SE Radio 567: Dave Cross on GitHub Actions

Dave Cross, owner of Magnum Solutions and author of GitHub Actions Essentials (Clapham Technical Press), speaks with SE Radio host Gavin Henry about GitHub actions, the value they provide, and the best practices for using them in your projects. Cross describes the vast range of things that developers can do with GitHub Actions, including some use cases you might never have thought about. They start with some general discussion of CI/CD and then consider the three main types of events that drive GitHub actions before digging in to details about fine-grained action events, Action Marketplace, contexts, yaml, docker base images, self-hosted runners, and more. They further explore identity management, permissions, dependency management, saving money, and how to keep your secrets secret.

Dave Cross, owner of Magnum Solutions and author of GitHub Actions Essentials (Clapham Technical Press), speaks with SE Radio host Gavin Henry about GitHub actions, the value they provide, and the best practices for using them in your projects. Cross describes the vast range of things that developers can do with GitHub Actions, including some use cases you might never have thought about. They start with some general discussion of CI/CD and then consider the three main types of events that drive GitHub actions before digging in to details about fine-grained action events, Action Marketplace, contexts, yaml, docker base images, self-hosted runners, and more. They further explore identity management, permissions, dependency management, saving money, and how to keep your secrets secret.

Show Notes

• Episode 554: Adam Tornhill on Behavioral Code Analysis

• Episode 544: Ganesh Datta on DevOps vs Site Reliability Engineering

• Episode 521: Phillip Mayhew on Test Automation in Gaming

• Episode 498: James Socol on Continuous Integration and Continuous Delivery (CI/CD)

• Episode 482: Luke Hoban on Infrastructure as Code

• Episode 440: Alexis Richardson on GitOps

• Episode 424: Sean Knapp on Dataflow Pipeline Automation

• Episode 221: Jez Humble on Continuous Delivery

• Evolution of GitHub Action Workflows

• On the Use of GitHub Actions in Software Development Repositories

• How Do Software Developers Use GitHub Actions to Automate Their Workflows?

• https://www.linkedin.com/in/davorg/

• GitHub Actions Essentials – Automate, Integrate, Deploy: Unlocking the Power of GitHub Actions

• Features • GitHub Actions

• Clapham Tech Press – Publishing and selling technical ebooks

• Dave Cross (@[email protected])

• GitHub – PerlToolsTeam/planetperl: Perlanet configuration for a Perl Planet

• planetperl/buildsite.yml at master · PerlToolsTeam/planetperl

• Git scraping: track changes over time by scraping to a Git repository

• First interaction – GitHub Marketplace

• GitHub – actions/runner-images: GitHub Actions runner images

• Events that trigger workflows – GitHub Docs

• Events that trigger workflows – GitHub Docs

Transcript

Transcript brought to you by IEEE Software magazine.

This transcript was automatically generated. To suggest improvements in the text, please contact [email protected] and include the episode number and URL.

Gavin Henry 00:00:16 Welcome to Software Engineering Radio. I’m your host, Gavin Henry, and today my guest is Dave Cross. Dave has been programming professionally since 1988 and a Perl user for a very long time. I actually came across Dave in 2010 when I was a big Perl Catalyst user. He is the author of Data Mining with Perl from Manning and a co-author of Perl Template Toolkit from O’Reilly. Dave runs and owns Magnum Solutions, an open-aource development consultancy based in London. His latest book is called GitHub Actions from Clapham Technical Press. Dave, welcome to Software Engineering Radio. Is there anything I missed that you’d like to add?

Dave Cross 00:00:58 Hi, thank you for having me. No, just to emphasize what you said about my career starting in 1988, which means I am very old, and the fact that I’m enthusiastic about some of these newer technologies is because so much of my career was spent without them.

Gavin Henry 00:01:15 So you’ve seen the before where it was all manual and everything.

Dave Cross 00:01:19 Absolutely. This is so much easier.

Gavin Henry 00:01:21 Excellent. Perfect. So we’re going to have a chat about, obviously, this show’s about GitHub actions. We’re going to talk about the value they provide and discuss an example project that implements the main parts of continuous integration and continuous deployment with a few surprises along the way. So let’s get started. Continuous integration and continuous deployment. Let’s start with the basics. Dave, what is CI?

Dave Cross 00:01:45 So CI, it’s automating the bits of your project which mean that you can measure the quality of your project, I guess, It means that every time you commit some new code to your code base or changed code into your code base, you can run processes which do things like run unit tests, run a linter against your code base, and perform other quality metrics like maybe measuring the complexity of the code or the coverage of your tests, that kind of thing. The kind of numbers that might end up on a dashboard that is on a monitor hanging above the development team so that everyone who walks past the team can see how good your code is.

Gavin Henry 00:02:33 If you were to come across a new project on GitHub or your recommended one, what would be the first thing you’d look at to see what the continuous integration would be?

Dave Cross 00:02:42 I think the first thing that I would be looking at is the coverage. Just to see how well the test suite matches the amount of code that you’ve actually got in the project. Having a test suite that covers the code base well means that you have more — it’s easier to change code and know that you’re not breaking things.

Gavin Henry 00:03:04 Yeah, it gives you that safety net, doesn’t it? And obviously you’d want there to be some type of continuous integration in the project.

Dave Cross 00:03:11 Yes, yeah.

Gavin Henry 00:03:13 So that would be the first thing hopefully. What is continuous deployment?

Dave Cross 00:03:17 So that’s the step that comes after continuous integration. It means that once you are happy that your code is good or even better than it was previously, then you can automatically take that code from your GitHub server or whatever source code system you are using and move it into production in a manner that is easy to reproduce. So, hopefully just pressing a button and at the end of some processes running, the code is up on your production server and running.

Gavin Henry 00:03:56 Excellent. Thank you. For the listeners who want dig into CICD — continuous integration, continuous deployment — more, we’ve actually done a full show on it, which was show 498 with James Socol on Continuous Integration, Continuous Delivery. We’ve done episode 554 on Behavioral Code Analysis, which was really good. Episode 544, 482, 440, 424 and an older one on Continuous Delivery, Episode 221. I’ll put those links in the show notes, but it helps expand on this very light overview I’ve just done with Dave. So before I move us on to the core of the show, which is GitHub Actions, is there a sort of low-hanging fruit to put into CI as a safety net and something in CD, or does it depend on the project and you know, the software developer?

Dave Cross 00:04:47 To a large extent, I guess it does depend on the project, but as I said earlier, I think getting your unit tests running in some kind of CI framework is very useful.

Gavin Henry 00:04:58 Excellent. And there’s simple things on GitHub, like, I suppose it depends on the project, like the Dependabot thing or what’s their static analysis one? CodeQL, I think it.

[...]

Original source