GitHub Actions
Action | Description | Source | Status / Logs |
---|---|---|---|
ASAN | Build the code using the Address Sanitizer | asan.yml | |
Build and Test | Build the code and run some tests | build-and-test.yml | |
CIFuzz | Code Fuzzing | cifuzz.yml | |
CodeQL | Static Code Checking | codeql.yml | |
Coveralls | Code coverage tests | coveralls.yml | |
Coverity | Static analysis of the code | coverity.yml | |
Debug | Test all configure's --debug-* options | debug.yml | |
Docker | Build a docker image to speed up automated builds | ubuntu.yml | |
Doxygen | Build code docs | doxygen.yml | |
Fedora | Do test builds on some Fedora releases | fedora.yml | |
macOS | Test builds on macOS | macos.yml | |
Translate | Update the Translation Leaderboard | translate.yml | |
XUnused | Check for unused functions | xunused.yml |
GitHub Actions allow us automate lots of common tasks, such as:
An Action is a YAML config file which can conditionally run commands and scripts.
It lives in the .github/workflows
directory in a git repo.
Actions are triggered by GitHub events, e.g.
See also:
NeoMutt’s Actions use several other published Actions.
Our most frequently used are:
GitHub’s checkout action – https://github.com/actions/checkout
Checkout the source code
Hendrik Muhs’ ccache-action – hendrikmuhs/ccache-action
Cache the build products to speed up future builds
Adam Dobrawy’s github-push-action – https://github.com/ad-m/github-push-action
Push commits to a repo
See also:
Actions run in containers. These containers are empty.
If we want to build our code, then we need to install all the build tools.
We can do this, but it’s slow and creates a lot of network traffic.
To speed things up, we’ve created a Docker image that contains all the tools we’ll need.
See also:
Some actions can be triggered by workflow_dispatch
, meaning they’re manual.
If the actions supports it…
Many of NeoMutt’s Actions deploy their results.
A basic Action, like build, doesn’t require any privileges.
It uses publicly available resources: a couple of repos.
However, many of the Actions require a token in order to write to repos, or upload to services such as Coverity.
For security, these tokens are encrypted and stored by GitHub. They are only decrypted when the Action needs them.
Using tokens means we don’t have to set up and install ssh keys.
First, we create a Personal access token.
Generate a new token and set the permissions that the Action will require.
For the Translate Action, we’ve granted it:
[X]
repo – Full control of repositoriesThis will display a token like: ghp_9BNi2SkEWkcXPHvOhR9Yqtzqs313Cekj56JP
Next, create the Secret.
We create a Repository secret – it can only be accessed by the neomutt repo.
New repository secret:
TEST_DEPLOY_KEY
ghp_9BNi2SkEWkcXPHvOhR9Yqtzqs313Cekj56JP
Now, the Actions in the NeoMutt repo will be able to use ${{ secrets.TEST_DEPLOY_KEY }}
See also: