPTION-NAME, SUBSCRIPTION-ID, TENANT-ID, RG-CLIENT-ID, RG-CLIENT-SECRET"
id: pipelineSecrets
- name: checkout
uses: actions/checkout#v2
- name: jsonnet render template
uses: ./.github/actions/jsonnet
with:
file: packer/ubuntu1804.jsonnet
output_file: packer/ubuntu1804.json
- name: jsonnet render vars
uses: ./.github/actions/jsonnet
with:
file: packer/packer-vars.jsonnet
output_file: packer/packer-vars.json
- name: Packer build
uses: ./.github/actions/packer-build
Directory Structure
repo
-.github
-actions
-jsonnet
Dockerfile..etc
-packer-build
Dockerfile..etc
-workflows
-build.yml

That is weird - the two issues should not be connected. Even weirder is the fact that it works, when checking out the code twice. You have an actions.yml in your packer-build folder?
Nevertheless, possible workaround: Use the actions/upload Action to persist your file.
Like this:
- uses: actions/upload-artifact#v2
with:
name: Upload Jsonnet File
path: packer/ubuntu1804.json
Try to access your second, different action in a new job and get the file with the actions/download-artifact action.

Related

GitHub Actions get from API to create pull request

Is there a way to tell GitHub to automatically create a pull request from an API providing JSON content and merge it into my project?
I want to:
Edit files on a platform (I control the platform) using my own production editors/tools.
Have GitHub request it (REST), then create a PR or a commit, so people can collaborate on it with forks/GitHub project management.
Push from GitHub back to the platform for publishing.
3 is no problem, but 2 I can't find documentation for if it's even possible.
name: Manual workflow
on:
workflow_dispatch:
jobs:
makefiles:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout#v2
- name: Getting
uses: fjogeleit/http-request-action#master
id: myRequest
with:
url: 'https://domain/api/file'
method: 'GET'
- name: Show File
run: echo ${{ steps.myRequest.outputs.response }}
- name: Create A File
uses: 1arp/create-a-file-action#0.2
with:
path: 'src'
file: 'foo.bar'
content: ${{steps.myRequest.outputs.response}}
- name: final commit
uses: zwaldowski/git-commit-action#v1
id: git_commit
- name: show
run: echo "${{ steps.git_commit.outputs.sha }}"

How to setup eslint to lint everything between master branch and HEAD

I'm trying to setup GitHub action to check for lint errors and fail the pull request if any error/ warnings detected.
Currently my logic works locally but when I try to run it via GitHub action, I get an error:
fatal: ambiguous argument 'origin/master...HEAD': unknown revision or
path not in the working tree.
I believe it's something to do with checkout#v2 not fetching the right amount of data, But I cant get my head around what
Code Sample
name: Initiate PR
on: push
jobs:
STEPS:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: 100
- name: Set up Node.js
uses: actions/setup-node#v1
with:
node-version: 14.18.0
- name: Install Node.js dependencies
run: npm ci --ignore-scripts
- name: lint-on-PR
shell: bash
run: |
npx eslint --max-warnings 0 $(git diff origin/master...HEAD --name-only --relative --diff-filter=MATR '***.js' '***.jsx' '***.ts' '***.tsx' | xargs)
You would probably need to do a checkout#v1 as in this example to get all the files.
- uses: actions/checkout#v1
...
- run: git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }}
v2 by default only fetches the sha that triggered the action.

How to trigger a new workflow from another workflow based on a path filter?

I have one workflow (that I want to be triggered by any commit with no path filter)
name: workflow1
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
...
that triggers another workflow
name: workflow2
on:
workflow_run:
workflows: ["workflow1"]
types:
- completed
jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
...
which is working fine with the workflow_run event. Now is it possible somehow to restrict workflow2 from being triggered even further (like with a path filter)? E.g. I make a commit to folder folder1 -> workflow1 triggered -> workflow2 triggered and if it's not a commit to the folder folder1, e.g. folder2 -> workflow1 triggered -> workflow2 not triggered. Is there something like the following I can add to workflow2?
name: workflow2
on:
paths:
- 'folder1/**'
workflow_run:
workflows: ["workflow1"]
types:
- completed
jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
...
Or another way to achieve that?
Thanks in advance for any help.
First option: Did you consider using the action verify-changed-files in your workflow run to execute the jobs only if specific files are updated?
Second option: It's more verbose, but you could save the path from the first workflow in an artifact to download in the second workflow.
Using the variable GITHUB_EVENT_PATH that returns the path of the file with the complete webhook event payload. For example, /github/workflow/event.json
It would look like this
In the FIRST workflow, you extract the path, then you save that number into a file and upload it as an artifact.
- name: Save the PATH in an artifact
shell: bash
env:
- PATH: {{ github.event.path}} ## If it's not specific enough, you can extract the $PATH variable on a previous step using the shell.
run: echo $PATH > path.txt
- name: Upload the PATH
uses: actions/upload-artifact#v2
with:
name: path
path: ./path.txt
In the SECOND workflow, you get the artifact and the path from the FIRST workflow, using the following GitHub Apps:
- name: Download workflow artifact
uses: dawidd6/action-download-artifact#v2.11.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
workflow: <first_workflow_name>.yml
run_id: ${{ github.event.workflow_run.id }}
- name: Read the path.txt file
id: path_reader
uses: juliangruber/read-file-action#v1.0.0
with:
path: ./path/path.txt
- name: Step to check the path output from the step above with an if condition to perform an operation (or not)
[...]
This link can also help to understand how to extract the PATH depending on the event.

Nested templates (calling a yaml file from another yaml file) in GitHub Actions

Does GitHub action support nested templates? For example, here is an example of Azure Pipeline yaml where it calls another yaml file:
- job: BuildFunctions
steps:
- ${{ each func in parameters.functionApps }}:
- template: yaml/build-functionapps.yml
parameters:
Is it possible to call a yaml file from another yaml file in GitHub actions?
You can use composite run steps actions. These are actions that are solely defined in YAML (documentation).
You can now specify containers, other composite actions (up to a depth of 9) and node actions in additional to the previously available run steps
node actions likely refers to leaf actions, i.e. actions that don't call any other actions.
Source: https://github.com/actions/runner/issues/646#issuecomment-901336347
Workflow
[...]
jobs:
job:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: ./.github/workflows/composite-action
[...]
Composite run steps action
.github/workflows/composite-action/action.yml (same repository as the workflow)
name: "My composite action"
description: "Checks out the repository and does something"
runs:
using: "composite"
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: 12
- run: npm test
shell: bash
- run: |
echo "Executing action"
shell: bash
Old limitations:
What does composite run steps currently support?
For each run step in a composite action, we support:
name
id
run
env
shell
working-directory
In addition, we support mapping input and outputs throughout the action.
See docs for more info.
What does Composite Run Steps Not Support
We don't support setting conditionals, continue-on-error, timeout-minutes, "uses" [remark: i.e. using other actions], and secrets on individual steps within a composite action right now.
(Note: we do support these attributes being set in workflows for a step that uses a composite run steps action)
Source: https://github.com/actions/runner/issues/646
I think using the composite action pattern, you can achieve what you want.
You need to define the steps which you think will be reused in other places, and make it parameterized, by providing inputs. In my opinion, it's more powerful than how templates work in gitlab or in other similar platforms.
This way, you are defining a function, which can take inputs, and get stuff done for you, based on those inputs.
Also, even though the docs suggest that, you should create your leaf action as a separate public repo, and use it in your base action- it's not necessary, you can simply have a structure like below(taken the example from one of our live workflow), and use those leaf actions in your workflow-
.github
- actions
- deploy-to-k8s
- action.yaml
- publish-image
- action.yaml
- workflows
- deploy-from-pr.yaml <-- this will make use of all the actions defined
Here's how the deploy-from-pr.yaml workflow looks like-
name: deploy-from-pr
on:
pull_request:
branches:
- master
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
deploy-from-pr:
name: Deploy from PR to Development
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set version
id: release
run: echo ::set-output name=version::$(git describe --always)
# custom action to build and push image
- name: Build & publish image
uses: ./.github/actions/publish-image # see how it's referred from same repo directly
with:
registry: ${{ env.REGISTRY }}
registry_username: ${{ github.REGISTRY_USERNAME }}
registry_password: ${{ secrets.REGISTRY_PASSWORD }}
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
# custom action to deploy into kubernetes
- name: Deploy to kubernetes
uses: ./.github/actions/deploy-to-k8s # see how it's referred from same repo directly
with:
digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}
cluster_name: ${{ secrets.CLUSTER_NAME }}
overlay_path: .k8s/overlays/dev
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
Github Gist
You can check the deploy-to-k8s/action.yaml, to see how it's written.
No, it is not. I asked the exact same question in the GitHub Forum:
Is it possible to create / publish Actions without Docker or JS by having the code in the Workflow Syntax / YML?
As mentioned in the document: Currently, types of actions only lists
Docker container and JavaScript, so there is no such feature to
achieve your requirement.
Source: https://github.community/t/how-to-create-ready-to-use-action-without-docker-js/124889/2
This would have eased creating templates for users as system administrator.
You can also use reusable workflows.

Disable Github Actions check runs from annotating files

Looking for a way to disable Github Actions check runs from annotating files.
/* Context - Working on an eslint workflow action to comment on PR's, as it's annoying with this check runs annotating all files by default */
Ref PR- https://github.com/tamdilip/ember_poc/pull/143/files
Annotations are added when problem matchers finds a match in the logs.
For example. setup-node registers eslint problem matchers. which can be removed by
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '12'
- run: |
echo "::remove-matcher owner=eslint-compact::"
echo "::remove-matcher owner=eslint-stylish::"
You can also you the eslint action I wrote, that runs linter on changed files. https://github.com/sibiraj-s/action-eslint. You can disable annotations by passing input args annotations: false
name: Lint
on:
pull_request:
push:
branches:
- master
jobs:
eslint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '14'
- run: npm ci # or yarn install
- uses: sibiraj-s/action-eslint#v1
with:
extensions: 'js, jsx, ts, tsx'
annotations: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Read more about problem matchers here
https://github.com/actions/toolkit/blob/master/docs/commands.md#problem-matchers
Medium article for disabling annotations in other actions as well. https://sibiraj-s.medium.com/disable-annotations-in-github-actions-ff938d5ea4f3
Observed that CLI error logs in terminal console are automatically invoking check-runs which is the reason for annotation as this seems to be a feature of Github Action itself by default and no way to disable it by any configuration.
For time being I managed to stop the annotations by capturing those CLI logs output as XML format separately via a listener instead of directly letting the error to log in terminal console.
Still a configuration level option to toggle check-runs from annotating should be made available.