GitHub Actions -(GH-200) Exam Questions

The question topic revolves around the essential files required to create a custom action for GitHub Actions. This includes understanding the necessary files and their formats, such as JavaScript files (main.js or index.js) for JavaScript actions and an action metadata file (action.yml or action.yaml) to define the action's configuration and behavior.

******************

WRONG ANSWER:

• While Python actions may use a .py script, there is no such thing as a Python action. GitHub only supports custom actions for Docker container actions, Javascript actions, or composite actions.

https://docs.github.com/en/actions/creating-actions/about-custom-actions

To effectively manage and collaborate on your organization's diverse reusable components in GitHub Actions workflows, enforce a standardized naming convention across all teams. While existing platform/language conventions offer a foundation, they lack the specificity for efficient discovery and collaboration within your unique context. Random names or abbreviations, while concise, sacrifice clarity and impede component identification and reuse.

********************
WRONG ANSWERS:

• Random names/abbreviations promote compactness but hinder understanding and the identification and reuse of components. Consistency is key.

• While using existing conventions offers a base structure, relying solely on platform/language conventions can create inconsistencies and lack clarity within your organization's specific context.

• Individual team conventions can create inconsistency, making component discovery and collaboration across teams challenging.

https://docs.github.com/en/actions/using-workflows/reusing-workflows

https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions

To access an environment variable corresponding to an input in a Docker container action, you must pass the input using the args keyword in the action metadata file. This ensures that the input is correctly passed to the Docker container environment.

********************
WRONG ANSWERS:

• The correct way to access the input's value within the action's code depends on the programming language and environment. Directly accessing the environment variable using process.env may not work in all cases, especially within a Docker container.

• Defining the input as a command-line argument is not the standard way to pass inputs to a Docker container action in GitHub Actions. The args keyword in the action metadata file should be used for this purpose.

• Environment variables corresponding to inputs are not automatically accessible within the Docker container in GitHub Actions. They must be explicitly passed using the args keyword in the action metadata file.

https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs

Caching dependencies helps reduce network utilization, runtime, and cost by avoiding the need to download dependencies for every workflow run

********************
WRONG ANSWERS:

• Caching dependencies is not related to reducing the size of the workflow YAML file

• Caching dependencies aims to optimize the performance of workflows, not eliminate the need for runners

• Caching is a performance optimization, and it does not automate the creation of workflows

https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows

Steps represent individual tasks within a job. In the context of workflow, a job is often broken down into smaller steps, each representing a specific action or task that contributes to the overall workflow. Steps can run commands, run setup tasks, or run an action in your repository.

********************
WRONG ANSWERS:

• Steps are not synonymous with workflows. They are components of workflows

• Steps do not refer to the overall execution of actions; instead, they are individual tasks within a job

• Steps are not part of the marketplace integration process; they are related to the execution of workflows

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsteps

The "Choose a workflow" page shows a selection of recommended starter workflows. Find the starter workflow that you want to use, then click Configure. To help you find the starter workflow that you want, you can search for keywords or filter by category.

https://docs.github.com/en/actions/learn-github-actions/using-starter-workflows

A composite action allows for consolidating multiple workflow steps into a single action. This simplifies workflow configuration and execution by bundling related steps together, enhancing the readability and maintainability of workflows.

********************
WRONG ANSWERS:

• This option describes the functionality of Docker container actions, not composite actions. Docker container actions are used for running workflows within isolated Docker containers.

• While GitHub Actions can interact with third-party APIs and services, this functionality is not specific to composite actions. Composite actions focus on combining multiple workflow steps into one action.

• While GitHub Actions can automate application deployment to cloud platforms, this functionality is not specific to composite actions. Composite actions are used for streamlining workflow steps, not for deployment automation.

https://docs.github.com/en/actions/creating-actions/about-custom-actions#composite-actions

The outputs key in the action's metadata syntax is used to declare the outputs produced by the action. These outputs can then be consumed by subsequent steps in the workflow.

********************
WRONG ANSWERS:

• The environment key is used to define the runtime environment for the action, not to pass data to subsequent steps.

• The runs key is used to specify the operating system and shell where the action runs, not to pass data to subsequent steps.

• The description key typically provides a short description of the action's purpose or functionality. It helps users understand the action's intended use case and functionality. However, it does not directly facilitate passing data from one step to subsequent steps in a workflow.

https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions

John can download the artifacts from the "Artifacts" section of the workflow run associated with the `build` job.

******************

WRONG ANSWERS

• While the job details of the 'build' job shows the logs and details for each of the steps run within the job, it does not show the location where artifacts are stored or accessed.

• While pull requests may trigger workflow runs, they are not the location where artifacts are stored or accessed. Artifacts are typically associated with workflow runs and can be accessed from the Artifacts tab within the Actions section of the repository.

• The Releases section is not the correct location for accessing artifacts generated from workflow runs. Releases are typically used to package and distribute specific versions of the repository's code or assets, while artifacts are automatically generated and stored by GitHub Actions.

https://docs.github.com/en/actions/managing-workflow-runs/downloading-workflow-artifacts

Avoid passing secrets between processes from the command line. Command-line processes may be visible to other users or captured by security audit events. If you must pass secrets within a command line, then enclose them within the proper quoting rules.

*******************
WRONG ANSWERS:

• Passing secrets through the command line is not recommended due to security concerns

• Command-line processes are capable of capturing security suit events, and passing secrets through the command line can expose them

• Command-line processes do not automatically redact secrets, and manual precautions are necessary

https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow