Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub ActionsでDevSecOpsごっこ
Search
Akira Moroo
June 13, 2022
Programming
0
43
GitHub ActionsでDevSecOpsごっこ
Akira Moroo
June 13, 2022
Tweet
Share
More Decks by Akira Moroo
See All by Akira Moroo
Exploring x86 MSR Space
retrage
0
1.2k
LLMでバイナリ解析支援
retrage
0
170
Practical Rust (Hypervisor) Firmware
retrage
3
1.6k
Bypassing UEFI Secure Boot with Thin-Hypervisor
retrage
0
1.1k
Porting Linux to Nabla Containers
retrage
0
1.2k
Network Boot from Bell Labs
retrage
2
1.6k
Unikernelで始める自作OS/OS Development with Unikernel
retrage
1
550
LLVM Backend Development for EFI Byte Code
retrage
2
930
EFI Byte Code Virtual Machine for Fun and Profit
retrage
2
2k
Other Decks in Programming
See All in Programming
関数型まつり2025登壇資料「関数プログラミングと再帰」
taisontsukada
2
830
deno-redisの紹介とJSRパッケージの運用について (toranoana.deno #21)
uki00a
0
120
生成AIで日々のエラー調査を進めたい
yuyaabo
0
610
Passkeys for Java Developers
ynojima
3
870
AIネイティブなプロダクトをGolangで挑む取り組み
nmatsumoto4
0
120
機械学習って何? 5分で解説頑張ってみる
kuroneko2828
0
220
Gleamという選択肢
comamoca
6
740
ReadMoreTextView
fornewid
1
450
無関心の谷
kanayannet
0
180
Claude Codeの使い方
ttnyt8701
1
130
從零到一:搭建你的第一個 Observability 平台
blueswen
1
960
複数アプリケーションを育てていくための共通化戦略
irof
10
4k
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Making Projects Easy
brettharned
116
6.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
43
2.4k
BBQ
matthewcrist
89
9.7k
Automating Front-end Workflow
addyosmani
1370
200k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Facilitating Awesome Meetings
lara
54
6.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.5k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
228
22k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3k
Transcript
GitHub ActionsͰ DevSecOpsͬ͜͝ June 13, 2022 ୈ5ճLTձ Akira Moroo (@retrage)
GitHub Actions (GHA) • GitHubʹ౷߹͞Ε͍ͯΔ • ઃఆϑΝΠϧΛஔ͢Δ͚ͩ • ߏԽ͞Ε͍ͯΔ •
࠷খ୯Ґ: step • ίϚϯυ࣮ߦ or action࣮ߦ • actionࣗ࡞Մೳ CI/CDαʔϏεͷ1ͭ Job Work f low Step
actionͷ࡞Γํ • GitHubϦϙδτϦԼʹ action.yamlΛஔ • action.yaml: actionΛఆٛ • ೖྗ (▪)
• ग़ྗ (▪) • ࣮ߦޙͷstepͰࢀরՄೳ • ࣮ߦํ๏ (▪) Yamlϙϯஔ͖Ͱ؆୯
actionͷछྨ ࣮ߦํ๏ʹΑͬͯ3छྨʹ͚ΒΕΔ • JavaScript action: JavaScriptͷΈͰهड़ • Docker container action:
ίϯςφΛ࣮ߦ • Composite action: ࠶ར༻ՄೳͳGHA work f low (stepͷू·Γ) • Docker container action͕Ұ൪ࣗ༝͕ߴ͍: • 👉 ڥΛด͡ࠐΊͯ͋͛Ε͓खܰʹDevSecOpsͬ͜͝Ͱ͖ͦ͏
Actionࣗ࡞ͯ͠Έͨ • ࣗ࡞UEFI SMM੩తղੳGhidraϓ ϥάΠϯΛར༻ • non-GUI GhidraΛ࣮ߦ • ೖྗ
(▪): ղੳରͷόΠφϦ • ग़ྗ (▪): ղੳ݁Ռ • ࣮ߦํ๏ (▪): Docker container
Actionࣗ࡞ͯ͠Έͨ • ೖྗ (▪) όΠφϦ͚ͩ • ϓϩϓϥͰOK • ग़ྗ (▪)
JUnit XML format • ղੳ݁Ռͷ࠶ར༻ੑ্ • ӈͷྫͰղੳ݁ՌΛطଘ ͷactionʹ͍ͯ͠Δ (▪) ϙΠϯτ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ ղੳ݁ՌͷJUnit XML formatग़ྗ ݕग़ͨ݁͠ՌΛΤϥʔͱͯ͠ใࠂ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ JUnit XML formatͰग़ྗ͢Δ͜ͱͰۤ࿑ͤͣʹղੳ݁ՌΛCIʹΈࠐΊͨ
Actionࣗ࡞ͯ͠Έͨ: վળ • ݡ͘ղੳ݁ՌΛग़ྗ͍ͨ͠ • ࠓճղੳϩάΛPythonͰύʔεͯ͠ແཧΓJUnit XML formatʹม • ϓϥάΠϯ͕JSON/XMLΛग़ྗ͢Δ͖
• ·ͱͳόΠφϦͷղੳ݁Ռදࣔػೳ͕΄͍͠ • JUnit XML formatGHAίʔυͷߦͱྻϨϕϧͷΞϊςʔγϣϯͷΈ • ؤுͬͯΤϥʔʹٯΞηϯϒϧ݁ՌΛදࣔ͢Δ͔͠ͳ͍
·ͱΊ • GitHub ActionsGitHubʹ౷߹͞ΕͨCI/CDαʔϏε • GHAͷaction؆୯ʹࣗ࡞Մೳ • Action3छྨ͋Δ͕ɺDocker container action͕Ұ൪ࣗ༝͕ߴ͍
• ࣗ࡞UEFI SMM੩తղੳGhidraϓϥάΠϯͷactionΛ࡞ͬͯΈͨ • JUnit XML formatͰग़ྗ͢Δ͜ͱͰղੳ݁Ռͷ࠶ར༻ੑ͕ߴ͘ͳͬͨ • ݱঢ়ͰόΠφϦͷղੳ݁Ռද͕ࣔඞཁ