We want to follow best practices in our organization using GitHub Actions, and that means forking the actions over to an org under our control (let's name it org-actions
), limiting the actions being used to only those in our org-actions. That way we control what can be used and we can verify the security risks from using those actions. Additionally we have a backup of the action in case something happens with the original repo (like deletions or complete re-implementations).
After forking the actions to org-actions
, it is a bit cumbersome to find the actions we have authorized. People can use the GitHub search, but that still is hard to find all the actions. We want a similar experience like the GitHub Marketplace.
For this, I have created a repository that uses GitHub Pages to display the marketplace and give people a place to search.
My Workflow
The workflow for this submission can be found here and it contains only for actions that do all of the work.
Submission Category:
I think this can fall into either of these categories 😁:
- Maintainer Must-Haves
- DIY Deployments
Yaml File or Link to Code
jobs:
get-action-data:
runs-on: ubuntu-latest
steps:
- uses: devops-actions/load-available-actions@v1.2.12
name: Load available actions
id: load-actions
with:
PAT: ${{ secrets.PAT }}
user: ${{ github.repository_owner }}
- name: Store json file
run: echo '${{ steps.load-actions.outputs.actions }}' > 'actions-data.json'
- name: Upload result file as artefact
uses: actions/upload-artifact@v2
with:
name: actions
path: actions-data.json
- name: Upload json to this repository
uses: rajbos-actions/github-upload-action@v0.2.0
with:
access-token: ${{ secrets.PAT }}
file-path: actions-data.json
owner: ${{ github.repository_owner }}
repo: actions-marketplace
branch-name: gh-pages
Additional Resources / Info
More information about the setup and reasons for it can be found here. I'm currently implementing the internal marketplace at my customer and have received questions from multiple different companies who want to implement the same.
Top comments (0)