Github actions
Variables in Github Actions
Environmental Variables
- These are values we can define inside the workflow YAML, job or step.
- They are good for non-sensitive runtime values like
- app-name
- region
- port
- build mode
- Thy are available through shell syntax inside run steps and also env context in workflow expressions
Configuration variables
- These are non-sensitve variables store in Github itself at the organization, repository or environmental level.
- They are accessed using vars context `${{ vars.APP_NAME }}
Secrets
- These are for sensitive values like tokens, passwords API keys.
- Github stores them encrypted
- They are only available in workflows if you explicitly reference them
- They can exist at the organization level, repository or environment level
Levels
- Github supports storage at multiple level
- Repository Level: A variable or secret belongs to one repository
- Organization Level: A variable or secret that can be shared across multiple repos in organization
- Environment: A variable or secret belongs to a specific environment such as dev, qa or prod
Context
-
A context is structured data provided by github during workflow execution Refer Here
-
It gives your workflow information about
- repo
- commit
- user
- job
- environments
- Syntax
${{ context_name.property }}
Lets create a variable at multiple levels and use them in github actions
-
Watch classroom recording for ui navigation
-
Refer Here for the changes
Variables syntaxes in Github
- The three core syntaxes
- Expression Syntax
${{ ... }}
- SHELL syntax
$VAR
-
POWERSHELL syntax
$env.VAR
-
Rule
${{ }} Github processes before execution$VAR Runner processes during execution
- Before Execution:
- Github Engine reads your yaml
- Evaluates ${{ }}
- Decides
- which jobs run
- which steps run
- what values to inject
- During Execution:
- At Runner machine
- Executes the command
- understands $VAR
- Runs shell/pwsh scripts
- Scenairo where this matter
- conditional execution
- Injecting secrets
- Matrix builds
Github Action functions and operators
Example
- if the current branch is main contains the value as True
- Print the github context
- print the vars context
- Build some project Refer Here for the sample
Conditionals
Example
- I have a java project, i want to build using
Strategy in Github Actions
-
Refer Here
-
For using a specific version you should find a reusable action such as
setup
Publishing artifacts
- Github gives two options
- A link to downlad a repo (temporary)
- A package repository
- For package repositories we have options such as
- Artifactory (jfrog)
- Nexus
- Github Packages
Lets create a git-flow for spring-petclinic
-
I will create workflows for i.e. we have two options a jar file and a docker image
-
On Dev branches i want to give options to user to view the package built
- refer the below github action
---
name: dev-branch
on:
push:
branches:
- dev
jobs:
maven-build-job:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: get the code
uses: actions/checkout@v6
- name: setup java
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
- name: cache maven dependencies
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: java
- name: package the code
run: mvn clean package
- name: Perform code quality analysis
uses: github/codeql-action/analyze@v4
- name: upload JAR as artifact
uses: actions/upload-artifact@v4
with:
name: petclinic-jar
path: target/*.jar
docker-build-job:
runs-on: ubuntu-latest
steps:
- name: get the code
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: build docker image
uses: docker/build-push-action@v7
with:
push: false
tags: "cicdprojects/springpetclinic:latest"
- name: upload JAR as artifact
uses: actions/upload-artifact@v4
with:
name: petclinic-jar
path: target/*.jar
- From release branches we need to maintain the artifacts either for internal usage or external sharing
Like this:
Like Loading...
