🫶 GitHub Actions Resources for Container DevOps

Last updated July 2023

As part of my Automate Your Deployments on Kubernetes with GitHub Actions and Argo CD GitOps course, we spend a week learning GitHub Actions (GHA) for the typical software lifecycle of build, test, and deploy.

Beyond the slides and Zoom workshops in that course, here's an organized list of resources I provide for reference and further learning.

My Workflow Templates

• Docker build - simple, full
• Docker build - reusable (calling / called)
• Docker build - image promotion (calling)
• Walkthrough of progression from basic Docker build to full
• Super-Linter - reusable (calling / called)
• Trivy CVE Image Scan - reusable (calling / called)
• Snyk CVE Image Scan - reusable (calling / called)
• GitOps PR for Kustomize - reusable (calling / called)
• Docker Scout - Coming Soon

Staying up to date on what's new with Actions

• GitHub Blog labels (actions, githubactions) for the RSS die-hards
• GitHub Changelog on Twitter
• GitHub Roadmap: Check specific labels (actions, dependabot). Subscribe to any GH Issue you care about to get notified when its status changes.

Troubleshooting Workflows and Runs

Run workflows locally with act.

• Follow the beginner's guide to see some of the features (passing inputs and payload, secrets, GITHUB_TOKEN, etc.)
• Try some of the example commands.
• Learn about the mock-github and act-js projects to determine if you need them.

SSH into GHA runners to debug with tmate.

I've never needed this, but if you need to interact with the runner shell to debug your job, this is by far the most popular Action to enable a SSH server on it.

Native SSH debugging is coming later in 2023 to GitHub Enterprise.

Tips when calling reusable workflows

Once you start using reusable workflows (which I always use for most things in a software project), some specific errors and issues may crop up.

• If you don't see a workflow run in PR checks, check the Action tab for errors. If a workflow can't start, it may not show up in a PR or commit's checks list.
• If you see a file path in the Actions tab error, check for typing errors in the path or access errors in reaching the called/reusable workflow.
• Ensure reusable workflow has the workflow_call event, or it won't be callable.
• Ensuring the calling job is pointing to the correct branch/tag/sha of the calling/reusable workflow.
• If the reusable workflow is in a private repo, be sure calling it is allowed via that repos' Settings > Actions > General > Access and enable "Accessible from repositories in the organization"

Recommended Actions

• Docker Official Actions (docs.docker.com)
  • Docker Build and Push
  • Docker Meta (so great, but takes time to understand its rulesets)
• Trivy CVE Scanner Action
• Create pull request (peter-evans)
• Create or update comments in PR (peter-evans maintains a ton of Actions)
• Setup Kubernetes in runner with k3d
• Slack send (sending job info to a Slack channel)
• List: sdras/awesome-actions (outdated but still useful)
• List: useful-actions
• List: Official GitHub-made Actions
• List: All verified Actions

GitHub Documentation

• Reusable workflows (I reference this often)
• Reusable workflow inputs
• Job outputs (important for chaining jobs together)
• Events you can use to start a workflow
• Workflow commands (CLI things you can do when building your own job steps)
• How do GitHub’s Public Runners work, and what’s installed on them
• Storing workflow data as artifacts
• GITHUB_TOKEN security and customization
• GitHub Actions Secrets
• Security hardening for GHA

Private Runners

awesome-runners - "A curated list of awesome self-hosted GitHub Action runners in a large comparison matrix"