Last updated
Last updated
is a GitHub feature that enables you to automate various event-driven activities in GitHub, such as cloning a repository, generating Docker images, and testing scripts.
You can find over 10,000 GitHub Actions on the or create your own Actions.
You can use the GitHub Action integration to integrate GitHub Actions with SEI.
For more information about supported integrations on SEI, go to .
You can either configure the integration using Github OAuth or use a Github Personal Access Token (PAT). In case you’re using the integration using a PAT ensure to Copy the token somewhere that you can retrieve it when you configure the integration. For instructions, go to .
If you can't use OAuth, you must create a GitHub Personal Acess Token to configure the SEI GitHub integration.
Log in to your GitHub account and create a Personal Access Token. For instructions, go to the GitHub documentation on .
Select the following permissions for your Personal Access Token
All repo scopes, including the parent repo scope. The top-level repo scope is required for SEI to have the required visibility into your repos. (repoadmin:org -> read:org permission
.)
If your GitHub organization uses SAML SSO, enable SSO for your Personal Access Token. For instructions, go to the GitHub documentation on .
Note: The 'Triage Rule' and 'Trend' fields are not supported on the Stacks and Aggregation option for the Github Actions integration.
Select Integrations under Data Settings.
Select Available Integrations, locate the Github Actions integration.
Select Install.
Select the type of the Github Actions instance as Cloud.
Select an authentication method as Using OAuth.
Follow the prompts to grant access to GitHub.
In Integration Name, enter a name for the integration.
Select repositories to associate with the integration or select Ingest All Repos to associate all current and future repos in your GitHub organization.
Click on Validate Connection to run the pre-flight checks and validate the connection. Once successful, you'll have the integration set up under the Your Integrations tab.
The steps for configuring the integration using the Ingestion Satellite is similar to configuring the integration on Cloud, with the exception of using satellite to communicate with the Github server.
In Integration Name, enter a Name for the integration.
Add a Description for the integration. (Optional)
Enter the Personal Access Token that you generated earlier.
In the Github Actions URL field, add the URL where your GitHub Actions instance is hosted.
Here’s a sample satellite.yaml file generated for the Github Actions integration:
This section provides step-by-step instructions on how you can set up a GitHub Actions workflow to allow SEI to ingest the data for the artifacts and environment variables from GitHub Actions.
A GitHub repository for your project.
SEI Api Key & SEI Integration ID
Access to GitHub Actions in your repository.
Familiarity with environment variables and GitHub Actions configuration.
Follow these steps to set up the workflow:
Create an SEI Api Key
Go to your SEI account and create an Api Key.
Give the Api Key a Name and Description.
Set the role as Ingestion
.
Create Organization/Repository Secret
To securely store the SEI Api Key, you can create a GitHub secret in either your organization or your repository, depending on your preference.
Append the following steps to your existing GitHub Actions workflow configuration:
Make sure to update the <INTEGRATION_ID>
in the workflow step with your actual SEI Integration ID. Also, update the <BASE_URL>
according to your environment:
If there is an issue with the SEI endpoint (e.g. if the endpoint is down, 500 internal server error
), and you want the workflow run to fail if artifacts are not sent to SEI, use the -f
flag in the curl command. For example:
For example: curl -f <REQUEST>
Refer to the metadata below to request and ingest the artifact data from GitHub Actions into SEI.
name
, location
, tag
, and digest
of the artifact are required fields.
If type
, artifact_created_at
, or digest
are not available you can remove those fields from the object.
type
and artifact_created_at
are optional fields.
Refer to the metadata below to ingest the environment variables data from GHA into SEI. Note that all the keys mentioned are required fields.
Here's a sample Github Actions workflow:
TIP
If the SEI API fails, the workflow will not be able to send the artifacts or the job run parameters. In such cases, you will need to re-execute the Github Actions workflow.
Artifacts data from existing/previous workflow executions cannot be ingested into SEI.
Ensure that the tag names of images are unique to maintain the correct correlation between CI and CD processes.
To connect Harness SEI with on-prem instance of Github Actions, you'll need to use the .
Click on the Download YAML File button and save the satellite.yml
file. Update it following the instructions .
If you encounter any issues during the integration process, go to the .
For Organization Secret, go to Give the secret a name (e.g., `SEI_API_KEY`) and store the SEI Api Key value.
For Repository Secret, go to Give the secret a name (e.g., `SEI_API_KEY`) and store the SEI Api Key value.
Create the GitHub Actions Integration and make a note of the Integration ID, which you will need in the next steps. For more information, go to .
Base URL (US):
Base URL (EU1):
name
Image name of the artifact (e.g., ghcr.io/organization/repository:v0.1.1 where the repository is the image name)
location
Location of the artifact (e.g., ghcr.io/organization)
tag
Tag of the image (e.g., ghcr.io/organization/repository:v0.1.1 where v0.1.1 is the tag/qualifier).
digest
Digest/Hash of the generated artifact (e.g., sha256.).
type
Type of the generated artifact (optional). If CD is Harness, set type as "container" for correlation.
artifact_created_at
Creation time of the artifact in ISO format (optional, e.g., "2023-01-01T12:00:00.000+00:00").
name
The environment variable name
type
The type of the environment variable (string/integer)
value
The associated value for the environment variable