rajbos / github-actions-requests

This repository is meant to hold the setup for requesting actions to be used internally
MIT License
13 stars 15 forks source link

GitHub Actions Requests

This repository is meant to hold the setup for requesting actions to be used internally, for example together with the Internal Actions Marketplace.

Process description

  1. User creates a new issue in this repo
  2. The review team gets a notification about the new issue (using this action: issue-comment-tag)
  3. After manual review, the review team labels the issue with security-check
  4. The workflow Issue labeled security scan is triggered, executing several automated checks.
  5. The results of all the checks are added back into the request issue.
  6. After reviewing the results and approving them, the action repo can be forked into your actions organization and users can start using them.

Video explanation

YouTube Link

Checks

Currently we run the following checks:

Configuration

For configuration of the workflows in this repository, we use the following secrets:

Name Example value Description
ACTIONS_STEP_DEBUG true Get additional debugging logs in Actions
GH_TOKEN ghp_***** GitHub Token with enough access to fork the repos into a specific org

New issue setup

Whenever a new issue is added to this repo, the new-issue.yml workflow is triggered. For a description of what it does, check this blogpost.

These are the secrets that it uses: Name Example value Description
PROJECT_ACCOUNT rajbos Account name under which the project is linked to
PROJECT_NUMBER 2 The number of the project
PROJECT_TOKEN ghp_***** A token with access to add issues to the project