GitHub Actions
32 items tagged with "github-actions"
Tutorials20
CI/CD Pipeline with GitHub Actions
Set up a complete CI/CD pipeline using GitHub Actions
How to build a GitHub Actions pipeline for a web app
Create a complete GitHub Actions workflow that lints, tests, and builds an application on every push and pull request.
How to create a reusable GitHub Actions workflow
Build a callable workflow with inputs and secrets so multiple repositories share one tested CI definition.
How to run matrix builds in CI
Use a build matrix to test your code across multiple language versions and operating systems in parallel.
How to speed up CI builds with caching
Cache dependencies and build outputs in CI to cut pipeline time, with correct cache keys and invalidation.
How to publish a Docker image to a registry from CI
Build a Docker image in CI and push it to a container registry with proper tags and authentication.
How to automate versioning and releases with semantic-release
Use semantic-release and Conventional Commits to automatically determine versions, tag releases, and publish from CI.
How to build an environment promotion pipeline
Promote a single build artifact through dev, staging, and production with gated approvals instead of rebuilding per stage.
How to manage secrets securely in CI pipelines
Store, inject, and mask secrets in CI without leaking them, using scoped credentials and short-lived tokens.
How to set up self-hosted CI runners
Register and harden self-hosted runners to run CI jobs on your own hardware for performance and network access.
How to automate dependency updates in CI
Configure automated dependency update pull requests with grouping, scheduling, and auto-merge for safe updates.
Add Vibgrate to a GitHub Actions Workflow
Run the Vibgrate CLI on every push and pull request with GitHub Actions so upgrade drift is scanned automatically in CI.
Upload Vibgrate SARIF to GitHub Code Scanning
Produce SARIF output with vg scan --format sarif and upload it to GitHub code scanning so drift findings appear in the Security tab and on PRs.
Schedule Nightly Drift Scans in CI
Run a scheduled Vibgrate scan every night with a GitHub Actions cron trigger and push the DriftScore to Vibgrate Cloud for trend tracking.
Comment Drift Results on Pull Requests
Generate a Markdown drift report with the Vibgrate CLI and post it as a pull request comment so reviewers see the DriftScore in context.
Fail CI When New Drift Appears Against a Baseline
Wire vg scan --baseline into your pipeline so any new upgrade drift introduced by a change fails the build before it merges.
Generate an SBOM in CI with GitHub Actions
Add a GitHub Actions step that produces a fresh CycloneDX SBOM on every build and uploads it as a workflow artifact.
Attach an SBOM to a GitHub Release
Generate a CycloneDX SBOM during your release workflow and publish it as a downloadable asset on the GitHub Release.
Schedule Recurring Drift Reporting
Run vg scan --push on a schedule with cron or a CI scheduled job so drift reports and dashboard trends stay current without manual effort.
Produce a SARIF Report for Security Tooling
Generate a SARIF report with vg scan --format sarif so drift findings flow into GitHub code scanning and other SARIF-aware security tools.
Blueprints2
Migrations3
CircleCI to GitHub Actions Migration
Migrate CircleCI configs to GitHub Actions workflows with caching and secrets mapping
GitLab CI to GitHub Actions Migration
Migrate `.gitlab-ci.yml` pipelines to GitHub Actions workflows with runner and secret strategy
Jenkins to GitHub Actions Migration
Migrate CI/CD pipelines from Jenkins to GitHub Actions workflows with secrets and runner strategy
Comparisons3
GitHub Actions vs GitLab CI/CD
Both run pipelines defined in YAML next to your code. GitHub Actions centers on a marketplace of reusable actions; GitLab CI/CD ships an integrated DevOps platform.
GitHub Actions vs Jenkins
GitHub Actions is a managed, YAML-driven CI/CD service tied to GitHub; Jenkins is a self-hosted, plugin-rich automation server with maximum flexibility.
CircleCI vs GitHub Actions
CircleCI is a dedicated cloud CI/CD platform known for speed and orbs; GitHub Actions is GitHub's native automation with a huge action marketplace.
FAQs3
How do I integrate Vibgrate into CI/CD pipelines?
The CLI requires no login for scanning and returns meaningful exit codes (0=success, 2=threshold exceeded). Basic CI integration: npx @vibgrate/cli sc...
How do I upload SARIF results to GitHub Code Scanning?
Run scan with SARIF output: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error. Then use github/codeql-action/upload-sarif@v3 ...
How do I gate pull requests on known vulnerabilities with GitHub Actions?
Use the maintained vibgrate/cli Action: `uses: vibgrate/cli@v1` with `vulns: true`, `fail-on: error`, and `upload-sarif: true`. It scans installed dep...