GitHub actions that can be reused in other hdps repos for CI or other purposes.
At the time of creation (November 2020) GitHub does not have a built-in solution for centrally managed actions or workflow templates. It is an open item on the Actions Roadmap.
Basic workflow templates do exit but they only applied when creating a workflow for the first time.
For more information see the background info section.
Malicious code in common actions could have serious consequences for the integrity of repo code.
For that reason this repository shall be kept readonly except for CI/CD maintainers. In this case follow
the read-only usage example. (Not this was changed from the original private
strategy it permits simpler application of the actions.)
Currently it is not possible to direct an action to a private repo.Consider using https://github.com/marketplace/actions/private-actions-checkout as an alternative to the private option below
Centralize the common CI actions in one repository. Usage depends on the security approach adopted: either private or read-only.
With a read-only repo using the actions is reltively simple. Use as follows:
- name: Checkout hdps/common_actions
uses: hdps/common-actions/conan_windows_build@master
...
- name: Checkout hdps/common_actions
uses: hdps/common-actions/conan_linuxmac_build@master
...
A more complex approach is needed: Clone the repository to the .github/common_actions directory of the repository being built in the CI. An SSH key could be used for the checkout see the actions repo doc. This requires the following boiler plate code:
- uses: actions/checkout@v2
- name: Checkout hdps/common_actions
uses: actions/checkout@v2
with:
repository: hdps/common_actions
ref: refs/heads/master
ssh-key: ${{ secrets.CA_SSH_PRIVATEKEY }}
persist-credentials: false
path: ./.github/common_actions
- uses: ./.github/common-actions/conan_windows_build
with:
...
Versioning can be applied with the ref parameter to actions/checkout@v2
The approach was selected from various options (including one where updates to the central repo are pushed to consumer repos) and is based on the examples described in Roque Pinel's blog. It has the disadvantage or advantage (depending on your use case) of not automatically triggering a new build when a central action changes
The action is in the action.yml file under an action name directory. Place a README.md file there
e.g.
conan_linuxmac_build
- action.yml
- README.md
conan_windows_build
- action.yml
- README.md
Due to a markup/jinja bug conan install is:
pip install conan~=1.43.0
pip install "markupsafe<2.1"
Action directory | Function | Inputs link |
---|---|---|
conan_build_linuxmac | Install dependencies and execute a conan build on linux or mac | Linux Mac Inputs |
conan_build_windows | Install dependencies and execute a conan build on Windows (2016) | Windows Inputs |
Migrate to GitHub centrally managed actions when they become available in 2021.