Github trials Docker-based Actions workflow automation

By on
Github trials Docker-based Actions workflow automation

Adds vulnerability alerts for .NET and Java.

Github's annual customer event, Universe, has seen the open source code repository tout new features, including the availability for developers to not just write and store code, but also to run it.

At the heart of the push this is a workflow automation tool dubbed 'Actions', which launched as a limited beta at Universe.

Actions are Docker containers and allow developers to build, share, test and execute the code for the projects they're working on, Github's head of platform Sam Lambert explained.

The concept behind Actions is that developers can create their own testing and automation tools, rather than relying on ones provided by Github.

Developers can also use a visual editor to create triggers for particulars events but also code more complex workflows through Actions, Lambert said.

Currently, there are some 450 Actions defined, with more coming.

Lambert called Actions the biggest feature addition to Github since the pull requests (for sharing code) and likened them to If This Then That (IFFT) and Apple's iOS 12 Shortcuts automation recipes, but said they're much more flexible.

Github Actions can also provide continuous integration and deployment (CI/CD), similar to Amazon Web Services Codestar which was rolled out over a year ago.

While it is possible to run arbitrary code through Actions containers, Lambert dismissed security concerns that they could be abused to, for instance, execute cryptocurrency miners.

"They're not powerful enough, it will always cost more to run a crypto miner on Actions than it'll bring in," he said.

Github, which is currently in the process of being acquired by Microsoft pending regulatory approval, also added security alerts for vulnerable .NET and Java code dependencies, which it at present provides for the Ruby, Javascript and Python languages.

The company also added a feature requested by developers in March this year, namely a Security Advisory Application Programming Interface for automating vulnerability protection.

Github will also scan for rogue OAuth authentication token accidentally left in repositories, and invalidate these if found while alerting developers, so as to prevent unauthorised access.

Saarinen attended Github Universe as a guest of the company.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?