How do I create a workflow that can only be started manually, while it will need to specify a specific commit with which it will work?
You can manually run a workflow, provided it is configured to run on the workflow_dispatch event.
Add inputs to define your parameter
on:
workflow_dispatch:
inputs:
myCommit:
description: 'Commit SHA1'
required: true
default: 'undefined'
type: string
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Do something
run: your_command ${{ inputs.myCommit }}
...
Here's an example how to check out the specific commit for build:
on:
workflow_dispatch:
inputs:
refToBuild:
description: 'Branch, tag or commit SHA1 to build'
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
ref: ${{ inputs.refToBuild }}
- name: Build
run: <command for build>
Related
We have a workflow file:
---
name: 'Deploy Test Env'
on:
pull_request:
types:
- edited
- opened
- synchronize
branches:
- develop
paths:
- '**.js'
jobs:
deploy:
# yamllint disable rule:line-length
name: '[DEV] DEPLOY'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Deploy
run: |
echo 'Deploy Dev Env by ${{ github.event.action }} event type' >> "${GITHUB_STEP_SUMMARY}"
When new Pull Request (feature_branch → develop) is created or new commit inside feature_branch is occured, pull_request's opened (or synchronize) event is triggering Job.
Here is a paths condition: if none of JavaScript files are changed, application source code is the same and we don't need to deploy new test environment. That is correct.
But, here is third action type: edited. It is used because we have environment parameters passed inside Pull Request message. And if message is changed (edited), it means that parameters possibly changed too, and we have to re-deploy test environment even if **.js files are not changed. But because of paths condition edited event will not be triggered too.
In other words, description should be looks like:
---
name: 'Deploy Test Env'
on:
# will be triggered only if *.js files changed
pull_request:
types:
- opened
- synchronize
branches:
- develop
paths:
- '**.js'
# will be triggered anytime when PR contents are updated
pull_request:
types:
- edited
branches:
- develop
But YAML doesn't support duplicated keys and this format is wrong.
OR:
on:
pull_request:
types:
# paths are set only for `opened` and `synchronize` types
- type: edited
- type: opened
paths:
- '**.js'
- type: synchronize
paths:
- '**.js'
branches:
- develop
But types should be a list...
The question is: Is it possible to describe desired behavior? Maybe pull_request may be passed twice as array or paths may be set under the edited type (something like my second example)
You can use reusable workflows to achieve this.
Divide your workflow into three (3) workflows:
ci.yml: reusable workflow (workflow that performs stuff)
ci-pr-opened-synchronize.yml: reusable workflow caller (for PR opened/synchronize for .js files)
ci-pr-edited.yml: reusable workflow caller (for PR edited)
The above reusable workflow callers will call the ci.yml workflow.
Here's a complete working example with .md files filter and PRs to the main branch (https://github.com/iamazeem/github-actions-reusable-workflow-test):
ci.yml
name: CI
on:
workflow_call:
inputs:
message:
type: string
description: custom message
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Print message
if: ${{ inputs.message }}
env:
MESSAGE: ${{ inputs.message }}
run: |
echo "message: $MESSAGE"
ci-pr-opened-synchronize.yml
name: PR opened/synchronize
on:
pull_request:
types:
- opened
- synchronize
branches:
- main
paths:
- '**.md'
jobs:
pr-open-sync:
uses: ./.github/workflows/ci.yml
with:
message: 'PR opened/synchronized'
ci-pr-edited.yml
name: PR edited
on:
pull_request:
types:
- edited
branches:
- main
jobs:
pr-edited:
uses: ./.github/workflows/ci.yml
with:
message: 'PR edited'
You may check this PR and its respective actions for this sample:
PR: https://github.com/iamazeem/github-actions-reusable-workflow-test/pull/1
Actions: https://github.com/iamazeem/github-actions-reusable-workflow-test/actions
Here is one more example of reusable workflows:
.github/workflows/reuser_on_edited.yml
the workflow will reuse to_reuse.yml jobs when PR contents are edited
---
name: 'Reuser on Edited'
on:
pull_request:
types:
- edited
branches:
- 'develop'
jobs:
reuse:
uses: ./.github/workflows/to_reuse.yml
with:
original_github: ${{ toJSON(github) }}
other_input: 'BOOM! edited'
.github/workflows/reuser_on_pr_changed.yml
the workflow will reuse to_reuse.yml jobs when some of **.js files is changed.
---
name: 'Reuser on PR changed'
on:
pull_request:
types:
- opened
- synchronize
branches:
- 'develop'
paths:
- '**.js'
jobs:
reuse:
uses: ./.github/workflows/to_reuse.yml
with:
original_github: ${{ toJSON(github) }}
.github/workflows/to_reuse.yml
the file to reuse jobs inside it
on:
workflow_call:
inputs:
original_github:
type: string
required: true
description: "github context that passed from original workflow (JSON)"
other_input:
type: string
default: 'default'
required: false
description: "just for LOLs"
jobs:
deploy_job:
runs-on: ubuntu-latest
steps:
- name: Checkout v2
uses: actions/checkout#v2
with:
ref: ${{ fromJSON(inputs.original_github).event.pull_request.head.sha }}
- name: Deploy
run: |
{
echo 'Deploy Dev Env by `${{ fromJSON(inputs.original_github).event.action }}` event type';
echo '';
echo 'Also `${{ inputs.other_input }}` input is passed';
} >> "${GITHUB_STEP_SUMMARY}"
Original github context may be passed as JSON string and reused inside different workflow.
Also, different conditions (paths, etc.) may be set for different pull_request action types.
I've really struggled here doing this for the first time and having no background in development.
We have an action that checks the status of several services running on different envs (DEV, TEST, PROD) and sends notifications to Microsoft Teams Channel.
At the moment there is a dedicated action for each env and the goal is to combine them in one.
the action itself:
name: Services Health Check
on:
workflow_dispatch:
schedule:
- cron: '*/30 * * * *'
env:
DEV: https://app.dev.contoso.com
TEST: https://app.test.contoso.com
PROD: https://app.contoso.com
TEAMS_TOKEN_DEV: ${{ secrets.HEALTH_CHECK_TEAMS_WEB_HOOK_URL_DEV }}
TEAMS_TOKEN_TEST: ${{ secrets.HEALTH_CHECK_TEAMS_WEB_HOOK_URL_TEST }}
TEAMS_TOKEN_PROD: ${{ secrets.HEALTH_CHECK_TEAMS_WEB_HOOK_URL_PROD }}
jobs:
#here I want to create a matrix as a JSON array to look like this, but Im not sure if I do it right (I am also not sure if I correctly escape the characters and which one should I escape):
#[
# { dev : https://app.dev.contoso.com, webhook : ${{ secrets.WEB_HOOK_URL_DEV }} },
# {test : https://app.test.contoso.com, webhook : ${{ secrets.WEB_HOOK_URL_TEST }} },
# {prod : https://app.contoso.com, webhook : ${{ secrets.WEB_HOOK_URL_TEST }} }
#]
env-matrix:
name: Setup ENV Matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.matrix.outputs.env }}
steps:
- id: matrix-env
run: |
echo '::set-output name=env::[\{\"env\"\:\"$DEV\", \"webhook\"\:\"$TEAMS_TOKEN_DEV\"\}, \{\"env\"\:\"$DEMO\", \"webhook\"\:\"$TEAMS_TOKEN_DEMO\"\}, \{\"env\"\:\"$TEST\", \"webhook\"\:\"$TEAMS_TOKEN_TEST\"\}, \{\"env\"\:\"$POC\", \"webhook\"\:\"$TEAMS_TOKEN_POC\"\}, \{\"env\"\:\"$PRE\", \"webhook\"\:\"$TEAMS_TOKEN_PRE\"\}, \{\"env\"\:\"$PROD\", \"webhook\"\:\"$TEAMS_TOKEN_PROD\"\}]'
#and the healthcheck job itself
healthcheck:
needs: env-matrix
name: Health Check
runs-on: ubuntu-18.04
strategy:
matrix:
value: ${{ fromJson(needs.env-matrix.outputs.matrix-env)}}
steps:
- name: service1
uses: repo/action
continue-on-error: true
with:
url: '${{ matrix.value.env }}/service1/q/health/ready'
teamsWebHookURL: '${{ matrix.value.webhook }}'
- name: service2
uses: repo/action
continue-on-error: true
with:
url: '${{ matrix.value.env }}/service2/q/health/ready'
teamsWebHookURL: '${{ matrix.value.webhook }}'
so the job must run on DEV with TEAMS_TOKEN_DEV, on TEST with TEAMS_TOKEN_TEST, but I don't know the way to access an array item, so the steps are incorrect.
Any help will be appreciated. If you know a simpler solution pls share.
Thanks for your time and help
Another way of rewriting your workflow is to define the name of the secrets in the matrix and then using Array notation to fetch the actual value of the secrets. Below is a way of doing this and it is not a clone of your workflow. But this should give you an idea.
name: Services Health Check
on:
workflow_dispatch:
jobs:
healthcheck:
name: Health Check
runs-on: ubuntu-18.04
strategy:
matrix:
environment: [dev, test, prod]
include:
- environment: dev
url: https://app.dev.contoso.com
webhook: HEALTH_CHECK_TEAMS_WEB_HOOK_URL_DEV
- environment: test
url: https://app.test.contoso.com
webhook: HEALTH_CHECK_TEAMS_WEB_HOOK_URL_TEST
- environment: prod
url: https://app.prod.contoso.com
webhook: HEALTH_CHECK_TEAMS_WEB_HOOK_URL_PROD
steps:
- name: test_1
run: |
echo ${{ format('{0}{1}', matrix.url, '/service1/q/health/ready') }}
echo ${{secrets[matrix.webhook]}}
- name: test_2
run: |
echo ${{ format('{0}{1}', matrix.url, '/service2/q/health/ready') }}
echo ${{secrets[matrix.webhook]}}
I am trying to automate some tests but I would need to pass some particular parameters to the final test scripts that would fit perfectly as a json file. The issue now is to make github action able to handle json data as a parameter.
The constraint is that the json file as to be local as the workflow has to be triggered from the command gh workflow run ...
So far I tried create my first yml file as such :
name: setup
on:
workflow_dispatch :
inputs:
config_file:
description: 'json file containing the configuration for the runners'
required: true
type: string
...
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
setup-auth:
name: setup-authentication
uses: ./.github/workflows/single-device-authentication.yml
with:
devices: mlops
config_file: ${{ inputs.config_file }}
secrets: inherit
single-device-authentication.yml looks like this, I commented where it fails :
name: single-device-authentication
on:
workflow_call:
inputs:
devices:
required: true
type: string
config_file:
description: 'json file containing the configuration for jetson runners'
required: true
type: string
jobs:
device-authentication:
name: device-authentication
runs-on: ${{ inputs.devices }}
steps:
- uses: PATH/TO/gh_auth#main
with:
app_id: 7
private_key: ${{ secrets.MLOPS_BOT_PRIVATE_KEY }}
json-parser:
name: parser
runs-on: ${{inputs.devices}}
needs: device-authentication
steps:
- name: parser script
run: |
echo ${{ inputs.config_file }}" # This fails
Also, to trigger the workflow, I tried that way :
gh workflow run setup.yml -f config_file="$(cat ${PATH_TO_CONFIG_FILE})"
So, i have tried different versions of this, but i still cannot get it right.
I have a github actions pipeline where i would like to insert a choice so people don't have to look for it in documentation:
name: Echo message
on:
workflow_dispatch:
inputs:
hubAddressGroupObject:
type: choice
description: 'Enter the name of the hub where the entry is added'
required: true
default: 'AZURE-EUW-XXXXX'
options:
- 'AZURE-EUW-XXXXX'
- 'AZURE-FRC-XXXXX'
- 'AZURE-USE-XXXXX'
- 'AZURE-FRC-XXXXX'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: WriteMessage
shell: pwsh
run: |
Test-script.ps1 -message "${{ github.event.inputs.hubAddressGroupObject }}"
The 'Test-script.p1' can look like this:
param (
[string] $message
)
Write-Host ('{0}' -f $message)
The output is still a normal workflow_dispatch with no choice.
What am i doing wrong?
Also, i have merged the current branch into main (default).
your code seems to be correct, you have space issue's with "jobs",
shift-tab it and it should work:
name: Echo message
on:
workflow_dispatch:
inputs:
hubAddressGroupObject:
type: choice
description: 'Enter the name of the hub where the entry is added'
required: true
default: 'AZURE-EUW-XXXXX'
options:
- 'AZURE-EUW-XXXXX'
- 'AZURE-FRC-XXXXX'
- 'AZURE-USE-XXXXX'
- 'AZURE-FRC-XXXXX'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: WriteMessage
run: |
echo "${{ github.event.inputs.hubAddressGroupObject }}"
Im using branch protection on master, but allowing bypass to a user with a PAT set to ${{ secrets.BYPASS }}
The below pipeline fails on the release step with this error.
I believe its the checkout#2 setting persist-credentials: false thats causing the error, but without it i cant get the Automated Version Bump step to work.
Is there a work around?
Run fregante/release-with-changelog#v3
Error: Command failed: git fetch origin +refs/tags/*:refs/tags/*
fatal: could not read Username for 'https://github.com/': No such device or address
Pipeline.yml
name: Push
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
push:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: 'actions/checkout#v2'
with:
ref: ${{ github.ref }}
persist-credentials: false
fetch-depth: 50
- name: Automated Version Bump
id: version-bump
uses: 'phips28/gh-action-bump-version#master'
env:
GITHUB_TOKEN: ${{ secrets.BYPASS }}
with:
skip-tag: 'false'
- name: Tag Changelog
uses: fregante/release-with-changelog#v3
with:
token: ${{ secrets.BYPASS }}