Skip to content

Github Actions

Jump to bottom
Yoom Lam edited this page Aug 27, 2022 · 18 revisions

GitHub Actions are defined in the .github/workflows folder, and their executions are in the Actions tab.

Build and Publish

build.yml and publish.yml Github Actions:

CodeQL

The VA GitHub.com team requested that Advanced Security Code Scanning be enabled via codeql.yml. See PR #116 for details.

This is a compliment to any tools and security procedures your team is already performing rather than a replacement. ... this feature will identify potential security issues on any new pull requests. ... For more information, check out the GitHub Handbook.

(If needed, an admin for this repo can bypass any identified issues.)

In commit ea4be65, we limit this action from running to certain PR event types (e.g., ready_for_review, review_requested) and for pushes to special branches since this action is slow. To manually run the action, do any of the following:

  • Request a review from someone.
  • Convert it to a draft PR, then click the "Ready for Review" button.
  • Go to the CodeQL Action and click "Run workflow" on the desired branch.

Mirror

The Lighthouse SecRel (Secure Release) process operates only on non-public repos. To satisfy that requirement, a abd-vro-internal repo was created as a mirror of this repo. The internal repo will only be used by the Lighthouse SecRel team to enable deployments to prod -- no one should be committing to or creating PRs directly in that repo. The mirror.yml GitHub Action updates the internal repo whenever a branch in this repo is created, updated, or deleted.

  • @yoomlam generated a password-less ssh key pairs and added a SSH_PRIVATE_KEY secret to the repo's Secrets settings
  • In order for the GitHub Action to access the abd-vro-internal repo via ssh, the public key was added to Deploy keys.
Clone this wiki locally