



GitHub Actions adds two new features that allow you to apply CI/CD best practices, but can get in the way of developers if not used carefully.

Required workflows, available in public beta this week, help enterprise development teams define and enforce consistent CI/CD processes across repositories. Every pull request opened on the default branch triggers a set of necessary status checks that must be completed before any merge can occur.

GitHub Actions were previously allowed for manually configured release gates on individual repositories, but with the necessary workflows, CI/CD best practices can now be enforced across large organizations. increase. Administrators can configure which repositories run required workflows, and repository-level teams have visibility into which required workflows are applied to which repositories.

Another new feature this week added support for configuration variables. This feature allows developers to store non-sensitive configuration data such as compiler flags, server names, and usernames as plaintext variables. Prior to this release, developers wishing to reuse values ​​had to store all configuration data as encrypted secrets, which were not easily retrieved.

RobustCloud Principal Consultant Larry Carvalho said: “These additions improve security and productivity, a coveted requirement for development organizations.”

Enhanced security reduces the chances of vulnerabilities creeping into code during the development lifecycle, Carvalho said.

But while the required workflows allow teams to standardize their CI/CD processes, applying them uniformly can be frustrating, says Contrast Security, an application security vendor and Los Altos, Calif.-based GitHub partner. said Ankur Papneja, product manager at GitHub Actions for automated security testing and software composition analysis.

“Being blocked on a pull request for a failed required workflow that isn’t even right for your repository will do more harm than good in moving your organization to DevOps,” he said. .

According to Papneja, understanding how to intelligently apply security and deployment workflows to specific repositories, and how to flexibly apply pull request status checks rather than blocking them all the time, is a developer advocate. is the key to a successful rollout.

New features aimed at reducing manual work

Proper use is important, but according to a GitHub blog post, the new feature helps users speed up development by reducing the manual steps required to enforce quality and security standards. It’s GitHub’s intent to help.

“You no longer need to spend hours configuring hundreds of repositories to protect your critical software assets,” the post said.

Charlotte Dunlap, an analyst at British market research firm GlobalData, said these new features will benefit teams as the role of developers evolves to include new participants.

“GitHub Actions’ continued effort not only demonstrates the importance of simplifying CI/CD-based configuration requirements, but also encourages better collaboration and sharing of best practices,” she said. Told.

GitHub Actions offers both free and paid tiers. The free tier limits a user’s computing time to 2,000 minutes per month. GitHub Actions competitors include CircleCI, Jenkins, Azure Pipelines and GitLab.

