GitHub Actions by Example

• github-script

  11 3,933 6.4 TypeScript

  Write workflows scripting the GitHub API in JavaScript

  

Nice idea, worth mentioning other features:

* Reusable workflows (note: matrix strategy doesn't work here): https://docs.github.com/en/actions/using-workflows/reusing-w...

* Composite actions: https://docs.github.com/en/actions/creating-actions/creating...

* Script as action: https://github.com/actions/github-script

* Using GitHub Packages and artifacts: https://docs.github.com/en/actions/publishing-packages/about...

* Using docker-compose-like services that run alongside of the container: https://docs.github.com/en/actions/using-containerized-servi...

And many, many more :)

• learnxinyminutes-docs

  226 11,153 9.1 JavaScript

  Code documentation written as code! How novel and totally my idea!

It's quite common:

- Go By Example: https://gobyexample.com/

- Rust By Example: https://doc.rust-lang.org/rust-by-example/

- V [a weird knockoff of Go] By Example: https://v-community.gitbook.io/v-by-example/

There's also 'Learn X in Y Minutes' (https://learnxinyminutes.com/), which covers a range of different 'X'es. They make it ridiculously easy to get going with a new tool/language, IMO. It's a superb paradigm in general.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• tiny-differentiable-simulator

  6 1,148 1.6 C++

  Tiny Differentiable Simulator is a header-only C++ and CUDA physics library for reinforcement learning and robotics with zero dependencies.

  

https://github.com/google-research/tiny-differentiable-simul...

• tiny-differentiable-simul

  2 - -

https://github.com/google-research/tiny-differentiable-simul...

• setup-msys2

  2 265 7.2 JavaScript

  GitHub Action to setup MSYS2

  

> Actions reduce workflow steps by providing reusabe[sic] “code” for common tasks. To run an action, you include the uses keyword pointing to a GitHub repo with the pattern {owner}/{repo}@{ref} or {owner}/{repo}/{path}@{ref} if it’s in a subdirectory. A ref can be a branch, tag, or SHA.

Aside from the typo, I wonder how many packages could be backdoored at once, if an action maintainer went rogue, seeing as there's no pinning for actions by default, and (according to https://github.com/msys2/setup-msys2/blob/main/HACKING.md) moving a tag is the default way to push updates to an action. (Interestingly get-cmake/run-cmake/run-vcpkg are all operated by the same person.)

• ghactionsbyexample

  1 167 3.0 Go

  GitHub Actions by Example

Thanks! The page itself is just simple HTML and tables. I generated it from YAML files with a custom HTML generator, see for example: https://github.com/macintoshpie/ghactionsbyexample/blob/df6f...

• dependabot-core

  30 3,858 10.0 Ruby

  🤖 Dependabot's core logic for creating update PR's.

  

Def a real concern.

If anyone is interested to mitigate it yourself, these are helpful :)

https://docs.github.com/en/actions/creating-actions/about-cu...

https://github.com/dependabot/dependabot-core/issues/2835

https://github.com/zgosalvez/github-actions-ensure-sha-pinne...

https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• github-actions-ensure-sha-pinned-actions

  1 34 7.4 JavaScript

  A Github Action to ensure that actions are pinned to full length commit SHAs

Def a real concern.

If anyone is interested to mitigate it yourself, these are helpful :)

https://docs.github.com/en/actions/creating-actions/about-cu...

https://github.com/dependabot/dependabot-core/issues/2835

https://github.com/zgosalvez/github-actions-ensure-sha-pinne...

https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...

• github-actions-ensure-sha-pinne

  1 - -

Def a real concern.

If anyone is interested to mitigate it yourself, these are helpful :)

https://docs.github.com/en/actions/creating-actions/about-cu...

https://github.com/dependabot/dependabot-core/issues/2835

https://github.com/zgosalvez/github-actions-ensure-sha-pinne...

https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...

• dependabot-sha-comment-action

  1 2 0.9

  Discontinued Update your GitHub Actions with Dependabot while using secure SHA Commit pinning while maintaining human readable versioning comments.pinned to a SHA

Def a real concern.

If anyone is interested to mitigate it yourself, these are helpful :)

https://docs.github.com/en/actions/creating-actions/about-cu...

https://github.com/dependabot/dependabot-core/issues/2835

https://github.com/zgosalvez/github-actions-ensure-sha-pinne...

https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...

• dependabot-sha-comment-ac

  1 - -

Def a real concern.

If anyone is interested to mitigate it yourself, these are helpful :)

https://docs.github.com/en/actions/creating-actions/about-cu...

https://github.com/dependabot/dependabot-core/issues/2835

https://github.com/zgosalvez/github-actions-ensure-sha-pinne...

https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...

• roadmap

  67 7,698 0.0

  GitHub public roadmap

  

Annoyingly, the private actions roadmap item https://github.com/github/roadmap/issues/74 was modified to "internal actions", i.e., only for GitHub Enterprise; notice how in the edit history it was changed from "private" to "internal".

• toast

  10 1,543 7.6 Rust

  Containerize your development and continuous integration environments. 🥂 (by stepchowfun)

If you're looking for an alternative way to reproduce your CI locally that isn't tied to a particular CI system (but which has a nice integration with GitHub Actions), there's also Toast: https://github.com/stepchowfun/toast

Suggest a related project