Following is a simple GitHub Actions workflow named as First Workflow
. It defines one job named first-job
to print a greeting and a goodbye message.
name: First Workflow
# Define the events that trigger this workflow to run.
# 'workflow_dispatch' event allows manual triggering of the workflow from the GitHub Actions UI.
on: workflow_dispatch
jobs:
first-job:
# Define the runner environment for the 'first-job' job.
runs-on: ubuntu-latest
steps:
# Step 1: Print a greeting message. (Multiple Command)
- name: Print greeting
run: |
echo "Hello World"
echo "Have a great day!"
# Step 2: Print a goodbye message.
- name: Print goodbye
run: echo "Done - bye!"
Following is a GitHub Actions workflow for a Go project. It defines one job named build
to build and test the Go project.
The job is triggered when there's a push event that modifies files in the simple-task/
directory.
name: Go
# Define the events that trigger this workflow to run.
# The workflow is triggered when there's a push event affecting files in the "simple-task/" directory.
on:
push:
paths:
- simple-task/**
jobs:
build:
# Define the runner environment for the "build" job.
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the code from the repository.
- uses: actions/checkout@v3
# Step 2: Set up the Go environment with the specified version.
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
# Step 3: Build the Go project using the "go build" command.
- name: Build
working-directory: ./simple-task
run: go build -v .
# Step 4: Run tests for the Go project using the "go test" command.
- name: Test
working-directory: ./simple-task
run: go test -v .
Following is a GitHub Actions workflow for a Go project. It defines two jobs: test
and build
, to run tests and build the project respectively. These jobs run in parallel. And also the following workflow will be triggered in two events.
push
event triggers the workflow when new code is pushed to the repository.workflow_dispatch
event allows manual triggering of the workflow from the GitHub Actions UI.
name: Go
# 'push' event triggers the workflow when new code is pushed to the repository.
# 'workflow_dispatch' event allows manual triggering of the workflow from the GitHub Actions UI.
on: [push, workflow_dispatch]
jobs:
test:
# Define the runner environment for the 'test' job.
runs-on: ubuntu-latest
steps:
# Step 1: Download the code from the repository.
- name: Download Code
uses: actions/checkout@v3
# Step 2: Set up Golang environment with the specified version and cache dependencies.
- name: Set up Golang
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: simple-task/go.sum
# Step 3: Run tests using 'go test' command.
- name: Test
working-directory: ./simple-task
run: go test -v .
build:
# Define the runner environment for the 'build' job.
runs-on: ubuntu-latest
steps:
# Step 1: Download the code from the repository.
- name: Download Code
uses: actions/checkout@v3
# Step 2: Set up Golang environment with the specified version and cache dependencies.
- name: Set up Golang
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: simple-task/go.sum
# Step 3: Build the project using 'go build' command.
- name: Build
working-directory: ./simple-task
run: go build -v .
This is a GitHub Actions workflow for a Go project. It defines two jobs: 'test' and 'build', to run tests and build the project respectively. These jobs runs sequentially.
- use
needs
keyword to run jobs sequentially
name: Go
# Define the events that trigger this workflow to run.
# 'push' event triggers the workflow when new code is pushed to the repository.
# 'workflow_dispatch' event allows manual triggering of the workflow from the GitHub Actions UI.
# on: [push, workflow_dispatch]
on: workflow_dispatch
jobs:
test:
runs-on: ubuntu-latest
steps:
# Step 1: Download the code from the repository.
- name: Download Code
uses: actions/checkout@v3
# Step 2: Set up Golang environment with the specified version and cache dependencies.
- name: Set up Golang
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: simple-task/go.sum
# Step 3: Run tests using 'go test' command.
- name: Test
working-directory: ./simple-task
run: go test -v .
build:
# This job depends on the successful completion of the 'test' job.
# It will run only if the 'test' job finishes successfully.
needs: test
runs-on: ubuntu-latest
steps:
# Step 1: Download the code from the repository.
- name: Download Code
uses: actions/checkout@v3
# Step 2: Set up Golang environment with the specified version and cache dependencies.
- name: Set up Golang
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: simple-task/go.sum
# Step 3: Build the project using 'go build' command.
- name: Build
working-directory: ./simple-task
run: go build -v .
Contexts are a way to access information about workflow runs, variables, runner environments, jobs, and steps. Each context is an object that contains properties, which can be strings or other objects. Contexts, objects, and properties will vary significantly under different workflow run conditions.
This is a GitHub Actions workflow named view contexts
. The workflow is triggered manually using the workflow_dispatch
event.The view
job is defined to view and output various GitHub Actions contexts.
name: view contexts
on:
workflow_dispatch
jobs:
view:
# Define the runner environment for the 'view' job.
runs-on: ubuntu-latest
steps:
# Step 1: View and output the GitHub context using the 'github' context.
- name: view GitHub Context
run: echo "${{ toJSON(github) }}"
# Step 2: View and output the job context using the 'job' context.
- name: view job Context
run: echo "${{ toJSON(job) }}"
# Step 3: View and output the secrets context using the 'secrets' context.
- name: view secrets Context
run: echo "${{ toJSON(secrets) }}"
# Step 4: View and output the needs context using the 'needs' context.
- name: view needs Context
run: echo "${{ toJSON(needs) }}"
-
Create a policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::<BUCKET-NAME>/*" ] }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::<BUCKET-NAME>" } ] }
-
Create a role with above policy and following
Trust relationships
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::111111111132:oidc-provider/token.actions.githubusercontent.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" }, "StringLike": { "token.actions.githubusercontent.com:sub": "repo:shamimice03/github-actions-lab:ref:refs/heads/main" } } } ] }
- Add
Role_ARN
,Region
,Bucket-Name
to the reposecrets
- https://docs.github.com/en/actions/using-workflows/reusing-workflows
- Secrets: https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
- Similar steps:
008_artifact.yaml
- OIDC
- S3 Bucket
- IAM Policy
- IAM Role
- Repo
secrets
setup
- Add