Use GitHub Actions for general-purpose tasks

What are GitHub Actions?

GitHub Actions are a way to automate your software development workflows. They are similar to CI/CD tools like Jenkins, CircleCI, and TravisCI. However, GitHub Actions are built into GitHub.

GitHub Actions are not entirely free, but they have very high usage limits for open-source projects. For private repositories, you can run up to 2,000 minutes per month for free. After that, you will be charged.

GitHub Actions for non-CI/CD tasks

However, GitHub Actions are not just for CI/CD. You can use them for many general-purpose tasks. For example, you can use them as an extension of your application to perform tasks such as:

generating aggregate reports
updating a database
sending notifications
general data processing
and many others

A GitHub Action can run arbitrary code, taking inputs from multiple sources such as API calls, databases, and files.

You can use a GitHub Action as a worker for your application. For example, you can use it to process data from a database and then send a notification to a user. Or you can use it to generate a report and upload it to a file server.

Although GitHub Actions in open-source repositories are public, they can still use secrets that are not accessible to the public. For example, secrets can be API keys and database access credentials.

A real-world GitHub Action doing data processing

Below is an example GitHub Action that does general data processing. It uses API calls to download data from NVD (National Vulnerability Database), generates files from this data, and then creates a release. Subsequently, the application can download these files and use them directly without making the API calls or processing the data itself.

GitHub gist:

	on:
	push:
	branches:
	- master
	schedule:
	- cron: "40 * * * *"
	workflow_dispatch: # Manual

	permissions:
	contents: write

	jobs:
	security_artifacts:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout NVD repo
	uses: actions/checkout@v4
	with:
	ref: release

	- name: Checkout Fleet
	uses: actions/checkout@v4
	with:
	repository: fleetdm/fleet
	fetch-depth: 1
	ref: main
	token: ${{ github.token }}
	path: fleet

	- name: Setup Go
	uses: actions/setup-go@v4.1.0
	with:
	cache: false
	go-version: '^1.21.4'

	- name: Generate security artifacts
	uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
	with:
	timeout_minutes: 180
	max_attempts: 3
	retry_wait_seconds: 120
	command: \|
	cd fleet
	go mod download
	go run -tags fts5 cmd/cve/generate.go --db_dir ./vulndb --debug

	- name: Current date
	id: date
	run: \|
	echo "date=$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT

	# Note that a new commit must be made for each release, otherwise GitHub does not order
	# the releases properly.
	- name: Tag
	run: \|
	git config --global user.email ""
	git config --global user.name "GitHub Actions Bot"
	git pull
	git commit --allow-empty -m 'Release ${{ steps.date.outputs.date }}'
	git push origin release

	- name: Release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
	with:
	files: \|
	fleet/vulndb/*
	tag_name: ${{ steps.date.outputs.date }}
	target_commitish: release
	token: ${{ secrets.GITHUB_TOKEN }}

	- name: Delete Old Releases
	uses: dev-drprasad/delete-older-releases@v0.3.2
	with:
	keep_latest: 60
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

view raw example-github-action.yml hosted with ❤ by GitHub

The GitHub Action does a checkout of our application code and runs a script cmd/cve/generate.go to generate the files. Then, it publishes the generated files as a new release. As a final step, it deletes any old releases.

A note of caution. GitHub monitors for cryptocurrency mining and other abusive behavior. So, keep that in mind and be careful with process-intensive actions.