GitHub Actions
10 articles from official documentation
Elevating Security: GitHub's Bug Bounty Program Redefined
GitHub's bug bounty program is evolving, and you need to know how to navigate these changes. With stricter evaluation criteria, including a working proof of concept, your submissions must demonstrate real security impact. Dive in to learn how to effectively contribute and avoid common pitfalls.
- →Understand the shared responsibility model when interacting with repositories.
- →Include a working proof of concept in your submissions to demonstrate security impact.
Speed Up Your CI/CD with GitHub Actions Caching
Want to shave minutes off your CI/CD pipeline? Caching dependencies in GitHub Actions can drastically reduce build times. Learn how cache hits and misses work to optimize your workflows.
- →Understand cache hits and misses to optimize your CI/CD workflows.
- →Utilize restore-keys for partial cache matches to improve cache efficiency.
Mastering Deployments with GitHub Actions: What You Need to Know
Deploying with GitHub Actions can streamline your CI/CD pipeline, but it requires a solid understanding of environments and concurrency. Learn how to configure your workflows effectively to avoid common pitfalls.
- →Configure environments to manage deployment targets like production and staging.
- →Use concurrency to prevent multiple jobs from running simultaneously in the same group.
Mastering Self-Hosted Runners in GitHub Actions
Self-hosted runners can streamline your CI/CD processes by leveraging existing infrastructure. These runners can be physical, virtual, or even in containers, giving you flexibility in job execution. Discover how to effectively implement them in your workflows.
- →Leverage existing infrastructure by deploying self-hosted runners for GitHub Actions.
- →Utilize repository-level runners for single repositories and organization-level runners for multiple repositories.
Securing Your GitHub Actions Workflows: Best Practices You Can't Ignore
Security in CI/CD pipelines is non-negotiable. Implementing the principle of least privilege and masking sensitive data are just the starting points. Let’s dive into how to secure your GitHub Actions workflows effectively.
- →Apply the principle of least privilege to limit access to secrets.
- →Mask sensitive data by using GitHub's secret management features.
Creating Reusable Workflows in GitHub Actions: Best Practices
Tired of duplicating CI/CD configurations across multiple repositories? Reusable workflows in GitHub Actions can streamline your processes. Define inputs and secrets to pass data seamlessly between workflows.
- →Define inputs and secrets in your reusable workflow using the `inputs` and `secrets` keywords.
- →Use the `with` keyword to pass named inputs and the `secrets` keyword for sensitive data.
Mastering Workflow Triggers in GitHub Actions
Unlock the full potential of GitHub Actions by understanding workflow triggers. These events dictate when your workflows run, and knowing how to configure them can streamline your CI/CD processes significantly.
- →Specify activity types using the `types` keyword to control workflow execution.
- →Ensure the workflow file exists on the default branch for triggers to work.
Enhancing Deployment Safety at GitHub with eBPF
Deployment safety is critical, and GitHub leverages eBPF to tackle this challenge. By using the BPF_PROG_TYPE_CGROUP_SKB program type, they can limit outbound network access for deployment scripts, enhancing security and control.
- →Leverage eBPF to enhance deployment safety by controlling network access.
- →Utilize the BPF_PROG_TYPE_CGROUP_SKB program type for precise network egress control.
Mastering AI Security: Level Up with the GitHub Secure Code Game
Want to sharpen your AI security skills? Dive into the GitHub Secure Code Game and interact with ProdBot, a deliberately vulnerable coding assistant. You'll explore risks like agent goal hijacking while turning natural language into bash commands.
- →Engage with ProdBot to understand vulnerabilities in AI applications.
- →Translate natural language into bash commands for practical security exercises.
Uncovering Code Vulnerabilities: Free Risk Assessments in Minutes
Every line of code can harbor hidden vulnerabilities. With a free Code Security Risk Assessment, you can scan up to 20 of your most active repositories using GitHub's CodeQL engine and get a clear view of your code's exposure.
- →Utilize the Code Security Risk Assessment to identify vulnerabilities quickly.
- →Leverage CodeQL for a thorough static analysis of your codebase.
Deploy any app in seconds — no infrastructure config, no DevOps overhead. Instant deployments from GitHub, built-in databases, and automatic scaling.
Start deploying free →Get the daily digest
One email. 5 articles. Every morning.
No spam. Unsubscribe anytime.