'GitHub Actions' action YAML
The following is the YAML definition of the GitHub Actions action.
This action definition exists as a section within a broader workflow definition file. For more information about this file, see Workflow YAML definition.
Choose a YAML property in the following code to see a description if it.
Note
Most of the YAML properties that follow have corresponding UI elements in the visual editor. To look up a UI element, use Ctrl+F. The element will be listed with its associated YAML property.
# The workflow definition starts here.
# See Top-level properties for details.
Name: MyWorkflow
SchemaVersion: 1.0
Actions:
# The action definition starts here.
action-name
:
Identifier: aws/github-actions-runner@v1
DependsOn:
- dependent-action-name-1
Compute:
Fleet: fleet-name
Timeout: timeout-minutes
Environment:
Name: environment-name
Connections:
- Name: account-connection-name
Role: iam-role-name
Inputs:
Sources:
- source-name-1
- source-name-2
Artifacts:
- artifact-name
Variables:
- Name: variable-name-1
Value: variable-value-1
- Name: variable-name-2
Value: variable-value-2
Outputs:
Artifacts:
- Name: output-artifact-1
Files:
- github-output/artifact-1.jar
- "github-output/build*"
- Name: output-artifact-2
Files:
- github-output/artifact-2.1.jar
- github-output/artifact-2.2.jar
Variables:
- variable-name-1
- variable-name-2
AutoDiscoverReports:
Enabled: true | false
ReportNamePrefix: AutoDiscovered
IncludePaths:
- "**/*"
ExcludePaths:
- node_modules/cdk/junit.xml
SuccessCriteria:
PassRate: percent
LineCoverage: percent
BranchCoverage: percent
Vulnerabilities:
Severity: CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL
Number: whole-number
Reports:
report-name-1:
Format: format
IncludePaths:
- "*.xml"
ExcludePaths:
- report2.xml
- report3.xml
SuccessCriteria:
PassRate: percent
LineCoverage: percent
BranchCoverage: percent
Vulnerabilities:
Severity: CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL
Number: whole-number
Configuration
Steps:
- github-actions-code
action-name
(Required)
Specify the name of the action. All action names must be unique within the workflow. Action names are limited to alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_). Spaces are not allowed. You cannot use quotation marks to enable special characters and spaces in action names.
Corresponding UI: Configuration tab/action-name
Identifier
(action-name
/Identifier)
Identifies the action. Do not change this property unless you want to change the version. For more information, see Specifying the action version to use.
Use aws/github-actions-runner@v1
for GitHub
Actions actions.
Corresponding UI: Workflow
diagram/action-name
/aws/github-actions-runner@v1
label
DependsOn
(action-name
/DependsOn)
(Optional)
Specify an action, action group, or gate that must run successfully in order for this action to run.
For more information about the 'depends on' functionality, see Sequencing actions.
Corresponding UI: Inputs tab/Depends on - optional
Compute
(action-name
/Compute)
(Optional)
The computing engine used to run your workflow actions. You can specify compute either at the workflow level or at the action level, but not both. When specified at the workflow level, the compute configuration applies to all actions defined in the workflow. At the workflow level, you can also run multiple actions on the same instance. For more information, see Sharing compute across actions.
Corresponding UI: none
Fleet
(action-name
/Compute/Fleet)
(Optional)
Specify the machine or fleet that will run your workflow or workflow actions. With on-demand fleets, when an action starts, the workflow provisions the resources it needs, and the machines are destroyed when the action finishes. Examples of on-demand fleets: Linux.x86-64.Large
, Linux.x86-64.XLarge
. For more information about on-demand fleets, see On-demand fleet properties.
With provisioned fleets, you configure a set of dedicated machines to run your workflow actions. These machines remain idle, ready to process actions immediately. For more information about provisioned fleets, see Provisioned fleet properties.
If Fleet
is omitted, the default is Linux.x86-64.Large
.
Corresponding UI: Configuration tab/Compute fleet - optional
Timeout
(action-name
/Timeout)
(Optional)
Specify the amount of time in minutes (YAML editor), or hours and minutes (visual editor), that the action can run before CodeCatalyst ends the action. The minimum is 5 minutes and the maximum is described in Quotas for workflows in CodeCatalyst. The default timeout is the same as the maximum timeout.
Corresponding UI: Configuration tab/Timeout - optional
Environment
(action-name
/Environment)
(Optional)
Specify the CodeCatalyst environment to use with the action. The action connects to the AWS account and optional Amazon VPC specified in the chosen environment. The action uses the default IAM role specified in the environment to connect to the AWS account, and uses the IAM role specified in the Amazon VPC connection to connect to the Amazon VPC.
Note
If the default IAM role does not have the permissions required by the action, you can configure the action to use a different role. For more information, see Changing the IAM role of an action.
For more information about environments, see Deploying into AWS accounts and VPCs and Creating an environment.
Corresponding UI: Configuration tab/Environment
Name
(action-name
/Environment/Name)
(Required if Environment is included)
Specify the name of an existing environment that you want to associate with the action.
Corresponding UI: Configuration tab/Environment
Connections
(action-name
/Environment/Connections)
(Optional)
Specify the account connection to associate with the action. You can specify a maximum of
one account connection under Environment
.
If you do not specify an account connection:
-
The action uses the AWS account connection and default IAM role specified in the environment in the CodeCatalyst console. For information about adding an account connection and default IAM role to environment, see Creating an environment.
-
The default IAM role must include the policies and permissions required by the action. To determine what those policies and permissions are, see the description of the Role property in the action's YAML definition documentation.
For more information about account connections, see Allowing access to AWS resources with connected AWS accounts. For information about adding an account connection to an environment, see Creating an environment.
Corresponding UI: Configuration tab/Environment/What's in
my-environment
?/three dot menu/Switch role
Name
(action-name
/Environment/Connections/Name)
(Required if Connections is included)
Specify the name of the account connection.
Corresponding UI: Configuration tab/Environment/What's in
my-environment
?/three dot menu/Switch role
Role
(action-name
/Environment/Connections/Role)
(Required if Connections is included)
Specify the name of the IAM role that this action uses in order to access and operate in AWS services such as Amazon S3 and Amazon ECR. Make sure this role is added to your AWS account connection in your space. To add an IAM role to an account connection, see Adding IAM roles to account connections.
If you do not specify an IAM role, then the action uses the default IAM role listed in the environment in the CodeCatalyst console. If you use the default role in the environment, make sure it has the following policies.
Note
You can use the CodeCatalystWorkflowDevelopmentRole-
role with this action.
For more information about this role, see Creating the CodeCatalystWorkflowDevelopmentRole-spaceName role for your account
and space. Understand that the spaceName
CodeCatalystWorkflowDevelopmentRole-
role has
full access permissions which may pose a security risk. We recommend that you only use this
role in tutorials and scenarios where security is less of a concern. spaceName
Warning
Limit the permissions to those required by the GitHub Action action. Using a role with broader permissions might pose a security risk.
Corresponding UI: Configuration tab/Environment/What's in
my-environment
?/three dot menu/Switch role
Inputs
(action-name
/Inputs)
(Optional)
The Inputs
section defines the data that an action needs during a
workflow run.
Note
A maximum of four inputs (one source and three artifacts) are allowed per GitHub Actions action. Variables do not count towards this total.
If you need to refer to files residing in different inputs (say a source and an artifact), the source input is the primary input, and the artifact is the secondary input. References to files in secondary inputs take a special prefix to distiguish them from the primary. For details, see Example: Referencing files in multiple artifacts.
Corresponding UI: Inputs tab
Sources
(action-name
/Inputs/Sources)
(Optional)
Specify the labels that represent the source repositories that will be needed by the action.
Currently, the only supported label is WorkflowSource
, which represents the source
repository where your workflow definition file is stored.
If you omit a source, then you must specify at least one input artifact under
.action-name
/Inputs/Artifacts
For more information about sources, see Connecting source repositories to workflows.
Corresponding UI: Inputs tab/Sources - optional
Artifacts - input
(action-name
/Inputs/Artifacts)
(Optional)
Specify artifacts from previous actions that you want to provide as input to this action. These artifacts must already be defined as output artifacts in previous actions.
If you do not specify any input artifacts, then you must specify at least one source
repository under
.action-name
/Inputs/Sources
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Note
If the Artifacts - optional drop-down list is unavailable (visual editor), or if you get errors in when you validate your YAML (YAML editor), it might be because the action only supports one input. In this case, try removing the source input.
Corresponding UI: Inputs tab/Artifacts - optional
Variables - input
(action-name
/Inputs/Variables)
(Optional)
Specify a sequence of name/value pairs that define the input variables that you want to make available to the action. Variable names are limited to alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_). Spaces are not allowed. You cannot use quotation marks to enable special characters and spaces in variable names.
For more information about variables, including examples, see Using variables in workflows.
Corresponding UI: Inputs tab/Variables - optional
Outputs
(action-name
/Outputs)
(Optional)
Defines the data that is output by the action during a workflow run.
Corresponding UI: Outputs tab
Artifacts - output
(action-name
/Outputs/Artifacts)
(Optional)
Specify the name of an artifact generated by the action. Artifact names must be unique within a workflow, and are limited to alphanumeric characters (a-z, A-Z, 0-9) and underscores (_). Spaces, hyphens (-), and other special characters are not allowed. You cannot use quotation marks to enable spaces, hyphens, and other special characters in output artifact names.
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Corresponding UI: Outputs tab/Artifacts
Name
(action-name
/Outputs/Artifacts/Name)
(Required if Artifacts - output is included)
Specify the name of an artifact generated by the action. Artifact names must be unique within a workflow, and are limited to alphanumeric characters (a-z, A-Z, 0-9) and underscores (_). Spaces, hyphens (-), and other special characters are not allowed. You cannot use quotation marks to enable spaces, hyphens, and other special characters in output artifact names.
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Corresponding UI: Outputs tab/Artifacts/Add artifact/Build artifact name
Files
(action-name
/Outputs/Artifacts/Files)
(Required if Artifacts - output is included)
Specify the files that CodeCatalyst includes in the artifact that is output by the action. These files are generated by the workflow action when it runs, and are also available in your source repository. File paths can reside in a source repository or an artifact from a previous action, and are relative to the source repository or artifact root. You can use glob patterns to specify paths. Examples:
-
To specify a single file that is in the root of your build location or source repository location, use
my-file.jar
. -
To specify a single file in a subdirectory, use
directory/my-file.jar
ordirectory/subdirectory/my-file.jar
. -
To specify all files, use
"**/*"
. The**
glob pattern indicates to match any number of subdirectories. -
To specify all files and directories in a directory named
directory
, use"directory/**/*"
. The**
glob pattern indicates to match any number of subdirectories. -
To specify all files in a directory named
directory
, but not any of its subdirectories, use"directory/*"
.
Note
If your file path includes one or more asterisks (*
) or other special
character, enclose the path with double quotation marks (""
). For more
information about special characters, see Syntax guidelines and conventions.
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Note
You may need to add a prefix to the file path to indicate which artifact or source to find it in. For more information, see Referencing source repository files and Referencing files in an artifact.
Corresponding UI: Outputs tab/Artifacts/Add artifact/Files produced by build
Variables - output
(action-name
/Outputs/Variables)
(Optional)
Specify the variables that you want the action to export so that they are available for use by subsequent actions.
For more information about variables, including examples, see Using variables in workflows.
Corresponding UI: Outputs tab/Variables/Add variable
variable-name-1
(action-name
/Outputs/Variablesvariable-name-1)
(Optional)
Specify the name of a variable that you want the action to export. This variable must already be
defined in the Inputs
or Steps
section of the same action.
For more information about variables, including examples, see Using variables in workflows.
Corresponding UI: Outputs tab/Variables/Add variable/Name
AutoDiscoverReports
(action-name
/Outputs/AutoDiscoverReports)
(Optional)
Defines the configuration for the auto-discovery feature.
When you enable auto-discovery, CodeCatalyst searches all Inputs
passed into the action
as well as all files generated by the action itself, looking for test, code coverage, and software
composition analysis (SCA) reports. For each report that is found, CodeCatalyst transforms it into a
CodeCatalyst report. A CodeCatalyst report is a report that is fully integrated into the
CodeCatalyst service and can be viewed and manipulated through the CodeCatalyst console.
Note
By default, the auto-discover feature inspects all files. You can limit which files are inspected using the IncludePaths or ExcludePaths properties.
Corresponding UI: none
Enabled
(action-name
/Outputs/AutoDiscoverReports/Enabled)
(Optional)
Enable or disable the auto-discovery feature.
Valid values are true
or false
.
If Enabled
is omitted, the default is true
.
Corresponding UI: Outputs tab/Reports/Automatically discover reports
ReportNamePrefix
(action-name
/Outputs/AutoDiscoverReports/ReportNamePrefix)
(Required if AutoDiscoverReports is included and enabled)
Specify a prefix that CodeCatalyst prepends to all the reports it finds in order to name
their associated CodeCatalyst reports. For example, if you specify a prefix of AutoDiscovered
, and CodeCatalyst
auto-discovers two test reports, TestSuiteOne.xml
and
TestSuiteTwo.xml
, then the associated CodeCatalyst reports will be
named AutoDiscoveredTestSuiteOne
and
AutoDiscoveredTestSuiteTwo
.
Corresponding UI: Outputs tab/Reports/Automatically discover reports/Report prefix
IncludePaths
(action-name
/Outputs/AutoDiscoverReports/IncludePaths)
Or
(action-name
/Outputs/Reports/report-name-1
/IncludePaths)
(Required if AutoDiscoverReports is included and enabled, or if Reports is included)
Specify the files and file paths that CodeCatalyst includes when searching for raw reports. For
example, if you specify "/test/report/*"
, CodeCatalyst searches the entire build image used by the action looking for the
/test/report/*
directory. When it finds that directory, CodeCatalyst then looks
for reports in that directory.
Note
If your file path includes one or more asterisks (*
) or other special
characters, enclose the path with double quotation marks (""
). For more
information about special characters, see Syntax guidelines and conventions.
If this property is omitted, the default is "**/*"
, meaning the search
includes all files at all paths.
Note
For manually configured reports, IncludePaths
must be a glob pattern
that matches a single file.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/'Include/exclude paths'/Include paths
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/'Include/exclude paths'/Include paths
ExcludePaths
(action-name
/Outputs/AutoDiscoverReports/ExcludePaths)
Or
(action-name
/Outputs/Reports/report-name-1
/ExcludePaths)
(Optional)
Specify the files and file paths that CodeCatalyst excludes when searching for raw reports. For
example, if you specify "/test/my-reports/**/*"
, CodeCatalyst will not search for
files in the /test/my-reports/
directory. To ignore all files in a
directory, use the **/*
glob pattern.
Note
If your file path includes one or more asterisks (*
) or other special
characters, enclose the path with double quotation marks (""
). For more
information about special characters, see Syntax guidelines and conventions.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/'Include/exclude paths'/Exclude paths
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/'Include/exclude paths'/Exclude paths
SuccessCriteria
(action-name
/Outputs/AutoDiscoverReports/SuccessCriteria)
Or
(action-name
/Outputs/Reports/report-name-1
/SuccessCriteria)
(Optional)
Specify the success criteria for the test, code coverage, software composition analysis (SCA), and static analysis (SA) reports.
For more information, see Configuring success criteria for reports.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/Success criteria
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/Success criteria
PassRate
(action-name
/Outputs/AutoDiscoverReports/SuccessCriteria/PassRate)
Or
(action-name
/Outputs/Reports/report-name-1
/SuccessCriteria/PassRate)
(Optional)
Specify the percentage of tests in a test report that must pass for the associated CodeCatalyst
report to be marked as passed. Valid values include decimal numbers. For example: 50
,
60.5
. The pass rate criteria are applied only to test reports. For more information about test reports, see Test reports.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/Success criteria/Pass rate
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/Success criteria/Pass rate
LineCoverage
(action-name
/Outputs/AutoDiscoverReports/SuccessCriteria/LineCoverage)
Or
(action-name
/Outputs/Reports/report-name-1
/SuccessCriteria/LineCoverage)
(Optional)
Specify the percentage of lines in a code coverage report that must be covered for the
associated CodeCatalyst report to be marked as passed. Valid values include decimal numbers. For
example: 50
, 60.5
. Line coverage criteria are applied only to code
coverage reports. For more information about code coverage reports, see Code coverage reports.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/Success criteria/Line coverage
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/Success criteria/Line coverage
BranchCoverage
(action-name
/Outputs/AutoDiscoverReports/SuccessCriteria/BranchCoverage)
Or
(action-name
/Outputs/Reports/report-name-1
/SuccessCriteria/BranchCoverage)
(Optional)
Specify the percentage of branches in a code coverage report that must be covered for the
associated CodeCatalyst report to be marked as passed. Valid values include decimal numbers. For
example: 50
, 60.5
. Branch coverage criteria are applied only to code
coverage reports. For more information about code coverage reports, see Code coverage reports.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/Success criteria/Branch coverage
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/Success criteria/Branch coverage
Vulnerabilities
(action-name
/Outputs/AutoDiscoverReports/SuccessCriteria/Vulnerabilities)
Or
(action-name
/Outputs/Reports/report-name-1
/SuccessCriteria/Vulnerabilities)
(Optional)
Specify the maximum number and severity of vulnerabilities permitted in the SCA report for the associated CodeCatalyst report to be marked as passed. To specify vulnerabilities, you must specify:
-
The minimum severity of the vulnerabilities you want to include in the count. Valid values, from most to least severe, are:
CRITICAL
,HIGH
,MEDIUM
,LOW
,INFORMATIONAL
.For example, if you choose
HIGH
, thenHIGH
andCRITICAL
vulnerabilities will be tallied. -
The maximum number of vulnerabilities of the specified severity you want permit. Exceeding this number causes the CodeCatalyst report to be marked as failed. Valid values are whole numbers.
Vulnerabilities criteria are applied only to SCA reports. For more information about SCA reports, see Software composition analysis reports.
To specify the minimum severity, use the Severity
property. To specify
the maximum number of vulnerabilities, use the Number
property.
For more information about SCA reports, see Quality report types.
Corresponding UI:
-
Outputs tab/Reports/Automatically discover reports/Success criteria/Vulnerabilities
-
Outputs tab/Reports/Manually configure reports/
report-name-1
/Success criteria/Vulnerabilities
Reports
(action-name
/Outputs/Reports )
(Optional)
A section that specifies the configuration for test reports.
Corresponding UI: Outputs tab/Reports
report-name-1
(action-name
/Outputs/Reports/report-name-1 )
(Required if Reports is included)
The name you want to give to the CodeCatalyst report that will be generated from your raw reports.
Corresponding UI: Outputs tab/Reports/Manually configure reports/Report name
Format
(action-name
/Outputs/Reports/report-name-1
/Format)
(Required if Reports is included)
Specify the file format that you're using for your reports. Possible values are as follows.
-
For test reports:
-
For Cucumber JSON, specify Cucumber (visual editor) or
CUCUMBERJSON
(YAML editor). -
For JUnit XML, specify JUnit (visual editor) or
JUNITXML
(YAML editor). -
For NUnit XML, specify NUnit (visual editor) or
NUNITXML
(YAML editor). -
For NUnit 3 XML, specify NUnit3 (visual editor) or
NUNIT3XML
(YAML editor). -
For Visual Studio TRX, specify Visual Studio TRX (visual editor) or
VISUALSTUDIOTRX
(YAML editor). -
For TestNG XML, specify TestNG (visual editor) or
TESTNGXML
(YAML editor).
-
-
For code coverage reports:
-
For Clover XML, specify Clover (visual editor) or
CLOVERXML
(YAML editor). -
For Cobertura XML, specify Cobertura (visual editor) or
COBERTURAXML
(YAML editor). -
For JaCoCo XML, specify JaCoCo (visual editor) or
JACOCOXML
(YAML editor). -
For SimpleCov JSON generated by simplecov
, not simplecov-json , specify Simplecov (visual editor) or SIMPLECOV
(YAML editor).
-
-
For software composition analysis (SCA) reports:
-
For SARIF, specify SARIF (visual editor) or
SARIFSCA
(YAML editor).
-
Corresponding UI: Outputs tab/Reports/Manually configure reports/Add report/report-name-1
/Report type
and Report format
Configuration
(action-name
/Configuration)
(Required) A section where you can define the configuration properties of the action.
Corresponding UI: Configuration tab
Steps
(action-name
/Configuration/Steps)
(Required)
Specify your GitHub Action code as it appears on the action's details page in GitHub Marketplace
-
Paste the code from the GitHub Action’s
steps:
section into theSteps:
section of the CodeCatalyst workflow. The code starts with a dash (-) and looks similar to the following.GitHub code to paste:
- name: Lint Code Base uses: github/super-linter@v4 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: master GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
Review the code you just pasted and modify it as necessary so that it conforms to CodeCatalyst standards. For example, with the preceding code block, you might remove the code in
red italics
, and add the code in bold.CodeCatalyst workflow yaml:
Steps: - name: Lint Code Base uses: github/super-linter@v4 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH:
master
mainGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
For additional code that’s included with the GitHub Action but does not exist inside the
steps:
section, add it to the CodeCatalyst workflow using CodeCatalyst-equivalent code. You can review the Workflow YAML definition to gain insight into how you might port your GitHub code to CodeCatalyst. Detailed migration steps are outside the scope of this guide.
Here is an example of how to specify file paths in a GitHub Actions action:
Steps:
- name: Lint Code Base
uses: github/super-linter@v4
...
- run: cd /sources/WorkflowSource/MyFolder/ && cat file.txt
- run: cd /artifacts/MyGitHubAction/MyArtifact/MyFolder/ && cat file2.txt
For more information about specifying file paths, see Referencing source repository files and Referencing files in an artifact.
Corresponding UI: Configuration tab/GitHub Actions YAML