 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
GitHub Actions is a platform that automates the build, test and deployment pipeline of your GitHub projects. Since its introduction, GitHub Actions has been steadily gaining popularity among developers. Not only do GitHub Actions help automate the test and integration cycles, but it can also drastically shorten them, accelerating developer feedback as part of the process.
GitHub Actions are defined as part of your GitHub project repository and automatically triggered on specific events, such as a pull request or push to the repo. As the name suggests, GitHub will run various “actions” as part of the execution. One significant benefit of GitHub Actions is that there are predefined actions from GitHub and an entire marketplace of third-party GitHub Actions that can be used, allowing developers to write their own and share them with the world. For an overview of commonly used GitHub Actions, check out “8 GitHub Actions for Setting Up Your CI/CD Pipelines.” For more of a tutorial on how to build your first GitHub Actions pipeline yourself, you may want to check out “Building a To-Do App using GitHub Actions, Playwright, Next.js.”
When it comes to using databases inside your GitHub Actions (GHA), service containers can be used to spin up one or more “services” that will then be available for the particular job.
While services are great for getting a database or similar resource up and running, there are a couple of things that need to be kept in mind:
👁 Image
GitHub Action services’ implicit delay for checking whether the service is ready.
Of course, given that GHA allows you to run anything on the command line shell directly, there is practically no limit to what you can do yourself. That includes starting your own container if you wish to do so.
There are a couple of things to note here:
Difference in run duration between manual container creation (database-manual) and GitHub Actions service (database-via-gha-service)
As mentioned earlier, GitHub has a marketplace where any third-party developer can publish their own GitHub Actions. You will find several actions also for databases, including the Oracle Database that we have used so far. The action is called setup-oracle-free and wraps around the same container image that we have used before.
The action provides the best of both worlds: simple and succinct syntax to spin up a container, but without having to cut back on the functionality provided by the container. Using the action, the same steps as above can be accomplished with just this:
Any post on GitHub Actions that showcases the use of credentials or otherwise sensitive information should never be completed without talking about GitHub Actions secrets. The previous GHA jobs all had one thing in common: They used a hardcoded username and password for the database user, in both cases `test`. That’s maybe OK for quick-and-dirty construction of your pipeline but you should never, ever use a plain username/password or any other sensitive information (access tokens, etc.) as part of your GitHub Actions definition, as, remember, the GitHub Actions definition itself is part of the repository and readable to anyone.
For that reason, GitHub introduced the concept of secrets, which are read-only, encrypted variables in the repository that can only be read by GHA if you explicitly include the secret in a workflow. The important part here is that secrets are defined inside the settings of a GitHub repository and hence not available to anybody but only users with admin rights. Furthermore, once set, the secret can never, ever be seen again. If you want to change it or have a typo, you must update the secret with a new value that then again will be invisible going forward.
To add one or more secrets to your GitHub.com repository, head to Settings → Security → Secrets and variables → Actions. There, click on New repository secret.
Enter a name with which you will reference the secret later on and the secret value itself. Note: This is the only time you will see the secret value, once you hit Add secret, it will no longer be readable to you.
Once the secrets are created, in this case, one for the application user (`APP_USER`) and one for the application user password (`APP_USER_PASSWORD`), they can be referenced inside GHA jobs using `${{ secrets.<SECRET NAME> }}`, where `<SECRET NAME>` is the name of the secret that should be used:
GitHub Actions run with GitHub Action secrets instead of hard-coded username and password.
Notice how the SQLcl CLI invocation no longer shows `${{ secrets.APP_USER }}/${{ secrets.APP_USER_PASSWORD }}@localhost/FREEPDB1` as defined in the action’s definition itself, but instead `***/***@localhost/FREEPDB1`. This is done by GitHub Actions automatically so that the values of secrets are not leaked into the GitHub Actions run logs.
GitHub Actions is a powerful platform to arm your GitHub projects with their own CI/CD pipelines. Spinning up databases inside GitHub Actions is officially documented via GitHub Actions services, yet they can also be created either manually or via the many third-party actions on the marketplace.
