Ben Chuanlong Du's Blog

It is never too late to learn.

Tips on GitHub Actions

Things on this page are fragmentary and immature notes/thoughts of the author. Please read with your own judgement!

Tips and Traps

  1. You can use sudo without password in Linux and macOS when running GitHub Actions.

  2. GitHub Actions supports manual triggers with workflow_dispatch. Workflow parameters are supported in manually triggers.

  3. GITHUB_TOKEN is an automatically generated secret that lets you make authenticated calls to the GitHub API in your workflow runs. Actions generates a new token for each job and expires the token when a job completes. GITHUB_TOKEN can also be used for the GitHub Action peter-evans/create-pull-request to create PRs automatically. However, GitHub bot is the owner of a PR created by the GitHub action create-pull-request with GITHUB_TOKEN which might have issues triggering other pipelines listening to PR events. A simple solution to this problem is to manually create a repository secret (e.g., GITHUBACTIONS) and use it to autenticate the GitHub Action create-pull-request with GITHUB_TOKEN .

  4. Rust cannot be installed into a global location following instructions at Install Rust Globally in Linux . This might because GitHub Actions VMs have restrictions on environemnt variables. You can still install Rust using root (via sudo) but this doesn't give you much priviledge as the root account in a GitHub Actions VM is restricted too.

  5. The runner account (even with sudo) in GitHub Actions VMs have restricted priviledges. For example, the Linux perf (and equivalent) tools cannot be run in GitHub Actions VMs even if sudo is used. Docker containers running in GitHub Actions VMs are restricted too. For more details, please refer to Supported Linux capabilities .

  6. OS: ubuntu-latest, windows-latest, macOS-latest

  7. Docker container is available in Ubuntu and Windows but not macOS in GitHub Actions due to license issues. To use Docker in macOS in GitHub Actions, you have to install it manually. Please refer to Is it possible to install and configure Docker on MacOS runner? for more details.

  8. Good practices for GitHub repository with GitHub Actions workflows:

    • Have 2 protected branches main and dev, where main is reserved for releasing and dev is reserved for development.
    • Fork the dev branch for development.
    • A PR from dev to main should be made when it is ready to release a new version.

Issues and Solutions

Error: The process '/usr/bin/git' failed with exit code 1

Sympton: A GitHub Actions workflow fail to checkout a branch of a repository and throws the following error message.

Error: The process '/usr/bin/git' failed with exit code 1

Possible Causes and Solutions: It's possible that you use a branch name (e.g., used main while the repo does not have a main branch) which does not exist. If so, use the correct branch name might fix the issue.

Branch Matching

on:
push:
    branches:    
    - '*'         # matches every branch that doesn't contain a '/'
    - '*/*'       # matches every branch containing a single '/'
    - '**'        # matches every branch
    - '!master'   # excludes master

For more discussions, please refer to GitHub Actions: how to target all branches EXCEPT master? and Workflow syntax for GitHub Actions .

PowerShell on Windows

Set PATH

echo "::add-path::./swigwin-4.0.1"

echo %programfiles% echo ::set-env name=ProgramFilesPath::%programfiles%

https://stackoverflow.com/questions/60169752/how-to-update-the-path-in-a-github-action-workflow-file-for-a-windows-latest-hos

https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#adding-a-system-path

Prepends a directory to the system PATH variable for all subsequent actions in the current job. The currently running action cannot access the new path variable.

Good Github Actions

checkout

ssh-agent

ssh-agent is a GitHub Action to setup ssh-agent with a private key.

bencher

Bencher is a suite of continuous benchmarking tools.

GitHub Actions for Python

https://hynek.me/articles/python-github-actions/

https://github.com/actions/setup-python

Pull Request

https://github.com/peter-evans/create-pull-request

Create PR from push on a given branch

Examples

Using semantic-release with GitHub Actions

automerge-action

Automatic Deployment With Github Actions

Zip Code Base with Github Actions for Releases

GitHub Automatic Releases

Introducing GitHub Package Registry

Self-hosted Runners

  1. straight forward to set up self-hosted runners following instructions

  2. No need for the machine to be publicly accessible

  3. Currently, a runner can be configured to accept only 1 repo in a personal account (which is inconveneint) or multiple repositories in a GitHub organization.

  4. A self-hosted runner is able to use SSH keys on the host. However, if a Docker container is used with a self-hosted runner, you have to properly expose SSH keys on the host to the Docker container. A feasible way is to 

    1. Configure the GitHub Action workflow to mount `$HOME/.ssh` to `/ssh`.
2. Copy `/ssh` to `/root/.ssh` in the Docker container. 
3. Run `chmod 600 /root/.ssh/*` to ensure right permissions of SSH keys and configuration files.

References

https://www.youtube.com/watch?v=Ll50l3fsoYs&feature=emb_logo

https://www.youtube.com/watch?v=0ahRkhrOePo

https://docs.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#about-virtual-environments

https://stackoverflow.com/questions/57830375/github-actions-workflow-error-permission-denied

GitHub’s Actions v2 — Tips and Tricks

Questions about PR workflows and actions/checkout@v2

Comments