Introducing required workflows and configuration variables to GitHub Actions
Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.
Update: As of June 12, 2023, required workflows in GitHub Actions are now in limited beta enrollment and not available for new signups. See more information here.
Today, we are introducing two new features for GitHub Actions to help standardize policies and reduce duplication, required workflows and configuration variables. Read on for what this means for your DevOps processes.
Required workflows
Required workflows in GitHub Actions are now available in public beta.
Required workflows allows DevOps teams to define and enforce standard CI/CD practices across many source code repositories within an organization without needing to configure each repository individually, which becomes an impossible task in large organizations. In addition to reducing duplication of CI/CD configuration code, required workflows can also help organizations with the following use cases:
- Security: invoke external vulnerability scoring or dynamic analysis tools.
- Compliance: ensure that all code meets an enterprise’s quality standards.
- Deployment: ensure that code is continuously deployed in a standard way.
Organization admins can configure required workflows to run on all or selected repositories within the organization.
Required workflows will be triggered as required status checks for all the pull requests opened on the default branch, which blocks the ability to merge the pull request until the required workflow succeeds. Individual development teams at the repository level will be able to see what required workflows have been applied to their repository.
Configuration variables
Until today, you needed to store all the configuration data as encrypted secrets in order to reuse values in workflows. While extremely secure, this method did not allow for easy storage and retrieval of non-sensitive configuration data such as compiler flags, usernames, server names, etc. While we were developing required workflows, we heard feedback from customers about the need for parameterization to allow local repositories to override certain values in the required workflows.
To help you with standardizing your required workflows, today, we are also adding support for configuration variables.
Configuration variables allow you to store your non sensitive data as plain text variables that can be reused across your workflows in your repository or organization. You can define variables at Organization, Repository, or Environment level based on your requirement.
You no longer have to spend hours configuring hundreds of repositories to protect your critical software assets. Required workflows along with reusable workflows, configuration variables, and secrets will help you apply a consistent set of standards across many repositories with just a couple of clicks. Do, try it out and share your feedback.
Tags:
Written by
Related posts
Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations
Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.
Streamlining your MLOps pipeline with GitHub Actions and Arm64 runners
Explore how Arm’s optimized performance and cost-efficient architecture, coupled with PyTorch, can enhance machine learning operations, from model training to deployment and learn how to leverage CI/CD for machine learning workflows, while reducing time, cost, and errors in the process.
GitHub Enterprise: The best migration path from AWS CodeCommit
AWS CodeCommit is discontinuing new customer access and will no longer introduce new features. Learn how to migrate to GitHub Enterprise and why it’s the best option for you.