Github Actions its and their security

Gupta Bless
5 min readDec 31, 2023

Introduction

Github actions is a CI/CD platform that facilitates automation and is exclusive to Github. CI/CD pipeline practices are primarily intended to enhance the quality, dependability, and productivity of development. Github actions are of considerable importance in the execution of CI/CD pipelines within Github repositories. It facilitates the automation of software development workflows directly within your repositories on Github, allowing us to create, test, and deploy code without interruption. As a consequence of its integration with software development practices, it incorporated a multitude of tools and services into the development process.

How it works

A directory with a name needs to be created inside the repository initially.The workflows are defined in a YAML file that is created in the github/workflows directory. It doesn’t matter if a workflow is hosted on Github or not; what matters is that it has a collection of jobs and the order in which they need to run. Whenever code is pushed, a pull request is created, or a comment is sent, these workflows are triggered.

After being triggered, workflows have been initiated in accordance with the steps specified in the setups.

Every job in a workflow executes a unique set of instructions, such as checking out code, running tests, creating artifacts, deploying apps, etc., and each job might have numerous steps. Some tasks may be dependent on the outcome of others, while others may run in parallel. Users may easily debug difficulties and pinpoint the main cause with the extensive logs provided by Github activities, which show why this particular operation failed.

A step is a job’s subcommand. A job is a unit of work, while a step is a set of specific duties. In that particular setting, each step id denotes a distinct command, operation, or action. Job, in its simplest form, may involve one or more steps. This is an example of code:

name: GHA

on:

push:

branches:

- main

jobs:

build-and-test:

runs-on: ubuntu-latest

steps:

--

--

Gupta Bless

Security enthusiast working to secure web for others.