Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@actions/core
Advanced tools
The @actions/core package provides a set of core functions for GitHub Actions users to help manage inputs, outputs, and other features within their GitHub Actions workflows. It simplifies the process of coding actions by offering utility functions for common tasks.
Getting action inputs
This feature allows you to easily retrieve inputs defined in your action's YAML file. The example code demonstrates how to get an input with the name 'inputName', marking it as required.
const input = core.getInput('inputName', { required: true });
Setting action outputs
Enables you to set outputs for your action, which can be used by other steps in your workflow. The code sample shows how to set an output with a key of 'outputKey' and a value of 'outputValue'.
core.setOutput('outputKey', 'outputValue');
Logging
Provides various logging functions to help debug or provide information during the execution of your action. The code demonstrates how to log an information message, a warning message, and an error message.
core.info('Information message');
core.warning('Warning message');
core.error('Error message');
Setting environment variables
Allows you to set environment variables that will be available to subsequent steps in your workflow. The example code sets an environment variable named 'VAR_NAME' with a value of 'value'.
core.exportVariable('VAR_NAME', 'value');
Setting a secret
This function registers a value as a secret, which masks the value from logs. The code sample demonstrates how to mask 'secretValue' from GitHub Actions logs.
core.setSecret('secretValue');
While @actions/core provides general utilities for GitHub Actions, @actions/github offers GitHub-specific functionalities, such as interacting with GitHub API directly from your actions. It complements @actions/core by providing a higher level of GitHub integration.
This package is designed to execute system commands within GitHub Actions. It's similar to @actions/core in that it provides utility functions for actions, but focuses on command execution, allowing you to run shell commands, capture output, and handle errors.
Offers utilities for file system operations, such as moving, copying, and deleting files or directories within GitHub Actions. It's a complementary package to @actions/core, focusing on file and directory manipulation tasks.
@actions/core
Core functions for setting results, logging, registering secrets and exporting variables across actions
// javascript
const core = require('@actions/core');
// typescript
import * as core from '@actions/core';
Action inputs can be read with getInput
. Outputs can be set with setOutput
which makes them available to be mapped into inputs of other actions to ensure they are decoupled.
const myInput = core.getInput('inputName', { required: true });
core.setOutput('outputKey', 'outputVal');
Since each step runs in a separate process, you can use exportVariable
to add it to this step and future steps environment blocks.
core.exportVariable('envVar', 'Val');
Setting a secret registers the secret with the runner to ensure it is masked in logs.
core.setSecret('myPassword');
To make a tool's path available in the path for the remainder of the job (without altering the machine or containers state), use addPath
. The runner will prepend the path given to the jobs PATH.
core.addPath('/path/to/mytool');
You should use this library to set the failing exit code for your action. If status is not set and the script runs to completion, that will lead to a success.
const core = require('@actions/core');
try {
// Do stuff
}
catch (err) {
// setFailed logs the message and sets a failing exit code
core.setFailed(`Action failed with error ${err}`);
}
Note that setNeutral
is not yet implemented in actions V2 but equivalent functionality is being planned.
Finally, this library provides some utilities for logging. Note that debug logging is hidden from the logs by default. This behavior can be toggled by enabling the Step Debug Logs.
const core = require('@actions/core');
const myInput = core.getInput('input');
try {
core.debug('Inside try block');
if (!myInput) {
core.warning('myInput was not set');
}
if (core.isDebug()) {
// curl -v https://github.com
} else {
// curl https://github.com
}
// Do stuff
core.info('Output to the actions build log')
}
catch (err) {
core.error(`Error ${err}, action may still succeed though`);
}
This library can also wrap chunks of output in foldable groups.
const core = require('@actions/core')
// Manually wrap output
core.startGroup('Do some function')
doSomeFunction()
core.endGroup()
// Wrap an asynchronous function call
const result = await core.group('Do something async', async () => {
const response = await doSomeHTTPRequest()
return response
})
Colored output is supported in the Action logs via standard ANSI escape codes. 3/4 bit, 8 bit and 24 bit colors are all supported.
Foreground colors:
// 3/4 bit
core.info('\u001b[35mThis foreground will be magenta')
// 8 bit
core.info('\u001b[38;5;6mThis foreground will be cyan')
// 24 bit
core.info('\u001b[38;2;255;0;0mThis foreground will be bright red')
Background colors:
// 3/4 bit
core.info('\u001b[43mThis background will be yellow');
// 8 bit
core.info('\u001b[48;5;6mThis background will be cyan')
// 24 bit
core.info('\u001b[48;2;255;0;0mThis background will be bright red')
Special styles:
core.info('\u001b[1mBold text')
core.info('\u001b[3mItalic text')
core.info('\u001b[4mUnderlined text')
ANSI escape codes can be combined with one another:
core.info('\u001b[31;46mRed foreground with a cyan background and \u001b[1mbold text at the end');
Note: Escape codes reset at the start of each line
core.info('\u001b[35mThis foreground will be magenta')
core.info('This foreground will reset to the default')
Manually typing escape codes can be a little difficult, but you can use third party modules such as ansi-styles.
const style = require('ansi-styles');
core.info(style.color.ansi16m.hex('#abcdef') + 'Hello world!')
You can use this library to save state and get state for sharing information between a given wrapper action:
action.yml
name: 'Wrapper action sample'
inputs:
name:
default: 'GitHub'
runs:
using: 'node12'
main: 'main.js'
post: 'cleanup.js'
In action's main.js
:
const core = require('@actions/core');
core.saveState("pidToKill", 12345);
In action's cleanup.js
:
const core = require('@actions/core');
var pid = core.getState("pidToKill");
process.kill(pid);
FAQs
Actions core lib
We found that @actions/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.