Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub ActionsでDevSecOpsごっこ
Search
Akira Moroo
June 13, 2022
Programming
0
47
GitHub ActionsでDevSecOpsごっこ
Akira Moroo
June 13, 2022
Tweet
Share
More Decks by Akira Moroo
See All by Akira Moroo
Exploring x86 MSR Space
retrage
0
1.3k
LLMでバイナリ解析支援
retrage
0
180
Practical Rust (Hypervisor) Firmware
retrage
3
1.7k
Bypassing UEFI Secure Boot with Thin-Hypervisor
retrage
0
1.1k
Porting Linux to Nabla Containers
retrage
0
1.2k
Network Boot from Bell Labs
retrage
2
1.6k
Unikernelで始める自作OS/OS Development with Unikernel
retrage
1
580
LLVM Backend Development for EFI Byte Code
retrage
2
970
EFI Byte Code Virtual Machine for Fun and Profit
retrage
2
2.1k
Other Decks in Programming
See All in Programming
高度なUI/UXこそHotwireで作ろう Kaigi on Rails 2025
naofumi
4
3.5k
私はどうやって技術力を上げたのか
yusukebe
43
17k
育てるアーキテクチャ:戦い抜くPythonマイクロサービスの設計と進化戦略
fujidomoe
1
150
Serena MCPのすすめ
wadakatu
4
900
After go func(): Goroutines Through a Beginner’s Eye
97vaibhav
0
240
大規模アプリのDIフレームワーク刷新戦略 ~過去最大規模の並行開発を止めずにアプリ全体に導入するまで~
mot_techtalk
0
390
CSC509 Lecture 03
javiergs
PRO
0
330
そのpreloadは必要?見過ごされたpreloadが技術的負債として爆発した日
mugitti9
2
3k
ソフトウェア設計の実践的な考え方
masuda220
PRO
3
490
ネイティブ製ガントチャートUIを作って学ぶUICollectionViewLayoutの威力
jrsaruo
0
130
Introducing ReActionView: A new ActionView-Compatible ERB Engine @ Kaigi on Rails 2025, Tokyo, Japan
marcoroth
3
930
Back to the Future: Let me tell you about the ACP protocol
terhechte
0
130
Featured
See All Featured
Thoughts on Productivity
jonyablonski
70
4.9k
Optimizing for Happiness
mojombo
379
70k
The Power of CSS Pseudo Elements
geoffreycrofte
79
6k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
890
Being A Developer After 40
akosma
91
590k
Into the Great Unknown - MozCon
thekraken
40
2.1k
The Cult of Friendly URLs
andyhume
79
6.6k
Automating Front-end Workflow
addyosmani
1371
200k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
A better future with KSS
kneath
239
17k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Transcript
GitHub ActionsͰ DevSecOpsͬ͜͝ June 13, 2022 ୈ5ճLTձ Akira Moroo (@retrage)
GitHub Actions (GHA) • GitHubʹ౷߹͞Ε͍ͯΔ • ઃఆϑΝΠϧΛஔ͢Δ͚ͩ • ߏԽ͞Ε͍ͯΔ •
࠷খ୯Ґ: step • ίϚϯυ࣮ߦ or action࣮ߦ • actionࣗ࡞Մೳ CI/CDαʔϏεͷ1ͭ Job Work f low Step
actionͷ࡞Γํ • GitHubϦϙδτϦԼʹ action.yamlΛஔ • action.yaml: actionΛఆٛ • ೖྗ (▪)
• ग़ྗ (▪) • ࣮ߦޙͷstepͰࢀরՄೳ • ࣮ߦํ๏ (▪) Yamlϙϯஔ͖Ͱ؆୯
actionͷछྨ ࣮ߦํ๏ʹΑͬͯ3छྨʹ͚ΒΕΔ • JavaScript action: JavaScriptͷΈͰهड़ • Docker container action:
ίϯςφΛ࣮ߦ • Composite action: ࠶ར༻ՄೳͳGHA work f low (stepͷू·Γ) • Docker container action͕Ұ൪ࣗ༝͕ߴ͍: • 👉 ڥΛด͡ࠐΊͯ͋͛Ε͓खܰʹDevSecOpsͬ͜͝Ͱ͖ͦ͏
Actionࣗ࡞ͯ͠Έͨ • ࣗ࡞UEFI SMM੩తղੳGhidraϓ ϥάΠϯΛར༻ • non-GUI GhidraΛ࣮ߦ • ೖྗ
(▪): ղੳରͷόΠφϦ • ग़ྗ (▪): ղੳ݁Ռ • ࣮ߦํ๏ (▪): Docker container
Actionࣗ࡞ͯ͠Έͨ • ೖྗ (▪) όΠφϦ͚ͩ • ϓϩϓϥͰOK • ग़ྗ (▪)
JUnit XML format • ղੳ݁Ռͷ࠶ར༻ੑ্ • ӈͷྫͰղੳ݁ՌΛطଘ ͷactionʹ͍ͯ͠Δ (▪) ϙΠϯτ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ ղੳ݁ՌͷJUnit XML formatग़ྗ ݕग़ͨ݁͠ՌΛΤϥʔͱͯ͠ใࠂ
Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ JUnit XML formatͰग़ྗ͢Δ͜ͱͰۤ࿑ͤͣʹղੳ݁ՌΛCIʹΈࠐΊͨ
Actionࣗ࡞ͯ͠Έͨ: վળ • ݡ͘ղੳ݁ՌΛग़ྗ͍ͨ͠ • ࠓճղੳϩάΛPythonͰύʔεͯ͠ແཧΓJUnit XML formatʹม • ϓϥάΠϯ͕JSON/XMLΛग़ྗ͢Δ͖
• ·ͱͳόΠφϦͷղੳ݁Ռදࣔػೳ͕΄͍͠ • JUnit XML formatGHAίʔυͷߦͱྻϨϕϧͷΞϊςʔγϣϯͷΈ • ؤுͬͯΤϥʔʹٯΞηϯϒϧ݁ՌΛදࣔ͢Δ͔͠ͳ͍
·ͱΊ • GitHub ActionsGitHubʹ౷߹͞ΕͨCI/CDαʔϏε • GHAͷaction؆୯ʹࣗ࡞Մೳ • Action3छྨ͋Δ͕ɺDocker container action͕Ұ൪ࣗ༝͕ߴ͍
• ࣗ࡞UEFI SMM੩తղੳGhidraϓϥάΠϯͷactionΛ࡞ͬͯΈͨ • JUnit XML formatͰग़ྗ͢Δ͜ͱͰղੳ݁Ռͷ࠶ར༻ੑ͕ߴ͘ͳͬͨ • ݱঢ়ͰόΠφϦͷղੳ݁Ռද͕ࣔඞཁ