Streamline Your GitHub Actions Workflows with StepSecurity’s Latest Feature
Discover StepSecurity’s latest workflow orchestration feature that is designed to resolve the challenge of standardizing workflows across repositories.
Oops! Something went wrong while submitting the form.
Share This Post
Share This Post
Table of Contents
DevOps and Security teams struggle to get a standard set of GitHub Actions workflows deployed consistently across repositories. To solve this issue, StepSecurity is adding a new feature to its orchestration solution, to simplify the process of standardizing GitHub Actions workflows using automated pull requests.
Why Use StepSecurity’s GitHub Actions Orchestration Solution?
Our enterprise customers and over 900 open-source projects already trust StepSecurity for automating GitHub Actions security best practices. This includes setting minimum GITHUB_TOKEN permissions, adding Harden-Runner to jobs, pinning Actions to a specific commit SHA, updating Dependabot configurations etc.
This has enabled hundreds of organizations to not only comply with GitHub recommended security best practices but also save hundreds of developer hours for more innovative and creative work. Now, on popular demand we’re launching a new feature to empower our customers with orchestration of workflows using pre-approved workflow templates.
New Feature: GitHub Actions Workflow Orchestration
We received consistent feedback from our enterprise customers that they need developers to use a standard set of workflows across their repositories. The DevOps and security teams typically setup a set of approved workflows and a manual process for developers to use these workflows. But this results in inconsistent results as the process is not automated.
Responding to feedback, we're excited to announce a new feature that allows you to orchestrate GitHub Actions workflows across repositories. Whether it's workflows for secure deployments, adding linters, security tools, or using StepSecurity Maintained Actions, we've got you covered.
How to Use the New Feature in Simple Steps
To get started with workflow orchestration, follow these simple steps:
1. Organize Your Workflows
Begin by arranging the workflows you plan to standardize. Place these in the `.github/workflows` directory within your chosen repository. This setup acts as your central hub for workflow templates.
2. Configure StepSecurity
Navigate to https://app.stepsecurity.io/securerepo and login to access your account.
Go to the 'User Settings' section. Here, you’ll find an area labeled 'Workflow Templates'. Enter the details of the repository where you’ve stored your workflow templates. Ensure everything is correct and hit 'Update Templates Repository'. This step links your standard workflows with StepSecurity.
Screenshot showing how to add details of the repository with workflow templates stored
Click on “Analyze Repository”. StepSecurity will assess the repository and present a list of recommended best practices tailored for it.
Screenshot showing how to add repository link and analyze repository
In the workflow recommendation section, you'll see options sourced from your earlier defined templates. Select the workflows that best suit this repository’s needs.
Screenshot showing selected workflows in the recommended sections
Proceed by clicking on “Create a Pull Request”. This action generates a pull request containing your chosen workflows, ready to be integrated into the repository.
The final step is to review the pull request for accuracy, then merge it to apply these standardized workflows to the repository.
Sample pull request: To help you understand better, here's an example of a pull request that adds workflows from the templates folder.
In this case the pr_label.yml and python-publish.yml workflows are the approved workflows in the workflow-templates repository. Since they were missing in the target repository, they are included in the pull request.
Private Repository Support
You can use this feature for private repositories as well. To start, set a Personal Access Token (PAT) in User Settings. We recommend using a fine-grained PAT that has contents: read/write access, pull-requests: read/write, and workflows: read/write access to the repositories where the best practices need to be applied and contents: read access to the workflow templates repository.
Now follow the same steps as earlier to apply best practices and orchestrate custom workflows in private repositories.
DevOps and Security teams struggle to get a standard set of GitHub Actions workflows deployed consistently across repositories. To solve this issue, StepSecurity is adding a new feature to its orchestration solution, to simplify the process of standardizing GitHub Actions workflows using automated pull requests.
Why Use StepSecurity’s GitHub Actions Orchestration Solution?
Our enterprise customers and over 900 open-source projects already trust StepSecurity for automating GitHub Actions security best practices. This includes setting minimum GITHUB_TOKEN permissions, adding Harden-Runner to jobs, pinning Actions to a specific commit SHA, updating Dependabot configurations etc.
This has enabled hundreds of organizations to not only comply with GitHub recommended security best practices but also save hundreds of developer hours for more innovative and creative work. Now, on popular demand we’re launching a new feature to empower our customers with orchestration of workflows using pre-approved workflow templates.
New Feature: GitHub Actions Workflow Orchestration
We received consistent feedback from our enterprise customers that they need developers to use a standard set of workflows across their repositories. The DevOps and security teams typically setup a set of approved workflows and a manual process for developers to use these workflows. But this results in inconsistent results as the process is not automated.
Responding to feedback, we're excited to announce a new feature that allows you to orchestrate GitHub Actions workflows across repositories. Whether it's workflows for secure deployments, adding linters, security tools, or using StepSecurity Maintained Actions, we've got you covered.
How to Use the New Feature in Simple Steps
To get started with workflow orchestration, follow these simple steps:
1. Organize Your Workflows
Begin by arranging the workflows you plan to standardize. Place these in the `.github/workflows` directory within your chosen repository. This setup acts as your central hub for workflow templates.
2. Configure StepSecurity
Navigate to https://app.stepsecurity.io/securerepo and login to access your account.
Go to the 'User Settings' section. Here, you’ll find an area labeled 'Workflow Templates'. Enter the details of the repository where you’ve stored your workflow templates. Ensure everything is correct and hit 'Update Templates Repository'. This step links your standard workflows with StepSecurity.
Screenshot showing how to add details of the repository with workflow templates stored
Click on “Analyze Repository”. StepSecurity will assess the repository and present a list of recommended best practices tailored for it.
Screenshot showing how to add repository link and analyze repository
In the workflow recommendation section, you'll see options sourced from your earlier defined templates. Select the workflows that best suit this repository’s needs.
Screenshot showing selected workflows in the recommended sections
Proceed by clicking on “Create a Pull Request”. This action generates a pull request containing your chosen workflows, ready to be integrated into the repository.
The final step is to review the pull request for accuracy, then merge it to apply these standardized workflows to the repository.
Sample pull request: To help you understand better, here's an example of a pull request that adds workflows from the templates folder.
In this case the pr_label.yml and python-publish.yml workflows are the approved workflows in the workflow-templates repository. Since they were missing in the target repository, they are included in the pull request.
Private Repository Support
You can use this feature for private repositories as well. To start, set a Personal Access Token (PAT) in User Settings. We recommend using a fine-grained PAT that has contents: read/write access, pull-requests: read/write, and workflows: read/write access to the repositories where the best practices need to be applied and contents: read access to the workflow templates repository.
Now follow the same steps as earlier to apply best practices and orchestrate custom workflows in private repositories.
%20(2).png)
