This article is more than 1 year old

GitHub grabs a piece of the Actions: 'A project that will do for software development what we did for the pull request'

Social code biz makes bid to turn workflows into code

At San Francisco's Palace of Fine Arts on Tuesday, GitHub held its annual tech touting talk in a space that once housed the city's Exploratorium science show.

It's a fitting venue, said Jason Warner, SVP of technology at GitHub, during the opening keynote. The Palace of Fine Arts was built for the 1915 Panama-Pacific International Exposition, a celebration of the technological marvels of the time – the Panama Canal, wireless telegraphy, and transcontinental phone calls – and San Francisco's post-earthquake rebirth. For modern magnificence, we gave you pull requests.

GitHub Universe had fewer science exhibits than the relocated Exploratorium but more data scientists, software engineers and the like. GitHub boasts some 31 million developers, a large amount of potentially valuable data, and a pending place in Microsoft's portfolio, so "Universe" has become an apt description of the social code hosting site's ambition.

Sam Lambert, head of platform for GitHub, spoke in similarly grand terms during a phone briefing with The Register last week.

"Without exaggeration, we're about to ship a project that will do for software development what we did for the pull request," he said.

That project, now in limited beta, is called GitHub Actions. Lambert said it's a way for people to describe their workflows in code. It's automation at a higher level than continuous integration and continuous deployment (CI/CD). It can be used CI/CD but can also do quite a bit more.

Lambert was just as effusive on stage. "Today we bring you something truly remarkable," he said. "By enabling workflows as code, executed and hosted on, and supported by an expanding ecosystem of user-created functionality, we believe we will once again revolutionize software development."

The code that dare not speak its name

Finally, Lambert was left speechless. "No words can do this justice," he said, then invited Kyle Daigle, director of ecosystem engineering, on stage to say what he could not.

Daigle described Actions as a way to build, connect, execute and share Docker containers to run your software development workflows. It's essentially a system to tie together disparate command line incantations, cobbled together via visual editor or text configuration file, and package them for execution and consumption.

Daigle demonstrated how Actions could automate publishing a JavaScript module to NPM and how it could deploy an app to five separate cloud service providers simultaneously. Presently, it supports 26 trigger events and there are some 450 sample actions to demonstrate the possibilities.

During a press conference following the keynote, Lambert regained its ability to talk about Actions. "One of the things that's really exciting about Actions is people will tailor their workflows to their community," he said. "If you want to pull a best-in-breed Go deployment workflow you'll be able to pull that and fork it."

In response to a question about the potential abuse of Actions, Lambert insisted that GitHub-provided containers won't be suitable places to hide cryptomining code. We have to assume, however, someone will give it a go.

Odds and sods

In other developments, GitHub's Checks API, by which apps can be integrated for CI, linting, and acceptance testing, and its Deployments API, by which GitHub projects can be deployed on other servers, have reached general availability.


Microsoft liberates ancient MS-DOS source from the museum and sticks it in GitHub


Kathy Simpson, senior director of product management at GitHub, described a series of GitHub Enterprise enhancements. In GitHub Enterprise 2.15, a feature called Unified Contributions allows developers connect their GitHub Enterprise account with their account, so open source work shows up alongside professional work. Another addition called Unified Search allows developers to search private repositories from their company’s Business Cloud instances.

A feature called Unified Business Identity, meanwhile, arrives in limited beta. It allows admins to manage multiple Business Cloud accounts, to simplify billing, permissions, licensing, and the like.

Also GitHub Learning Lab, an automated course to help developers learn Git and GitHub, now allows organizations to build their own courses to fit their workflows.

In addition to its platform, enterprise and education announcements, GitHub rolled out some security enhancements. The code hosting biz expanded its security vulnerability alerts to cover Java and .NET, having previously implemented them for JavaScript, Python, and Ruby.

It also launched the public beta of token scanning for public repos – authentication tokens are not something that should be publicly visible yet they sometimes get published by mistake. If the service finds an exposed token in a GitHub repo, it asks the provider to validate the commit and notifies the account owner to issue a new token.

Finally, GitHub is making the security advisories it publishes available programmatically through the GitHub Security Advisory API.

Warner, at the press conference, suggested GitHub would remain secure against meddling from Microsoft.

"The reason Github was bought by Microsoft is not to make Github more like Microsoft," he insisted. Microsoft's direction, he said, was to do what needs to be done to best serve GitHub's customers.

There's no date yet for the acquisition to be completed, he said, but it's expected to be before the end of the year. ®


More about


Send us news

Other stories you might like