GHA
01 Jan 2023 • Leave CommentsWorkflow
Workflows are YMAL files located under the .github/workflows
directory of your GitHub repo.
A workflow has one or more jobs. Each job has one or more steps that execute on a runner. Each step is a user-defined Shell script or well-known actions like actions/checkout. Workflows can be triggered by one or more events.
Here is an quick illustration of core concepts.
Check workflow examples at https://github.com/outsinre/kong/tree/master/.github/workflows.
Please refer to Understanding GitHub Actions.
Runner
Each GitHub-hosted runner is a new virtual machine (VM) hosted by GitHub with the runner application and other tools preinstalled, and is available with Ubuntu Linux, Windows, or macOS operating systems. When you use a GitHub-hosted runner, machine maintenance and upgrades are taken care of for you.
Each workflow job has its own standalone runner and specifies the types of runners by runs-on
.
See more details about runner at Using GitHub-hosted runners.
Variables
Variables can be categorized into 2 types:
- Default variables.
-
Default environment (Shell) variables.
${{ env.GITHUB_REPOSITORY }} $GITHUB_REPOSITORY
-
Default context variables.
${{ github.repository }}
-
- Custom variables.
-
Custom environment (Shell) variables defined via the
env
key.env: my_var: foo
-
Custom configuration variables defined at the "Settings" of organization, repository, or environment level.
-
To access variables, we use context in the form as follows. Most commonly used contexts are github
and env
.
${{ context.property }}
# example
${{ env.GITHUB_REPOSITORY }}
Specially, the env
context has the following two forms:
- Workflow syntax as mentioned above.
- Shell syntax, like
$GITHUB_REPOSITORY
. This form is usually used within therun
key.
The difference between the two forms is that the workflow syntax is interpolated before the workflow jobs are sent to a runner, while the Shell syntax is interpolated at runtime.
Persist Output
We can share values among steps of a job, or even among jobs.
-
To share values among steps of a job, please use GITHUB_ENV.
GITHUB_ENV
is an environment variable storing the pathname of a environment file on the runner. We can access it via Shell syntax inrun
steps and workflow syntax in non-Shell context. See Using the env context to access environment variable values.# define in a step echo "MY_VAR=myValue" >> $GITHUB_ENV # reference in another step ${MY_VAR} # -or- ${{ env.MY_VAR }}
However, in the well-know actions/github-script, we access the environment variables via process.env.my_var.
-
To share values among jobs, please try the following methods.
-
Use environment variable GITHUB_OUTPUT to declare the output of a job. Similar to
GITHUB_ENV
above, but it can only be accessed with workflow syntax.# define output1 in a job run: echo "my_var=hello" >> "$GITHUB_OUTPUT" output1: ${{ steps.<step-id>.outputs.my_var }} # reference output1 in another job ${{needs.<job_id>.outputs.output1}}
Of course,
GITHUB_OUTPUT
can also be used to share values among steps of a job.# reference output1 in another step within the same job ${{ steps.<step-id>.outputs.output1_var }}
-
Tokens and Secrets
- GitHub tokens, namely Personal Access Tokens, are opaque strings (credentials) defined for your GitHub account at https://github.com/settings/tokens.
-
GitHub secrets are names declared at the "Settings" of organization, repository, or repository environment level. Any values (e.g. JSON string) can be assigned to secrets. But to operate the repo, we assign tokens to secrets.
Once set, secrets are available to workflows via
$
.There is a special secret
$
which is automatically issued by GitHub when a workflow is triggered, and you don not need to create this explicitly. It is different from the personal access tokens. Refer to Automatic token authentication .
Refer to Using secrets in GitHub Actions.