proaction

module
v0.4.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2020 License: Apache-2.0

README

go.dev reference

Proaction

Proaction is a CLI that recommends and updates GitHub Action Workflows in order to make them more reliable. Certain patterns in Workflows can result in flaky and unreliable output, or can create dependencies that break when external Actions are updated.

The goal of Proaction is to encourage creating workflows that secure, reliable, and will not change unexpectedly.

Best Practices

Proaction will recommend changes to workflows in order to follow the following best practices:

1. Reproducibility

Having reproducible workflows is important in order to ensure that each execution is both reliable and deterministic. A workflow is reproducible when multiple executions of the same workflow using the same commit is guaranteed to produce the exact same result at artifact.

2. Secure

Workflows should not use Actions with open CVEs or other security vulnerabilities.

3. Updated

Workflows should be able to easily remain updated to use the latest version of an Action. This is needed for security fixes and for performance and feature updates from the Action.

4. Maintainability

Workflows should be written to be easy to maintain, minimizing the work needed to follow the other best practices.

Getting Started

Install Proaction

To install Proaction, download the latest release from the Releases page or visit the docs for other options.

Running With A Workflow File
$ proaction scan ./path/to/.github/workflows/workflow.yaml
Running In GitHub Actions

Proaction can run as a GitHub Action. To create a workflow using Proaction, read the Action documentation.

Read More

To read more, visit the documentation. The docs list all of the Proaction checks that are performed and explain the reasons for each.

GitHub API and Rate Limits

Proaction uses the GitHub API to look up and analyze actions that a workflow references. Unauthenticated requests to the GitHub API are limited to 60 per hour from any single IP address. To increase this and allow Proaction to scan multiple workflows, create a Personal Access Token and give this token repo access.

Data / Telemetry

This project collects usage data to help improve the product. No data will be sent if the --no-track flag is provided to the CLI.

Directories

Path Synopsis
cmd
proaction
proaction/cli
internal
event
pkg
checks
checks/scripts
checks/types
collect
collect/types
evaluate
evaluate/types
githubapi
issue
logger
ref
remediate
remediate/types
scanner
version
workflow
workflow/types

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.