January 27, 2022

GitHub Actions Support in Harness CI

Table of Contents

Harness CI now supports GitHub Actions, allowing users to leverage over 10k pre-built actions from the GitHub marketplace in their CI pipelines. This integration simplifies task automation, from code cloning to vulnerability scanning, enhancing the efficiency and flexibility of CI workflows.

In this article, we will learn about GitHub Actions support in Harness CI and how plugin extensibility helped templatizing action as a plugin step.

GitHub Actions let you create custom actions that can perform predefined tasks. These predefined tasks range from cloning a codebase to building a Docker image and security scanning images. Previously-created actions are present on the GitHub marketplace, with a rich support of over 10k actions.

Harness CI has added support for running GitHub Actions. This addition means that GitHub Actions can be used via the plugin step in a CI pipeline.

Usage

GitHub Actions YAML contains three attributes:

  1. name: Refers to the GitHub repository of the action along with the branch or tag.
  2. with: A map with a key and value as string. These are action inputs.
  3. env: Environment variables passed to the action.

You must copy with, uses, and env attributes in the plugin step settings to use a GitHub action as a plugin in Harness CI. You must also run the step in privileged mode since the GitHub action plugin uses Docker in Docker (dind).

The following is a side-by-side comparison of action YAML in GitHub actions vs. Harness CI:

A comparison of action YAML in GitHub actions vs. Harness CI

The following are some examples for using actions in Harness CI.

Trivy Scanning Action

Trivy is an open-source scanner for detecting vulnerabilities in container images, git repositories, and much more.

The following example scans “drone/git” container image using trivy in Harness CI.

- step:
     identifier: trivy
     name: Run Trivy vulnerability scanner
     type: Plugin
     spec:
         connectorRef: dockerhub
         image: plugins/github-actions
         privileged: true
         settings:
             uses: aquasecurity/trivy-action@master
             with:
                 image-ref: drone/git
                 format: table
                 exit-code: "1"
                 ignore-unfixed: "true"
                 vuln-type: os,library
                 severity: CRITICAL,HIGH,LOW
             env:
                 CI: true

Trivy GitHub Actions Example

GCS Upload Action

The GCS upload action can be used to upload a file to Google Cloud storage.

- step:
    identifier: gcs-uploader
     name: upload file to GCS
     type: Plugin
     spec:
          connectorRef: dockerhub
          image: plugins/github-actions
          privileged: true
          settings:
               uses: google-github-actions/upload-cloud-storage@main
               with:
                    path: '/path/to/file'
                    destination: demo/gcs
                    credentials: <+stage.variables.GCP_SECRET_KEY_BASE64>

GCP Upload GitHub Actions Example

Git Checkout Action

The Git checkout action is used for cloning the GitHub repository codebase. This action can be used to clone one or more git repositories in a single stage in Harness CI.

The following example clones the primary repository present in the trigger payload. It is required to specify GITHUB_TOKEN as an environment variable to the step for cloning private repositories.

- step:
     identifier: checkout
     name: checkout GitHub action
     type: Plugin
     spec:
         connectorRef: dockerhub
         image: plugins/github-actions
         privileged: true
         settings:
             uses: actions/checkout@v2
            with:
                 ref: ${{ GitHub.event.pull_request.head.sha }}
                 event_payload: <+ trigger.eventPayload>
         envVariables:
                GITHUB_TOKEN: <+secrets.getValue("token")>

Checkout GitHub Actions Example

You must specify the repository name in the plugin step settings to clone a second repository.

- step:
     identifier: checkout-repo-by-name
     name: checkout GitHub repository by name
     type: Plugin
     spec:
         connectorRef: dockerhub
         image: plugins/github-actions
         privileged: true
         settings:
             uses: actions/checkout@v2
             with:
                 repository: my-org/my-private-tools
                 path: my-tools
                 ref: ${{ GitHub.event.pull_request.head.sha }}
             event_payload: <+ trigger.eventPayload>
         envVariables:
             GITHUB_TOKEN: <+secrets.getValue("token")>

Implementation

GitHub Actions works by cloning the repository specified in the `uses` attribute and executing the steps present in the `action.yml` file from the cloned action code.

The CI plugin for GitHub action uses nektos/act, which is an open-source project to execute GitHub Actions locally. Nektos/act runs a Docker container on which the GitHub action workflow is executed. The CI plugin creates a workflow for the input action step, and then executes it via nektos/act. The following is the link for the plugin source code: https://GitHub.com/drone-plugins/GitHub-actions

Conclusion

We have shown that the extensibility and simplicity of plugins in Harness CI enabled the addition of many actions with just a single plugin. This demonstrates just how pluggable Harness CI can be. I hope you try your favorite action in Harness CI, and possibly create your own plugin for your custom-tailored tasks.

For further reading on Harness CI, why not take a gander at our Migrating From Jenkins to Harness CIE piece? 

Continuous Integration