Infrastructure Coders Meetup March 09 2023 - GitHub Actions: From Zero to Almost Hero

Опубликовано: 07 Июль 2026
на канале: Andrew Ritchie
75
3

Tales of Automation and Deployment Woes
Lessons learned over the past year using GitHub Actions.
Common pitfalls, expediting feedback loops, debugging, private custom actions, gitops, etc


GitHub Actions Components and Capabilities
Components – Workflows, Events, Actions, Jobs, Runners, Deployments
Large amount of events that are supported
Composite actions – re-usable workflows
Conditionals
Needs
Matrices
CODEOWNERS

GitHub Actions Level 200
CI/CD Pipelines are a critical service for developers why host and maintain this yourself.
Automated Workflows: allows you to automate repetitive tasks, reducing manual errors and freeing up time for more strategic tasks.
Easy integration with GitHub: integrates seamlessly with GitHub, allowing you to manage your entire development process from one place.
Strategic Microsoft platform (as I understand it) Azure DevOps will be replaced with GitHub Actions
Cross-platform support: support for multiple operating systems, including Linux, Windows, and macOS, making it possible to automate workflows for different environments, hosted or private agents
Flexible and Customizable: provides a wide range of pre-built actions and the ability to create custom actions to fit specific needs.
OSS friendly: open-source projects and offers unlimited free usage for public repositories
Community-driven: large and active community that shares workflows, tips, and tricks, making it easier to find solutions to common problems.
Extensible to leverage other GH integrations, ie dependabot, security scanning, etc.


GitHub Actions Execution
PR enrichment
Non Prod are run in parallel without deployment approval, upon merge to master, whilst prod is done in series with approval needed for each apply
Manual deployments still possible, but conditional approval required for prod launches
Concurrency is helpful to ensure that changes are propagated in order to your environment. Use them lower down within the job, such that they are unique per action, ideally as part of a matrix.
Implementation
Bot approvals for /dev, single approval for /nonprod, 2 approvals prod
Matrices to fan out in parallel
Avoiding inputs wherever possible, however if we must supporting choices, to improve quality

Lessons Learned
Local dev testing using act
`act push -W .github/workflows/merge-deploy.yaml -P gitops-prod-base=ghcr.io/catthehacker/ubuntu:act-latest -s GITHUB_TOKEN`
Jira integration to help understand DORA metrics
Most used plugins path-filter for conditionals, changed-files, pull request commenter
Re-running a manual workflow dispatch, ensure that you select the relevant branch and don’t just re-run last run.
Mono repos are good, although consideration required for different path-based controls for role switching, etc
When working with monorepos don’t move to private actions before testing is complete tightens feedback loop
Use ”incubator” repo when working on impactful changes to github actions or workflows
Slack integration for deployments surfacing relevant information where devs are
Leverage the github slack app
Limit the use of github secrets – source them dynamically, ie terraform data source
Caching of terraform provider and state using github artefacts
Badges and Labels helpful for easily seeing changes, ie tfcmt
Github support team are fairly responsive
Workflow_dispatch for specific branches to allow testing before merging to master
Github groups can own approval of specific deployments based on environment. ie data science and product engineering
PR actions including enforcing pre-commit config, PRs have descriptions, branch naming strategies aligns with Jira ticket, using the latest version of template, diff of the environment etc

GitHub Actions Limitations
`contains` expression doesn’t support regex
They used to have a public roadmap which has since closed
Workflow runs are limited to 35 days
Artifacts held for 90 days
Max execution time is 6 hour
Support of context/matrix variables with Composite Actions inputs in steps of type 'uses'