iTranslated by AI
Productivity Weekly (2021-09-22 Issue)
Hello. I'm Hirakiba from the Cybozu Productivity Improvement Team.
Our Productivity Improvement Team holds an internal meeting called "Productivity Weekly" every Wednesday to share topics found during the week regarding improving developer productivity.
This article is a compilation of those topics.
This is the 44th issue. Past articles can be found here.
news 📺
GitHub Actions: Ephemeral self-hosted runners & new webhooks for auto-scaling | GitHub Changelog
This is an announcement regarding the addition of the --ephemeral option to make runners disposable in GitHub Actions, and the addition of a new webhook, workflow_job. We covered --ephemeral in last week's article (Note that GitHub Enterprise Server does not support it yet).
workflow_job is a webhook sent for each state of a workflow job, containing the job status, runner labels (runs-on key information), and the repository where it occurred.
Previously, there was a way to utilize the check_run webhook to autoscale self-hosted runners, but it was difficult to distinguish whether the job required a self-hosted runner, making it cumbersome (for example, there was an issue where a self-hosted runner would be started even for jobs using GitHub-hosted runners).
With the introduction of the --ephemeral option and the workflow_job webhook, it has become easier to build a clean, autoscaling environment for self-hosted runners[1]. Using self-hosted runners has become increasingly convenient. I hope it becomes available on Enterprise Server soon.
GitHub Actions: Experience refresh for the management of self-hosted runners | GitHub Changelog
In GitHub Actions, the management screen for self-hosted runners has been updated, making it easier to manage runner groups and check runner status.
Additionally, you can now see which runner is executing which job. Since there wasn't a good way to do this before, this might be particularly welcome.
You can see which job a runner is executing like this
Quickly copy the contents of a file to the clipboard | GitHub Changelog
You can now easily copy the contents of a file to your clipboard on GitHub's Web UI. Previously, it was a bit of a hassle as you had to manually select and copy, or open the Raw file and select all to copy. From now on, you can copy the file contents to the clipboard simply by clicking a button on the UI.
It's a small change, but a subtly pleasant one.
AWS federation comes to GitHub Actions | Aidan Steele’s blog (usually about AWS)
In GitHub Actions, a mechanism has been added to provide an OpenID Connect[2] token for each job execution.
By registering an OIDC Identity Provider in AWS or similar and permitting IAM roles, you can access AWS accounts using temporary tokens. This eliminates the need to register credentials directly on GitHub (removing the worry of credential leaks due to supply chain attacks, etc.).
This is very exciting, but it's not officially available yet (though it has been added to the GitHub Roadmap), so it's probably better to wait a little longer before using it in production.
know-how 🎓
Automating SmartHR UI release work with GitHub Actions - SmartHR Tech Blog
This is a case study about automating release tasks to GitHub (tagging, npm publish) using GitHub Actions. Previously, the seven steps required for a release were performed manually, leading to concerns about errors or omissions, which prompted the move toward automation.
The article describes the previous release process, the automation method, the actual workflow, and the results. It uses a two-stage setup: a workflow that creates an Issue containing dry run results for pre-release confirmation, and another for the actual release. The release is triggered by adding an approval label to the created Issue.
I found it unique that they use Issues for pre-release confirmation and labels for approval. If you don't need to restrict permissions too strictly, it seems like an easy way to build a mechanism. (I'd also like to explore how it compares to using Pull Requests.)
Using Docker without Docker Desktop with lima on Mac - cangoxina
This article introduces how to use Docker on macOS without using Docker Desktop. It uses lima, which was introduced previously, as the implementation method.
The article covers how to build the Docker environment, configurations to make it easier to use, and results from various investigations into what it can do.
While some initial setup is required, based on the article, it seems it can be used reasonably well as an alternative to Docker Desktop. I expect many alternatives to Docker Desktop to continue emerging in the future. I'd like to keep exploring them.
tool 🔨
google-github-actions/auth: GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.
This is an action related to the earlier mention of OIDC tokens becoming available in GitHub Actions.
google-github-actions/auth is an action that exchanges an OIDC token on Actions for a Google Cloud access token. This eliminates the need to store GCP access tokens on the GitHub side.
The great thing about this action is that it's made by Google. While similar actions already exist for AWS, they are not yet officially provided. I believe that tools handling authentication like this should be introduced cautiously, but since it is developed by Google (who also makes GCP), it is easier to trust compared to other third-party tools.
I hope to see official actions provided by other cloud services in the future. I'd like to use it once GitHub officially supports OIDC.
koneta 🍘
This is a section where I introduce topics shared in Productivity Weekly that I'd like to cover but don't quite have the stamina for, or topics that didn't have much to say about, in about one sentence.
-
Accelerating New Features in Docker Desktop - Docker Blog
- Docker has revealed that they are developing Docker Desktop for Linux.
- You can get early access by registering for the developer preview program.
- However, I wondered if there are actually many cases where people would specifically want to use Docker Desktop on Linux.
-
Oracle to offer Oracle JDK for free again, usable in production environments. Starting from Java 17 released yesterday - Publickey
- Apparently, Oracle JDK is free again.
Postscript
There were so many GitHub Actions topics this week. The functional enhancements around self-hosted runners are particularly welcome.
In the meantime, the long weekend has ended... I was mainly building Gunpla.
The Productivity Improvement Team holds meetings to share these kinds of topics every week. If you're interested in the team, click the link below!
-
Or rather, it's now possible. Since making runners disposable was previously almost impossible... ↩︎
-
I'm not confident I can explain OpenID Connect details correctly, so it's faster to Google it. This one was easy to understand. -> The most understandable explanation of OpenID Connect - Qiita ↩︎
Discussion