For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just host code on the platform but also run it. We’re not talking about a new cloud to rival AWS here, but instead about something more akin to a very flexible IFTTT for developers who want to automate their development workflows, whether that is sending notifications or building a full continuous integration and delivery pipeline.
This is a big deal for GitHub. Indeed, Sam Lambert, GitHub’s head of platform, described it to me as “the biggest shift we’ve had in the history of GitHub.” He likened it to shortcuts in iOS — just more flexible. “Imagine an infinitely more flexible version of shortcut, hosted on GitHub and designed to allow anyone to create an action inside a container to augment and connect their workflow.”
GitHub users can use Actions to build their continuous delivery pipelines, and the company expects that many will do so. And that’s pretty much the first thing most people will think about when they hear about this new project. GitHub’s own description of Actions in today’s announcement makes definitely fits that bill, too. “Easily build, package, release, update, and deploy your project in any language—on GitHub or any external system—without having to run code yourself,” the company writes. But it’s about more than that.
“I see CI/CD as one narrow use case of actions. It’s so, so much more,” Lambert stressed. “And I think it’s going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub. […] It’s going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem.”
That means you can use it to send a text message through Twilio every time someone uses the ‘urgent issue’ tag in your repository, for example. Or you can write a one-line command that searches your repository with a basic grep command. Or really run any other code you want to because all you have to do to turn any code in your repository into an Action is to write a Docker file for it so that GitHub can run it. “As long as there is a Docker file, we can build it, run in and connect it to your workflow,” Lambert explained. If you don’t want to write a Docker file, though, there’s also a visual editor you can use to build your workflow.
As Corey Wilkerson, GitHub’s head of product engineering also noted, many of these Actions already exist in repositories on GitHub today. And there are now over 96 million of those on GitHub, so that makes for a lot of potential actions that will be available from the start.
With Actions, which is now in limited public beta, developers can set up the workflow to build, package, release, update and deploy their code without having to run the code themselves.
Now developers could host those Actions themselves — they are just Docker containers, after all — but GitHub will also host and run the code for them. And that includes developers on the free open source plan.
Over time — and Lambert seemed to be in favor of this — GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that’s not an option, but it it’s definitely that’s something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don’t want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.
While GitHub will make its own actions available to developers, this is an open platform and others in the GitHub community can contribute their own actions, too.
GitHub will slowly open Actions to developers, starting with daily batches for the time being. You can sign up for access here.
In addition to Actions, GitHub also announced a number of other new features on its platform. As the company stressed during today’s event, it’s mission is to make the life of developers easier — and most of the new features may be small but do indeed make it easier for developers to do their jobs.
So what else is new? GitHub Connect, which connects the silo of GitHub Enterprise with the open source repositories on its public site, is now generally available, for example. GitHub Connect enables new features like unified search, that can search through both the open source code on the site and internal code, as well as a new Unified Business Identity feature that brings together the multiple GitHub Business accounts that many businesses now manage (thanks, shadow IT) under a single umbrella to improve billing, licensing and permissions.
The company also today launched three new courses in its Learning Lab that make it easier for developers to get started with the service, as well as a business version of Learning Lab for larger organizations.
What’s maybe even more interesting for developers whose companies use GitHub Enterprise, though, is that the company will now allow admins to enable a new feature that will display those developers’ work as part of their public profile. Given that GitHub is now the de facto resume for many developers, that’s a big deal. Much of their work, after all, isn’t in open source or in building side projects, but in the day-to-day work at their companies.
The other new features the company announced today are pretty much all about security. The new GitHub Security Advisory API, for example, makes it easier for developers to find threads in their code through automatic vulnerability scans, while the new security vulnerability alerts for Java and .NET projects now extend GitHub’s existing alerts to these two languages. If your developers are prone to putting their security tokens into public code, then you can now rest easier since GitHub will now also start scanning all public repositories for known token formats. If it finds one, it’ll alert you and you can set off to create a new one.