1
0
Fork 0
 
 
 
Go to file
Patrick Ellis 8f032d304a
Upgrade codeql actions to v2
Currently we're using v1, and there have been some important changes since then.

In particular, the latest version, v2.14.6, contains an important security patch:

> The CodeQL CLI no longer supports the `SEMMLE_JAVA_ARGS` environment variable. All previous versions of the CodeQL CLI perform command substitution on the `SEMMLE_JAVA_ARGS` value (for example, replacing `'$(echo foo)'` with `'foo'`) when starting a new Java virtual machine, which, depending on the execution environment, may have security implications. Users are advised to check their environments for possible `SEMMLE_JAVA_ARGS` misuse.

See the [codeql-cli-binaries release notes](https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.4) for full details.
2023-09-27 15:18:59 -04:00
.github Upgrade codeql actions to v2 2023-09-27 15:18:59 -04:00
docs Update docs/commands.md 2023-05-25 11:07:37 +01:00
packages Merge pull request #1526 from actions/takost/upd-dependencies 2023-09-27 12:37:10 +02:00
res add logo (#27) 2019-07-10 14:02:56 -04:00
scripts Add disabling explanation in audit-allow-list 2023-01-03 13:33:43 +01:00
.eslintignore add generated to eslintignore 2023-08-07 09:01:14 -07:00
.eslintrc.json Add option for concurrent cache downloads with timeout (#1484) 2023-08-07 13:25:56 -04:00
.gitignore tool-cache: Support for extracting xar compatible archives (#207) 2020-07-15 14:49:23 -04:00
.prettierignore prettier and add generated files to prettierignore 2023-08-07 08:55:42 -07:00
.prettierrc.json Audit Fix (#1480) 2023-08-03 16:36:11 -04:00
CODEOWNERS Update CODEOWNERS with new teams (#990) 2022-02-02 12:43:38 -05:00
CODE_OF_CONDUCT.md updating readmes 2019-10-09 08:47:27 -04:00
LICENSE.md Add License.md to all npm packages (#548) 2020-08-25 16:26:50 -04:00
README.md Move @actions/http-client into the toolkit (#1062) 2022-05-03 11:10:13 -04:00
SECURITY.md updating readmes 2019-10-09 08:47:27 -04:00
jest.config.js Update High Severity Dev Dependencies (#923) 2021-10-14 09:20:09 -04:00
lerna.json Audit Fix (#1480) 2023-08-03 16:36:11 -04:00
nx.json Audit Fix (#1480) 2023-08-03 16:36:11 -04:00
package-lock.json update github package 2023-09-14 14:32:08 +00:00
package.json update github package 2023-09-14 14:32:08 +00:00
tsconfig.eslint.json Update eslint to 2.2.7 (#410) 2020-04-13 10:19:49 -04:00
tsconfig.json Update dependencies 2023-09-08 14:29:27 +00:00

README.md

Toolkit unit tests status Toolkit audit status

GitHub Actions Toolkit

The GitHub Actions ToolKit provides a set of packages to make creating actions easier.


Get started with the javascript-action template!


Packages

✔️ @actions/core

Provides functions for inputs, outputs, results, logging, secrets and variables. Read more here

$ npm install @actions/core

🏃 @actions/exec

Provides functions to exec cli tools and process output. Read more here

$ npm install @actions/exec

🍨 @actions/glob

Provides functions to search for files matching glob patterns. Read more here

$ npm install @actions/glob

☎️ @actions/http-client

A lightweight HTTP client optimized for building actions. Read more here

$ npm install @actions/http-client

✏️ @actions/io

Provides disk i/o functions like cp, mv, rmRF, which etc. Read more here

$ npm install @actions/io

🔨 @actions/tool-cache

Provides functions for downloading and caching tools. e.g. setup-* actions. Read more here

See @actions/cache for caching workflow dependencies.

$ npm install @actions/tool-cache

:octocat: @actions/github

Provides an Octokit client hydrated with the context that the current action is being run in. Read more here

$ npm install @actions/github

💾 @actions/artifact

Provides functions to interact with actions artifacts. Read more here

$ npm install @actions/artifact

🎯 @actions/cache

Provides functions to cache dependencies and build outputs to improve workflow execution time. Read more here

$ npm install @actions/cache

Creating an Action with the Toolkit

Choosing an action type

Outlines the differences and why you would want to create a JavaScript or a container based action.

Versioning

Actions are downloaded and run from the GitHub graph of repos. This contains guidance for versioning actions and safe releases.

⚠️ Problem Matchers

Problem Matchers are a way to scan the output of actions for a specified regex pattern and surface that information prominently in the UI.

⚠️ Proxy Server Support

Self-hosted runners can be configured to run behind proxy servers.

Hello World JavaScript Action

Illustrates how to create a simple hello world javascript action.

...
  const nameToGreet = core.getInput('who-to-greet');
  console.log(`Hello ${nameToGreet}!`);
...

JavaScript Action Walkthrough

Walkthrough and template for creating a JavaScript Action with tests, linting, workflow, publishing, and versioning.

async function run() {
  try {
    const ms = core.getInput('milliseconds');
    console.log(`Waiting ${ms} milliseconds ...`)
    ...
PASS ./index.test.js
   throws invalid number
   wait 500 ms
   test runs

Test Suites: 1 passed, 1 total
Tests:       3 passed, 3 total

TypeScript Action Walkthrough

Walkthrough creating a TypeScript Action with compilation, tests, linting, workflow, publishing, and versioning.

import * as core from '@actions/core';

async function run() {
  try {
    const ms = core.getInput('milliseconds');
    console.log(`Waiting ${ms} milliseconds ...`)
    ...
PASS ./index.test.js
   throws invalid number
   wait 500 ms
   test runs

Test Suites: 1 passed, 1 total
Tests:       3 passed, 3 total


Docker Action Walkthrough

Create an action that is delivered as a container and run with docker.

FROM alpine:3.10
COPY LICENSE README.md /
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

Docker Action Walkthrough with Octokit

Create an action that is delivered as a container which uses the toolkit. This example uses the GitHub context to construct an Octokit client.

FROM node:slim
COPY . .
RUN npm install --production
ENTRYPOINT ["node", "/lib/main.js"]
const myInput = core.getInput('myInput');
core.debug(`Hello ${myInput} from inside a container`);

const context = github.context;
console.log(`We can even get context data, like the repo: ${context.repo.repo}`)

Contributing

We welcome contributions. See how to contribute.

Code of Conduct

See our code of conduct.