GitHub Actions
GitHub Actions' Ubuntu 18.04 and Ubuntu 20.04 runners come pre-installed with everything needed to run Batect. We recommend using Ubuntu 20.04.
To use the Ubuntu 20.04 runner, specify runs-on: ubuntu:20.04 in your configuration file. For example:
jobs:
build:
name: "Build"
runs-on: ubuntu-20.04
steps:
- uses: actions/[email protected]
- name: Build application
run: ./batect build
You can see a full example of using Batect with GitHub Actions in the TypeScript sample project.
Caching between builds
If you're using caches, you can persist these between builds with the following configuration:
jobs:
build:
name: "Build"
runs-on: ubuntu-20.04
env:
BATECT_CACHE_TYPE: directory
steps:
- uses: actions/[email protected]
- name: Cache dependencies
uses: actions/[email protected]
with:
path: .batect/caches
key: batect-caches-${{ hashFiles('path to a file that uniquely identifies the contents of the caches') }}
- # ...other build steps
The key should be a value that changes when the contents of the cache change, and remains constant otherwise. A good candidate is the hash of a dependency lockfile,
such as Gemfile.lock, package-lock.json, yarn.lock or go.sum. The
documentation for caching has
more details on key.
Validating integrity of wrapper scripts
You can check that the batect and batect.cmd wrapper scripts have not been modified with the batect-wrapper-validation-action action.
For example, add the following to an existing workflow:
jobs:
validate-batect-wrapper:
name: Validate Batect wrapper scripts
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/[email protected]
- name: Validate Batect wrapper scripts
uses: batect/batect-wrapper-validation-[email protected]
This action must run before any invocations of Batect. If the action runs after an invocation of Batect and the wrapper script has been modified maliciously, the malicious version may be able to modify itself to appear genuine.