GitHub has added new features to GitHub Actions that will help standardize CI/CD practices and reduce duplication.
Required workflows is the first new feature and it can be used to define and enforce CI/CD practices across multiple source code repositories. By utilizing this feature to accomplish this, teams won’t have to manually configure each repository individually.
Other benefits include the ability to invoke external vulnerability scoring tools, ensure code meets compliance requirements, and ensure code is continuously deployed.
Required workflows get triggered as a status check on open pull requests on the default branch. Merges won’t be able to be completed until the workflow succeeds.
The second feature is configuration variables, which allow developers to store non-sensitive data as reusable plain text variables. Examples of non-sensitive data include compiler flags, usernames, and server names.
Before this feature was introduced, developers needed to store configuration data as encrypted secrets if they wished to reuse the values in workflows. This made it difficult to retrieve non-sensitive data.
“You no longer have to spend hours configuring hundreds of repositories to protect your critical software assets. Required workflows along with reusable workflows, configuration variables, and secrets will help you apply a consistent set of standards across many repositories with just a couple of clicks,” Ashok Kirla, senior product manager at GitHub, wrote in a blog post.