GitHub Universe 2021 has wrapped for up another year and there was plenty that got the Arinco Crew’s attention. While we would love to mention them all, we listed some of the key takeaways that we were most excited about.
GitHub Actions on internal repositories
This was actually mentioned briefly during a presentation on something else and got our attention.
Currently you cannot have an action stored in an internal repository, to use an action in an Actions workflow its code must be in the same repository as the workflow, a separate public repository, or published to the GitHub Marketplace.
Having this will allow you to keep all your code private and a much-needed feature for some.
This is on the GitHub public roadmap and targeted for delivery on Q4 2021.
GitHub Managed Runners more size choices
Another one on the GitHub public roadmap targeted for Q1 2022.
GitHub-managed runners will now include the option to choose more powerful combinations of CPU, RAM, & disk space for your jobs. These new configurations are also privately pooled for you, which means you can optionally enable a static Public IP range for use with your firewall, or proxy/bastion server.
Ephemeral self-hosted runners
On the runner front, GitHub Actions now supports ephemeral self-hosted runners which allow you to have runners that “run once” and are not sitting idle waiting for jobs consuming resources. Ephemeral runners are also a good choice for self-managed environments where you need each job to run on a clean build/image.
Webhook for auto-scaling runners
workflow_job webhook has been made available that allows you to automatically scale your self-hosted runners in response to your Actions job requests. For example, you can create automation that adds a new self-hosted runner each time you receive a
workflow_job webhook event with the
queued activity, which notifies you that a new job is ready for processing.
New GitHub Issues Experience
A new GitHub Issues experience has been made available. The new GitHub Issues experience includes features like project boards and dynamic tables, which give you the ability to filter, sort and group issues and pull requests. Some other cool features include:
- Iteration support: You can now create “iteration” field types in project tables to sort and group issues by sprint and cycles.
- Custom fields: Plan and track your work using the information that’s important to your team.
- Public projects: Make a project public (everyone can see them) or private (only select individuals can see them) and switch between the two as needed.
Reusable workflows are now GA.
If you’re familiar with Azure DevOps pipeline templates, reusable workflows are quite similar.
Rather than copying and pasting from one workflow to another, you can make workflows reusable. Reusing workflows avoids duplication. This makes workflows easier to maintain and allows you to create new workflows more quickly by building on the work of others, just as you do with actions. Workflow reuse also promotes best practice by helping you to use workflows that are well designed, have already been tested, and have been proved to be effective.
Open ID Connect (OIDC) based authentication support
Typically to authenticate to a cloud provider such as Azure, AWS or GCP to deploy resources you supply credentials, such as a password or token. These credentials are usually stored as a secret in GitHub, and the workflow presents this secret to the cloud provider every time it runs.
OpenID Connect allows you to take a different approach by configuring your workflow to request a short-lived access token directly from the cloud provider. This removes the need for long lived secrets in GitHub and provides you the ability to issue an access token that is only valid for a single workflow run, and then automatically expires.