Prerequisites¶

Prepare before the workshop

To ensure a seamless workshop experience, complete the following checklist items in order.

Set up a GitHub account¶

Login to your GitHub account.

You may create a new GitHub account, if you do not already have one. (1)

Clicking the button below will open the page on a new tab, for you to create a new GitHub account. Keep your @handle handy after you have logged in.

Create a new GitHub account

Clone the workshop project to your own account¶

Create workshop project
In the new tab, most of the prompts will automatically fill in for you and the default settings should be fine. Otherwise...
- For owner, choose your personal account or.
- We recommend creating a public repository. (1)
  1. Public repositories benefit from
    - Free use of GitHub Actions minutes.
    - Free use of GitHub Advanced Security features.
- Scroll down and click the Create repository button at the bottom of the form.
  
  Expand for sample view...
After creation of your new repository has begun, wait about 20 seconds, then refresh the page.

Enable Discussions¶

On GitHub.com, navigate to the main page of your new repository.
Under your repository name, click Settings.
Scroll down to the "Features" section and click Set up discussions

Configure base security¶

Navigate to the Settings tab on your new workshop repository.
Under the "Security" section of the menu, select Code security and analysis. Then configure the settings to match as follows (by clicking Enable where the option is/becomes available).
Further configurations guide...
- Dependabot version updates
  
  When enabling, you will be prompted to edit the .github/dependabot.yml configuration file. Simply navigate back on your browser or click on Cancel changes to leave the prompt, and to continue the base security configuration.
- CodeQL analysis
  1. From the Set up, select the Default option.
  2. Leave the default settings in the prompt that follows, and simply click on Enable CodeQL to continue.
- Protection rules
  
  Select the configuration as shown below.

Register a GitHub App¶

In the upper-right corner of any page on GitHub, click your profile photo.
Navigate to your account Settings.
In the left sidebar, click Developer settings.
In the left sidebar, click GitHub Apps

Click New GitHub App

Provide the form fields value as follows

GitHub App Name..........: <YOUR-HANDLE>-bot

Homepage URL.............: https://github.com/<YOUR-HANDLE>/github-devsecops-fundamentals

Webhook
  Active.................: DESELECT

Repository permissions
  Actions................: Read and write
  Administration.........: Read and write
  Contents...............: Read and write
  Deployments............: Read and write
  Discussions............: Read and write
  Environments...........: Read and write
  Pages..................: Read and write

Where can this GitHub App be installed?
  Any account.................: SELECT

Generate a private key for the new GitHub App as documented in here.
Save the GitHub App private key to your new repository's secrets under the name of APP_PRIVATE_KEY_ACTIONS_ASSISTANT.

👀 Creating secrets for a repository.
Save the GitHub App's appid to your new repository's variables under the name of APP_ID_ACTIONS_ASSISTANT.

👀 Creating configuration variables for a repository
Goto https://github.com/apps/<YOUR-HANDLE>-bot. Install the app in the repository you created earlier.
Expand for additional guide and sample views...

What is the use of a GitHub App?

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

If you do want to trigger a workflow from within a workflow run, you can use a GitHub App installation access token or a personal access token instead of GITHUB_TOKEN to trigger events that require a token.

If you use a GitHub App, you'll need to create a GitHub App and store the app ID and private key as secrets.

~ Triggering a workflow from a workflow

During the course of the workshop exercises, you will discover how the GitHub App is used to trigger the automatic deployment of release artifacts.

Create a project board for the repository¶

Open the recently created workshop repository.
Navigate to the Projects tab.
Open the Link a project dropdown menu . Then select the New Project option.
Click on the New project button to start the project creation wizard.
Select the Team backlog template.
Give a name to the project
Finally click on the Create button.

Provision a new cloud development environment for the workshop¶

GitHub Codespaces enables you to instantly start coding on the workshop project. Personal accounts on GitHub can benefit from a free quota of GitHub Codespaces usage.

Navigate to the Code tab.
Open the Code menu and click on Create codespaces on main.

Expand for sample view...
Leave the Codespace development environment to initialize and run, we will come back to use it later.