Introducing required workflows and configuration variables to GitHub Actions
Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.
Update: As of June 12, 2023, required workflows in GitHub Actions are now in limited beta enrollment and not available for new signups. See more information here.
Today, we are introducing two new features for GitHub Actions to help standardize policies and reduce duplication, required workflows and configuration variables. Read on for what this means for your DevOps processes.
Required workflows
Required workflows in GitHub Actions are now available in public beta.
Required workflows allows DevOps teams to define and enforce standard CI/CD practices across many source code repositories within an organization without needing to configure each repository individually, which becomes an impossible task in large organizations. In addition to reducing duplication of CI/CD configuration code, required workflows can also help organizations with the following use cases:
- Security: invoke external vulnerability scoring or dynamic analysis tools.
- Compliance: ensure that all code meets an enterprise’s quality standards.
- Deployment: ensure that code is continuously deployed in a standard way.
Organization admins can configure required workflows to run on all or selected repositories within the organization.
Required workflows will be triggered as required status checks for all the pull requests opened on the default branch, which blocks the ability to merge the pull request until the required workflow succeeds. Individual development teams at the repository level will be able to see what required workflows have been applied to their repository.
Configuration variables
Until today, you needed to store all the configuration data as encrypted secrets in order to reuse values in workflows. While extremely secure, this method did not allow for easy storage and retrieval of non-sensitive configuration data such as compiler flags, usernames, server names, etc. While we were developing required workflows, we heard feedback from customers about the need for parameterization to allow local repositories to override certain values in the required workflows.
To help you with standardizing your required workflows, today, we are also adding support for configuration variables.
Configuration variables allow you to store your non sensitive data as plain text variables that can be reused across your workflows in your repository or organization. You can define variables at Organization, Repository, or Environment level based on your requirement.
You no longer have to spend hours configuring hundreds of repositories to protect your critical software assets. Required workflows along with reusable workflows, configuration variables, and secrets will help you apply a consistent set of standards across many repositories with just a couple of clicks. Do, try it out and share your feedback.
Tags:
Written by
Related posts
GitHub Actions, Arm64, and the future of automotive software development
Learn how GitHub’s Enterprise Cloud, GitHub Actions, and Arm’s latest Automotive Enhanced processors, work together to usher in a new era of efficient, scalable, and flexible automotive software creation.
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.