์ฐธ๊ณ : GitHub ํธ์คํธ ์คํ๊ธฐ๋ ํ์ฌ GitHub Enterprise Server์์ ์ง์๋์ง ์์ต๋๋ค. GitHub public roadmap์ ์์ ๋ ํฅํ ์ง์์ ๋ํด ์์ธํ ์์๋ณผ ์ ์์ต๋๋ค.
Overview
You can use pre-written building blocks, called actions, in your workflow. An action is a pre-defined, reusable set of jobs or code that perform specific tasks within a workflow.
Actions can be:
- Reusable: actions can be used across different workflows and repositories, allowing you to avoid rewriting the same code.
- Pre-written: many actions are available in the GitHub Marketplace, covering a wide range of tasks like checking out code, setting up environments, running tests, and deploying applications.
- Configurable: you can configure actions with inputs, outputs, and environment variables to tailor them to your specific needs.
- Community-driven: you can create your own actions and share them with others or use actions developed by the community.
The actions you use in your workflow can be defined in:
- The same repository as your workflow file
- An internal repository within the same enterprise account that is configured to allow access to workflows
- Any public repository
- A published Docker container image on Docker Hub
GitHub Marketplace is a central location for you to find actions created by the GitHub community.
์ฐธ๊ณ : GitHub Enterprise Server์ GitHub Actions๋ GitHub.com ๋๋ GitHub Marketplace์ ์์ ์ ๋ํ ์ก์ธ์ค๊ฐ ์ ํ๋ ์ ์์ต๋๋ค. ์์ธํ ๋ด์ฉ์ "GitHub.com์ ์์ ์ ๋ํ ์ก์ธ์ค ๊ด๋ฆฌ"์ ์ฐธ์กฐํ๊ณ GitHub Enterprise ์ฌ์ดํธ ๊ด๋ฆฌ์์๊ฒ ๋ฌธ์ํ์ธ์.
Adding an action from the same repository
If an action is defined in the same repository where your workflow file uses the action, you can reference the action with either the โ{owner}/{repo}@{ref}
or ./path/to/dir
syntax in your workflow file.
๋ฆฌํฌ์งํ ๋ฆฌ ํ์ผ ๊ตฌ์กฐ ์์:
|-- hello-world (repository)
| |__ .github
| โโโ workflows
| โโโ my-first-workflow.yml
| โโโ actions
| |__ hello-world-action
| โโโ action.yml
๊ฒฝ๋ก๋ ๊ธฐ๋ณธ ์์
๋๋ ํฐ๋ฆฌ(github.workspace
, $GITHUB_WORKSPACE
)์ ๋ํด ์๋์ (./
) ๊ฒฝ๋ก์
๋๋ค. ์์
์ด ๋ฆฌํฌ์งํ ๋ฆฌ๋ฅผ ์ํฌํ๋ก์ ๋ค๋ฅธ ์์น๋ก ๊ฒ์ฌํ๋ ๊ฒฝ์ฐ ๋ก์ปฌ ์์
์ ์ฌ์ฉ๋๋ ์๋ ๊ฒฝ๋ก๋ฅผ ์
๋ฐ์ดํธํด์ผ ํฉ๋๋ค.
์ํฌํ๋ก ํ์ผ ์์:
jobs:
my_first_job:
runs-on: ubuntu-latest
steps:
# This step checks out a copy of your repository.
- name: My first step - check out repository
uses: actions/checkout@v4
# This step references the directory that contains the action.
- name: Use local hello-world-action
uses: ./.github/actions/hello-world-action
The action.yml
file is used to provide metadata for the action. Learn about the content of this file in "GitHub Actions์ ๋ํ ๋ฉํ๋ฐ์ดํฐ ๊ตฌ๋ฌธ."
Adding an action from a different repository
If an action is defined in a different repository than your workflow file, you can reference the action with the {owner}/{repo}@{ref}
syntax in your workflow file.
The action must be stored in a public repository or an internal repository that is configured to allow access to workflows. For more information, see "์ํฐํ๋ผ์ด์ฆ์ ์์ ๋ฐ ์ํฌํ๋ก ๊ณต์ ."
jobs:
my_first_job:
steps:
- name: My first step
uses: actions/setup-node@v4
Referencing a container on Docker Hub
If an action is defined in a published Docker container image on Docker Hub, you must reference the action with the docker://{image}:{tag}
syntax in your workflow file. To protect your code and data, we strongly recommend you verify the integrity of the Docker container image from Docker Hub before using it in your workflow.
jobs:
my_first_job:
steps:
- name: My first step
uses: docker://alpine:3.8
For some examples of Docker actions, see the Docker-image.yml workflow and "Docker ์ปจํ ์ด๋ ์์ ๋ง๋ค๊ธฐ."
Security hardening for using actions in your workflows
GitHub๋ ์ํฌํ๋ก์ ๋ณด์์ ๊ฐํํ๋ ๋ฐ ์ฌ์ฉํ ์ ์๋ ๋ณด์ ๊ธฐ๋ฅ์ ์ ๊ณตํฉ๋๋ค. GitHub์ ๊ธฐ๋ณธ ์ ๊ณต ๊ธฐ๋ฅ์ผ๋ก ์ด์ฉํ๋ ์์ ์ ์ฝ์ ์ ๋ํ ์๋ฆผ์ ๋ฐ๊ฑฐ๋ ์ํฌํ๋ก์ ์์ ์ ์ต์ ์ํ๋ก ์ ์งํ๋ ํ๋ก์ธ์ค๋ฅผ ์๋ํํ ์ ์์ต๋๋ค. ์์ธํ ๋ด์ฉ์ "GitHub์ ๋ณด์ ๊ธฐ๋ฅ์ ์ฌ์ฉํ์ฌ ์์ ํ๊ฒ GitHub Actions ์ฌ์ฉ"์(๋ฅผ) ์ฐธ์กฐํ์ธ์.
Using release management for your custom actions
The creators of a community action have the option to use tags, branches, or SHA values to manage releases of the action. Similar to any dependency, you should indicate the version of the action you'd like to use based on your comfort with automatically accepting updates to the action.
You will designate the version of the action in your workflow file. Check the action's documentation for information on their approach to release management, and to see which tag, branch, or SHA value to use.
Note: We recommend that you use a SHA value when using third-party actions. However, it's important to note Dependabot will only create Dependabot alerts for vulnerable GitHub Actions that use semantic versioning. For more information, see "GitHub Actions์ ๋ํ ๋ณด์ ๊ฐํ" and "Dependabot ๊ฒฝ๊ณ ์ ๋ณด."
Using tags
Tags are useful for letting you decide when to switch between major and minor versions, but these are more ephemeral and can be moved or deleted by the maintainer. This example demonstrates how to target an action that's been tagged as v1.0.1
:
steps:
- uses: actions/javascript-action@v1.0.1
Using SHAs
If you need more reliable versioning, you should use the SHA value associated with the version of the action. SHAs are immutable and therefore more reliable than tags or branches. However, this approach means you will not automatically receive updates for an action, including important bug fixes and security updates. You must use a commit's full SHA value, and not an abbreviated value. SHA๋ฅผ ์ ํํ ๋๋ ํด๋น SHA๊ฐ ๋ฆฌํฌ์งํ ๋ฆฌ ํฌํฌ๊ฐ ์๋ ์์ ์ ๋ฆฌํฌ์งํ ๋ฆฌ์์ ์จ ๊ฒ์ธ์ง ํ์ธํด์ผ ํฉ๋๋ค. This example targets an action's SHA:
steps:
- uses: actions/javascript-action@a824008085750b8e136effc585c3cd6082bd575f
Using branches
Specifying a target branch for the action means it will always run the version currently on that branch. This approach can create problems if an update to the branch includes breaking changes. This example targets a branch named @main
:
steps:
- uses: actions/javascript-action@main
For more information, see "์ฌ์ฉ์ ์ง์ ์์ ์ ๋ณด."
Using inputs and outputs with an action
An action often accepts or requires inputs and generates outputs that you can use. For example, an action might require you to specify a path to a file, the name of a label, or other data it will use as part of the action processing.
To see the inputs and outputs of an action, check the action.yml
or action.yaml
in the root directory of the repository.
In this example action.yml
, the inputs
keyword defines a required input called file-path
, and includes a default value that will be used if none is specified. The outputs
keyword defines an output called results-file
, which tells you where to locate the results.
name: "Example"
description: "Receives file and generates output"
inputs:
file-path: # id of input
description: "Path to test script"
required: true
default: "test-file.js"
outputs:
results-file: # id of output
description: "Path to results file"
Next steps
To continue learning about GitHub Actions, see "GitHub Actions ์ดํด."