AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
We recently celebrated an exciting milestone on the GitHub Actions team: 1,000 actions published to GitHub Marketplace.
If you haven’t browsed it yet, GitHub Marketplace is the home for shared actions that you can use to enhance your GitHub Actions workflows. Authors publish these actions to the marketplace to help you create more powerful workflows, whether you’re building an application, deploying it to a public cloud, or automating common tasks in your repository.
GitHub Actions is more than just a continuous integration build system. It also allows you to run workflows when changes occur in your GitHub repository. Here are some of our favorite actions that take advantage of this diversity—one for working with issues in your repository, one for working with deployments, and one for working with the code in pull requests.
Continuous integration builds often need more than just your source code. You might need a particular piece of software installed on the build environment in order to run the build. Or you might build inside a container that’s pre-configured with all of your dependencies. The easiest way to manage these dependencies is with a package registry.
The Setup JFrog CLI action makes it easy to set up and use Artifactory as your package registry. It handles the setup of the CLI in your build environment and helps you configure authentication. All you have to do is set up the action, then you can
jfrog rt download your artifacts and use them in your build.
In a busy repository, it’s easy to get overwhelmed by the number of issues and pull requests, especially when issues go stale. Even with our best efforts, it’s hard to keep track after a certain point, but closing out issues that don’t matter can help us focus on higher-priority or urgent requests and problems.
The Close Stale Issues action filters issues and pull requests that haven’t had any activity or comments for a few weeks. This action informs you when an issue is stale and—unless any new activity occurs—will close the issue or pull request a week later. This helps keep you informed about any issue that needs your attention, but you may have forgotten about. And it helps reduce the cognitive load of stale issues without any extra effort on your part.
You may have heard that you only have a few seconds to make a good first impression. So don’t waste any of that time with unoptimized images—make sure your website loads quickly.
Thankfully, the image-actions from Calibre take care of optimization for you. Every time a pull request is opened, this action will search your repository for images that are large and unoptimized. Once it finds any images, the action uses lossless compression libraries to shrink the images down to a more manageable size. It’s an easy way to get more performance out of your website delivery—all with a simple action.
Want more actions to help you manage your repository, build your application, or deploy it to production?