GitHub Actions are Secure

Software Development 2 Minutes

In a previous blog on GitHub Actions, I have mentioned how some people love trendy technology and want to use technology when it may not be suitable.

Today, I was reading some documentation a team had put together which justified why they use GitHub Actions.

A standard team will have their code stored on GitHub, and when new code is ready to be checked in (via a “Pull Request”), a build is triggered on AWS (Amazon Web Services) CodeBuild. If successful, then you can use the built code to deploy to a test system, and to the live server.

The reason specified by Simon why to use GitHub Actions was that it is “self-contained, so is therefore more efficient and more secure”.

I know that GitHub actions use Microsoft’s Azure platform, and I assumed that GitHub store their code on their own servers. So with GitHub Actions, Azure will take the code from the GitHub server and build it, whereas CodeBuild takes the code from the GitHub server and builds it…no difference at all.

Well, there could be a speed difference if Azure is better than AWS or vice-versa, but the claims of “self-contained”, “efficient” and “more secure” is all conjecture.

I did contact Simon and he used some interesting phrasing along the lines of “No idea if it is better or worse, the statement was meant to address the concerns at the time.”

What? He wrote it just to please his colleagues/managers even though it was pure fabrication?

“hey Simon, we need to set up a build process”

“OK, I’ll set up GitHub Actions”

“One thing we forgot to add, security is the utmost priority. We want the most secure tech available”

“Yeah, you cannot get more secure than GitHub Actions, I’ll show you it in this documentation that I wrote”.

“Oh wow, it is really secure”

Fictional dialogue exchange

I did try to research if my claims of GitHub having their own servers is true. This blog is quite old, but back in 2015, they did use their own servers.

“At GitHub we place an emphasis on stability, availability, and performance. A large component of ensuring we excel in these areas is deploying services on bare-metal hardware. This allows us to tailor hardware configurations to our specific needs, guarantee a certain performance profile, and own the availability of our systems from end to end.

Of course, operating our own data centers and managing the hardware that’s deployed there introduces its own set of complications.”

https://github.blog/2015-12-01-githubs-metal-cloud/
Unknown's avatar

Published by timeinints

Published

One thought on “GitHub Actions are Secure

  1. Pingback: Discovering the Programming Process – Stranger Coding Tings

Leave a comment