Manage secrets and more with the GitHub Actions API

March 24 Update: The GitHub Actions API is now generally available.

We introduced GitHub Actions as a platform to help teams automate their software workflows. When we first shipped it, we knew a key feature was missing for platforms, an API. In the past few months, we’ve been fortunate to learn more from you and the community about what you want out of the Actions API.

Beta details and themes

Today the GitHub Actions API beta is available to all repositories. As we reviewed your feedback, we discovered several themes that we focused on for the first iteration: 

• Reading workflow run and job data
• Managing repository secrets
• Downloading artifacts
• Registering self-hosted runners

Reading workflow run and job data

You can query detailed information such as outcome, conclusion, and timing using the workflow run and job API. This helps teams incorporate data about the overall success or failure of their workflow runs with data from other tools they use. You can also download the raw logs for each run using the workflow run and job API so you can store them for long term archival or other analysis.

Managing secrets

The secrets API enables you to automate secret management on your repositories. This helps teams with a large volume of repositories implement best practices like secret rotation and it allows partners to write integrations that automatically provision secrets.

Keeping your secrets safe is vital and the secrets API provides two mechanisms to help. First, the API doesn’t return any values, only names. Second, we require that you encrypt the secrets with a public key before setting them, which means they’re never logged in the GitHub infrastructure. Learn more from the API documentation, including how to encrypt secrets when creating or updating.

Downloading artifacts

It’s common for a continuous integration workflow to generate a binary or other artifact that needs to be consumed by other services. Download an archive of an artifact from a workflow run using the artifacts API for your teams and partners to integrate Actions artifacts into other tools and services.

Self-hosted runners

Now you can run Actions on your own hardware with self-hosted runners. Until recently, these runners had to be manually set up individually. With the API, developers can automate the registration and removal of their runners by creating registration tokens and passing them to the runner configuration script.

Integration with the Actions runtime

With the new API, we’ve added two new pieces of data to the runner context and environment variables.

Each Actions run now has a run_id and run_number available. Now, developers can write scripts in their workflows that easily interact with the new API endpoints. Make a workflow to cancel an in-progress run or download an Artifact—it’s all possible using Actions.

We’ve also updated the GITHUB_TOKEN on the runner to have access to the newer Actions permissions making authentication to the API seamless.

How are you using Actions?

Are you using Actions to improve your workflow? Share the t new ways the API enables you and your workflow on twitter or the community forum.

Learn more about the Actions API beta

Written by

Chris Patterson

@chrispat