Disable Github Actions check runs from annotating files - github

Looking for a way to disable Github Actions check runs from annotating files.
/* Context - Working on an eslint workflow action to comment on PR's, as it's annoying with this check runs annotating all files by default */
Ref PR- https://github.com/tamdilip/ember_poc/pull/143/files

Annotations are added when problem matchers finds a match in the logs.
For example. setup-node registers eslint problem matchers. which can be removed by
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '12'
- run: |
echo "::remove-matcher owner=eslint-compact::"
echo "::remove-matcher owner=eslint-stylish::"
You can also you the eslint action I wrote, that runs linter on changed files. https://github.com/sibiraj-s/action-eslint. You can disable annotations by passing input args annotations: false
name: Lint
on:
pull_request:
push:
branches:
- master
jobs:
eslint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '14'
- run: npm ci # or yarn install
- uses: sibiraj-s/action-eslint#v1
with:
extensions: 'js, jsx, ts, tsx'
annotations: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Read more about problem matchers here
https://github.com/actions/toolkit/blob/master/docs/commands.md#problem-matchers
Medium article for disabling annotations in other actions as well. https://sibiraj-s.medium.com/disable-annotations-in-github-actions-ff938d5ea4f3

Observed that CLI error logs in terminal console are automatically invoking check-runs which is the reason for annotation as this seems to be a feature of Github Action itself by default and no way to disable it by any configuration.
For time being I managed to stop the annotations by capturing those CLI logs output as XML format separately via a listener instead of directly letting the error to log in terminal console.
Still a configuration level option to toggle check-runs from annotating should be made available.

Related

How to optimise github actions in a simple setup-lint-test-e2e-build scenario?

If we were to use minimal resources, doing these steps would look something like:
setup --- checkout, install fixed versions via cache
then trigger in parallel 1 command to run:
lint
test
e2e
all in parallel.
Unfortunately, with the current options I've found out there, the best scenario I can find is to have a separate workflow file for lint, test, e2e that are called by a main workflow and upon success build an artifact.
The issue with this is.
checkout will run 3 times.
install command will run 3 times.
Which can be mitigated with caching, but you're still looking at 10-15 seconds extra per job for those steps.
Is there a way to optimise this and still keep the reusable steps?
Even if I would keep everything in 1 giant file, I'd still define the lint, test, e2e steps as separate jobs and not as 1 single step part of a job.
Can we call a 'workflow' and run it in the same environment on the spot somehow?
This example calls checkout and caches the repo using the $ {{ github.run_id }} to prevent the cache conflicting with other runs. The cache is then used by the child workflows in place of checking out. e2e, test and lint will wait for the cache to be created and then all run in parallel.
Depending on your use case it may be excessive to create a new cache for each run_id, you can adjust this as you need. If speed is what you're after I'd also suggest only caching the files that you need for your child workflows, and not take everything like I've done in the example below.
name: main_caller
on: workflow_dispatch
jobs:
cache_checkout:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- uses: actions/upload-artifact#v3
with:
name: my-checkout-${{ github.run_id }}
path: ${{ github.workspace }}/**/*
run_lint:
needs: cache_checkout
uses: ./.github/workflows/lint.yml
run_test:
needs: cache_checkout
uses: ./.github/workflows/test.yml
./.github/workflows/lint.yml example: (e2e and test will follow this pattern)
name: lint
on: workflow_call
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Get Cached Checkout
uses: actions/download-artifact#v3
with:
name: my-checkout-${{ github.run_id }}
- name: Do linting things
run: echo "I'm linting!"
Edited as per comments - all jobs in GitHub run in parallel, but to have cleaner example you could use matrix strategy. To make it work you need it to depend on a 'setup' job that will install everything and create the artifacts (this is done using the needs keyword).
In the following example the install job would setup everything and then the example job, which uses matrix strategy, will run the lint/test/e2e flow in separate parallel jobs after it downloads the required artifacts.
jobs:
install:
runs-on: ubuntu-latest
- uses: actions/checkout#v3
- name: Compile artifacts
run: *install fixed versions/create artifacts*
- uses: actions/upload-artifact#v3
with:
name: my-artifact
path: path/to/my_artifact
example:
runs-on: ubuntu-latest
needs: install
strategy:
matrix:
action: [lint, test, e2e]
steps:
- uses: actions/download-artifact#v3
with:
name: my-artifact
path: path/to/artifact
- name: lint
if: ${{ matrix.lint }}
run: echo "lint"
- name: test
if: ${{ matrix.test }}
run: echo "test"
- name: e2e
if: ${{ matrix.e2e }}
run: echo "e2e"
It will create a workflow like this:

How to setup eslint to lint everything between master branch and HEAD

I'm trying to setup GitHub action to check for lint errors and fail the pull request if any error/ warnings detected.
Currently my logic works locally but when I try to run it via GitHub action, I get an error:
fatal: ambiguous argument 'origin/master...HEAD': unknown revision or
path not in the working tree.
I believe it's something to do with checkout#v2 not fetching the right amount of data, But I cant get my head around what
Code Sample
name: Initiate PR
on: push
jobs:
STEPS:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: 100
- name: Set up Node.js
uses: actions/setup-node#v1
with:
node-version: 14.18.0
- name: Install Node.js dependencies
run: npm ci --ignore-scripts
- name: lint-on-PR
shell: bash
run: |
npx eslint --max-warnings 0 $(git diff origin/master...HEAD --name-only --relative --diff-filter=MATR '***.js' '***.jsx' '***.ts' '***.tsx' | xargs)
You would probably need to do a checkout#v1 as in this example to get all the files.
- uses: actions/checkout#v1
...
- run: git diff ${{ github.event.pull_request.base.sha }} ${{ github.sha }}
v2 by default only fetches the sha that triggered the action.

Deploy on Azure Function using GitHub Actions on push only if Function App is not executing

I have a function app, which basically scrapes data from the web. It is a long-running one, which generally takes 9 hrs a day.
I have configured on push event for build & deploy through GitHub Actions.
Problem: When we push any change to GitHub and the function app is running it will create a mess as the running function will be stopped and triggered after deployment.
I want a solution to deploy on every push but only when the function app is not running.
Content of yml file:
name: dev-workflow
on:
push:
branches:
- main
env:
AZURE_FUNCTIONAPP_NAME: test-github-actions
AZURE_FUNCTIONAPP_PACKAGE_PATH: '.'
PYTHON_VERSION: '3.7'
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: 'Checkout GitHub Action'
uses: actions/checkout#main
- name: Setup Python ${{ env.PYTHON_VERSION }} Environment
uses: actions/setup-python#v1
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: 'Resolve Project Dependencies Using Pip'
shell: bash
run: |
pushd './${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}'
python -m pip install --upgrade pip
pip install -r requirements.txt --target=".python_packages/lib/site-packages"
popd
- name: 'Run Azure Functions Action'
uses: Azure/functions-action#v1
id: fa
with:
app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
publish-profile: ${{ secrets.PUBLISH_PROFILE }}
According to this post response from chrispat (6 months ago) there isn't
any native feature to prevent duplicate workflows currently on Github Actions.
However, there is this action that might help to prevent duplicated actions to start.
Another option could be to limit concurrent workflows runs, you can find more about it in this post.

Nested templates (calling a yaml file from another yaml file) in GitHub Actions

Does GitHub action support nested templates? For example, here is an example of Azure Pipeline yaml where it calls another yaml file:
- job: BuildFunctions
steps:
- ${{ each func in parameters.functionApps }}:
- template: yaml/build-functionapps.yml
parameters:
Is it possible to call a yaml file from another yaml file in GitHub actions?
You can use composite run steps actions. These are actions that are solely defined in YAML (documentation).
You can now specify containers, other composite actions (up to a depth of 9) and node actions in additional to the previously available run steps
node actions likely refers to leaf actions, i.e. actions that don't call any other actions.
Source: https://github.com/actions/runner/issues/646#issuecomment-901336347
Workflow
[...]
jobs:
job:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: ./.github/workflows/composite-action
[...]
Composite run steps action
.github/workflows/composite-action/action.yml (same repository as the workflow)
name: "My composite action"
description: "Checks out the repository and does something"
runs:
using: "composite"
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: 12
- run: npm test
shell: bash
- run: |
echo "Executing action"
shell: bash
Old limitations:
What does composite run steps currently support?
For each run step in a composite action, we support:
name
id
run
env
shell
working-directory
In addition, we support mapping input and outputs throughout the action.
See docs for more info.
What does Composite Run Steps Not Support
We don't support setting conditionals, continue-on-error, timeout-minutes, "uses" [remark: i.e. using other actions], and secrets on individual steps within a composite action right now.
(Note: we do support these attributes being set in workflows for a step that uses a composite run steps action)
Source: https://github.com/actions/runner/issues/646
I think using the composite action pattern, you can achieve what you want.
You need to define the steps which you think will be reused in other places, and make it parameterized, by providing inputs. In my opinion, it's more powerful than how templates work in gitlab or in other similar platforms.
This way, you are defining a function, which can take inputs, and get stuff done for you, based on those inputs.
Also, even though the docs suggest that, you should create your leaf action as a separate public repo, and use it in your base action- it's not necessary, you can simply have a structure like below(taken the example from one of our live workflow), and use those leaf actions in your workflow-
.github
- actions
- deploy-to-k8s
- action.yaml
- publish-image
- action.yaml
- workflows
- deploy-from-pr.yaml <-- this will make use of all the actions defined
Here's how the deploy-from-pr.yaml workflow looks like-
name: deploy-from-pr
on:
pull_request:
branches:
- master
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
deploy-from-pr:
name: Deploy from PR to Development
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set version
id: release
run: echo ::set-output name=version::$(git describe --always)
# custom action to build and push image
- name: Build & publish image
uses: ./.github/actions/publish-image # see how it's referred from same repo directly
with:
registry: ${{ env.REGISTRY }}
registry_username: ${{ github.REGISTRY_USERNAME }}
registry_password: ${{ secrets.REGISTRY_PASSWORD }}
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
# custom action to deploy into kubernetes
- name: Deploy to kubernetes
uses: ./.github/actions/deploy-to-k8s # see how it's referred from same repo directly
with:
digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}
cluster_name: ${{ secrets.CLUSTER_NAME }}
overlay_path: .k8s/overlays/dev
image_name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tag: ${{ steps.release.outputs.version }}
Github Gist
You can check the deploy-to-k8s/action.yaml, to see how it's written.
No, it is not. I asked the exact same question in the GitHub Forum:
Is it possible to create / publish Actions without Docker or JS by having the code in the Workflow Syntax / YML?
As mentioned in the document: Currently, types of actions only lists
Docker container and JavaScript, so there is no such feature to
achieve your requirement.
Source: https://github.community/t/how-to-create-ready-to-use-action-without-docker-js/124889/2
This would have eased creating templates for users as system administrator.
You can also use reusable workflows.

Multiple github actions defined in repository fails

The problem I'm facing is that the Packer build fails.
This is the error I get:
Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/vsts-agent/actions-runner/_work/repo/repo/.github/actions/packer-build'. Did you forget to run actions/checkout before running your local action?
The jsonnet steps work fine and they are coming from a custom action as well. Both actions are defined correctly in the repository. When I rerun checkout after the jsonnet steps the packer build works...however, I lose the jsonnet files.
Has anyone found a work around for this? Here is my config
name: Build
on: push
jobs:
Build_Image:
name: build
runs-on: [self-hosted, tsa]
steps:
- uses: azure/login#v1.1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: azure/get-keyvault-secrets#v1.0
with:
keyvault: scotty-packer-nonprod
secrets: "MANAGED-IMAGE-SUBSCRIPTION-ID"
id: morePipelineSecrets
- uses: azure/get-keyvault-secrets#v1.0
with:
keyvault: github-actions-nonprod
secrets: "RESOURCE-GROUP, SUBSCRIPTION-NAME, SUBSCRIPTION-ID, TENANT-ID, RG-CLIENT-ID, RG-CLIENT-SECRET"
id: pipelineSecrets
- name: checkout
uses: actions/checkout#v2
- name: jsonnet render template
uses: ./.github/actions/jsonnet
with:
file: packer/ubuntu1804.jsonnet
output_file: packer/ubuntu1804.json
- name: jsonnet render vars
uses: ./.github/actions/jsonnet
with:
file: packer/packer-vars.jsonnet
output_file: packer/packer-vars.json
- name: Packer build
uses: ./.github/actions/packer-build
Directory Structure
repo
-.github
-actions
-jsonnet
Dockerfile..etc
-packer-build
Dockerfile..etc
-workflows
-build.yml
That is weird - the two issues should not be connected. Even weirder is the fact that it works, when checking out the code twice. You have an actions.yml in your packer-build folder?
Nevertheless, possible workaround: Use the actions/upload Action to persist your file.
Like this:
- uses: actions/upload-artifact#v2
with:
name: Upload Jsonnet File
path: packer/ubuntu1804.json
Try to access your second, different action in a new job and get the file with the actions/download-artifact action.