Automating workflows with GitHub Actions

Sara Verdi
Sara Verdi
Graphite software engineer


Note

This guide explains this concept in vanilla Git. For Graphite documentation, see our CLI docs.


GitHub Actions is a great tool for automating workflows directly within your GitHub repositories. It allows you to create customized workflows to handle various tasks, such as building, testing, and deploying your applications. This guide will cover several examples to demonstrate how to effectively use GitHub Actions for different scenarios, including automating workflows, integrating CI/CD pipelines, and performing security checks.

To get started with GitHub Actions, you need to create a workflow file in your repository. This file, typically located in the .github/workflows directory, is defined using YAML (YAML Ain't Markup Language), a human-readable data serialization format.

Create a file named ci.yml in the .github/workflows directory with the following content:

Terminal
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install dependencies
run: npm install
- name: Run tests
run: npm test
  • name: Specifies the name of the workflow.
  • on: Defines the events that trigger the workflow. Here, it runs on pushes or pull requests to the main branch.
  • jobs: Defines a series of tasks to be executed.
    • runs-on: Specifies the type of runner to use (in this case, ubuntu-latest).
    • steps: Lists the actions performed in each job, such as checking out the repository, setting up Node.js, installing dependencies, and running tests.

GitHub Actions can automate various repetitive tasks, such as assigning reviewers or adding labels based on specific conditions.

To automate tasks when a pull request is opened, you can create a new workflow file, pr-automation.yml:

Terminal
name: PR Automation
on:
pull_request:
types: [opened, edited]
jobs:
label:
runs-on: ubuntu-latest
steps:
- name: Check PR title
run: |
if [[ "${{ github.event.pull_request.title }}" == *"WIP"* ]]; then
echo "This PR is a work in progress."
else
echo "Labeling PR as ready for review."
gh pr edit ${{ github.event.pull_request.number }} --add-label "ready for review"
fi
  • This workflow triggers when a pull request is opened or edited.
  • It checks the title of the pull request. If it contains "WIP" (Work In Progress), it outputs a message. Otherwise, it labels the PR as "ready for review."

GitHub Actions is excellent for creating CI/CD pipelines that automate the process of building, testing, and deploying applications.

Here's how to set up a CI/CD pipeline that deploys your application when changes are pushed to the main branch:

Terminal
name: CI/CD Pipeline
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Build the application
run: npm run build
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy to production
run: |
echo "Deploying to production server..."
# Add your deployment commands here
  • The workflow triggers on pushes to the main branch.
  • The build job compiles the application.
  • The deploy job runs only after the build job is complete, ensuring the application is built before deployment.

You can deploy your application to various environments, including cloud providers or container registries, using GitHub Actions.

To deploy your static site to AWS S3, you can use the following workflow:

Terminal
name: Deploy to S3
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Sync files to S3
run: aws s3 sync ./build s3://my-bucket-name --delete
  • The workflow runs on pushes to the main branch.
  • It checks out the repository and configures AWS credentials using secrets stored in GitHub.
  • The aws s3 sync command uploads files to your S3 bucket.

Integration tests ensure that different components of your application work together as expected.

You can add an integration testing step to your CI workflow:

Terminal
jobs:
integration:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Run integration tests
run: npm run test:integration

Monitoring your GitHub repositories for specific events or conditions can help maintain code quality and prevent issues.

You can set up a workflow to notify your team when issues are opened:

Terminal
name: Monitor Issues
on:
issues:
types: [opened]
jobs:
notify:
runs-on: ubuntu-latest
steps:
- name: Notify team on Slack
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":"New issue opened: ${{ github.event.issue.title }}"}' ${{ secrets.SLACK_WEBHOOK_URL }}

Reusable workflows allow you to define common workflows and call them from other workflow files to improve maintainability and reduce redundancy.

Create a reusable workflow in .github/workflows/reusable-ci.yml:

Terminal
name: Reusable CI
on:
workflow_call:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Build application
run: npm run build

You can call this reusable workflow in another workflow file:

Terminal
name: CI Pipeline
on:
push:
branches:
- main
jobs:
call-reusable:
uses: ./.github/workflows/reusable-ci.yml

You can schedule workflows to run at specific intervals using the schedule event, which utilizes cron syntax.

Terminal
name: Scheduled Build
on:
schedule:
- cron: '0 0 * * *' # Runs daily at midnight
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Build application
run: npm run build

Integrating security checks into your workflows can help identify vulnerabilities in your code.

You can integrate a security scanning tool like [Snyk](https://snyk.io/) into your workflow:

Terminal
name: Security Scan
on:
push:
branches:
- main
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install Snyk
run: npm install -g snyk
- name: Run Snyk to check for vulnerabilities
run: snyk test

To leave a comment on a pull request using GitHub Actions, you can create a workflow that utilizes the GitHub API to post comments when certain conditions are met, such as when a PR is opened or updated.

You can use the following YAML configuration to define a workflow that comments on a pull request:

Terminal
name: Comment on PR
on:
pull_request:
types: [opened, synchronized]
jobs:
comment:
runs-on: ubuntu-latest
steps:
- name: Leave a comment
uses: actions/github-script@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.name,
body: 'Thank you for your pull request! We will review it soon.'
})
  • Triggers: This workflow triggers on opened or synchronized (updated) pull request events.
  • Action: It uses actions/github-script, a pre-built action that allows you to run JavaScript directly in your workflow, to post a comment to the pull request.

Using Graphite Automations, the process to automate actions such as leaving comments is simple and does not require you to write specific GitHub Actions workflows for each type of automation. Graphite allows you to set up rules that can automatically leave comments based on more sophisticated triggers and conditions defined through its UI.

  1. Log into Graphite:

    • Access the Graphite web app and navigate to the Automations section.
  2. Create an Automation Rule:

    • Choose the type of pull request event you want to trigger on, like when a PR is opened.
    • Specify the conditions under which the comment should be posted, such as based on the author, the files modified, or the labels assigned.
  3. Define the Comment Action:

    • Set the action to "Leave a comment".
    • Type the message you want to automatically post when the rule's conditions are met.

Here is an example of an automation rule you might set:

  • Trigger: When a pull request is opened.
  • Condition: If the PR contains changes in the src/ directory.
  • Action: Leave a comment saying, "Thank you for your changes in the src directory, we will review them soon!"
  • Simplicity: Graphite provides a user-friendly interface to define triggers and actions, making it accessible to team members who may not be familiar with GitHub Actions or YAML.
  • Customization: You can create complex conditions for when automations should run, which are difficult to manage directly through GitHub Actions without extensive scripting.
  • Integration: Graphite works seamlessly with GitHub, providing features like linking back to the rule that triggered an action for transparency and easy adjustments.

By leveraging Graphite Automations in conjunction with GitHub Actions, teams can automate their workflows more effectively and reduce manual overhead, allowing developers to focus on code quality and productivity.

Graphite
Git stacked on GitHub

Stacked pull requests are easier to read, easier to write, and easier to manage.
Teams that stack ship better software, faster.

Or install our CLI.
Product Screenshot 1
Product Screenshot 2