Learn Generative AI, Prompt Engineering, and LLMs for Free
Free courses from frontend to fullstack and AI
Overview
Syllabus
Intro
What are GitHub workflows?
What are GitHub Actions?
Workflow example
Repository security
Code - Who has access?
Configuring access
From the user
Workflow secrets
Who has access to your secrets?
Your code - Best practices
GitHub Actions Security
Best practice: Run the action inside of a container
Persisting data between runs
Workflow runners - Best practice
Verified Creator
Protective measures
Recommendation
Workflow attack vectors
Forks of public repos
Pull Requests
Common fields
Remediation
Forking actions
Staying up to date
Update action versions
Option 1: Use SHA+Dependabot
Use Dependabot
Keep your forked action up to date
Review before merging
Automation
Pros of forking
Best practices summarized
Taught by
NDC Conferences