shithub Public

Watch 1 Fork 0 Star 0

markdown · 3199 bytes Raw Blame History

Actions

shithub Actions runs CI workflows from .shithub/workflows/*.yml. The workflow format intentionally follows the parts of GitHub Actions that are useful for ordinary repository CI, while keeping the runner surface small enough to secure.

Minimal workflow

name: smoke
on: [push, workflow_dispatch]
jobs:
  hello:
    runs-on: ubuntu-latest
    env:
      RUN_ID: ${{ shithub.run_id }}
    steps:
      - run: echo "hello from shithub actions"
      - run: test -n "$RUN_ID"

Commit that file as .shithub/workflows/smoke.yml and push to the repository. The run appears under the repository's Actions tab and its job also appears as a check run on matching pull requests.

What works today

push, pull_request, schedule, and workflow_dispatch triggers
run: steps executed in the operator-configured runner image
runs-on: label matching against registered runners
workflow, job, and step env:
${{ secrets.NAME }}, ${{ vars.NAME }}, ${{ env.NAME }}, and ${{ shithub.* }} expressions
needs:, if:, timeout-minutes:, and concurrency groups
live step logs, cancel, re-run, check-run sync, and the Actions Atom feed

runs-on: ubuntu-latest is a runner label, not a promise that shithub downloads a hosted Ubuntu image for you. The site operator decides which image a matching runner uses. On shithub.sh, use the labels published by the instance operator.

Current limit

Use run: steps for now. The parser accepts these reserved aliases:

actions/checkout@v4
shithub/upload-artifact@v1
shithub/download-artifact@v1

The runner does not execute them yet. A workflow containing those uses: steps will fail until checkout and artifact execution land. If you need repository files in a smoke workflow today, keep the command self-contained or fetch what you need explicitly inside a run: step.

Expressions

Use the shithub namespace:

env:
  REF: ${{ shithub.ref }}
  SHA: ${{ shithub.sha }}
  RUN_ID: ${{ shithub.run_id }}

The github.* namespace is accepted as a compatibility alias for the fields shithub exposes, but new workflows should use shithub.*.

Event payload values such as ${{ shithub.event.pull_request.title }} are treated as untrusted. The runner passes them through temporary environment bindings instead of splicing them directly into shell command text.

Secrets and variables

Repository and organization settings expose Actions secrets and variables. Secrets are encrypted at rest and are redacted from logs. Variables are plaintext configuration and are suitable for non-secret values such as tool versions or feature flags.

Repo-scoped values shadow organization-scoped values with the same name.

Migrating from GitHub Actions

Most simple CI files need three edits:

Move the workflow file from .github/workflows/ to .shithub/workflows/.
Replace uses: actions with equivalent run: commands.
Confirm runs-on: matches a label registered by your shithub operator.

Marketplace actions, Docker actions, composite actions, hosted runner images, matrix expansion, service containers, and built-in checkout are not part of the current v1 runner.

View source

  
        1
        # Actions
      
        2
        
        3
        shithub Actions runs CI workflows from `.shithub/workflows/*.yml`.
      
        4
        The workflow format intentionally follows the parts of GitHub Actions that are
      
        5
        useful for ordinary repository CI, while keeping the runner surface small enough
      
        6
        to secure.
      
        7
        
        8
        ## Minimal workflow
      
        9
        
        10
        ```yaml
      
        11
        name: smoke
      
        12
        on: [push, workflow_dispatch]
      
        13
        jobs:
      
        14
          hello:
      
        15
            runs-on: ubuntu-latest
      
        16
            env:
      
        17
              RUN_ID: ${{ shithub.run_id }}
      
        18
            steps:
      
        19
              - run: echo "hello from shithub actions"
      
        20
              - run: test -n "$RUN_ID"
      
        21
        ```
      
        22
        
        23
        Commit that file as `.shithub/workflows/smoke.yml` and push to the repository.
      
        24
        The run appears under the repository's Actions tab and its job also appears as
      
        25
        a check run on matching pull requests.
      
        26
        
        27
        ## What works today
      
        28
        
        29
        - `push`, `pull_request`, `schedule`, and `workflow_dispatch` triggers
      
        30
        - `run:` steps executed in the operator-configured runner image
      
        31
        - `runs-on:` label matching against registered runners
      
        32
        - workflow, job, and step `env:`
      
        33
        - `${{ secrets.NAME }}`, `${{ vars.NAME }}`, `${{ env.NAME }}`, and
      
        34
          `${{ shithub.* }}` expressions
      
        35
        - `needs:`, `if:`, `timeout-minutes:`, and concurrency groups
      
        36
        - live step logs, cancel, re-run, check-run sync, and the Actions Atom feed
      
        37
        
        38
        `runs-on: ubuntu-latest` is a runner label, not a promise that shithub downloads
      
        39
        a hosted Ubuntu image for you. The site operator decides which image a matching
      
        40
        runner uses. On shithub.sh, use the labels published by the instance operator.
      
        41
        
        42
        ## Current limit
      
        43
        
        44
        Use `run:` steps for now. The parser accepts these reserved aliases:
      
        45
        
        46
        - `actions/checkout@v4`
      
        47
        - `shithub/upload-artifact@v1`
      
        48
        - `shithub/download-artifact@v1`
      
        49
        
        50
        The runner does not execute them yet. A workflow containing those `uses:` steps
      
        51
        will fail until checkout and artifact execution land. If you need repository
      
        52
        files in a smoke workflow today, keep the command self-contained or fetch what
      
        53
        you need explicitly inside a `run:` step.
      
        54
        
        55
        ## Expressions
      
        56
        
        57
        Use the shithub namespace:
      
        58
        
        59
        ```yaml
      
        60
        env:
      
        61
          REF: ${{ shithub.ref }}
      
        62
          SHA: ${{ shithub.sha }}
      
        63
          RUN_ID: ${{ shithub.run_id }}
      
        64
        ```
      
        65
        
        66
        The `github.*` namespace is accepted as a compatibility alias for the fields
      
        67
        shithub exposes, but new workflows should use `shithub.*`.
      
        68
        
        69
        Event payload values such as `${{ shithub.event.pull_request.title }}` are
      
        70
        treated as untrusted. The runner passes them through temporary environment
      
        71
        bindings instead of splicing them directly into shell command text.
      
        72
        
        73
        ## Secrets and variables
      
        74
        
        75
        Repository and organization settings expose Actions secrets and variables.
      
        76
        Secrets are encrypted at rest and are redacted from logs. Variables are
      
        77
        plaintext configuration and are suitable for non-secret values such as tool
      
        78
        versions or feature flags.
      
        79
        
        80
        Repo-scoped values shadow organization-scoped values with the same name.
      
        81
        
        82
        ## Migrating from GitHub Actions
      
        83
        
        84
        Most simple CI files need three edits:
      
        85
        
        86
        1. Move the workflow file from `.github/workflows/` to `.shithub/workflows/`.
      
        87
        2. Replace `uses:` actions with equivalent `run:` commands.
      
        88
        3. Confirm `runs-on:` matches a label registered by your shithub operator.
      
        89
        
        90
        Marketplace actions, Docker actions, composite actions, hosted runner images,
      
        91
        matrix expansion, service containers, and built-in checkout are not part of the
      
        92
        current v1 runner.

1	# Actions
2
3	shithub Actions runs CI workflows from `.shithub/workflows/*.yml`.
4	The workflow format intentionally follows the parts of GitHub Actions that are
5	useful for ordinary repository CI, while keeping the runner surface small enough
6	to secure.
7
8	## Minimal workflow
9
10	```yaml
11	name: smoke
12	on: [push, workflow_dispatch]
13	jobs:
14	hello:
15	runs-on: ubuntu-latest
16	env:
17	RUN_ID: ${{ shithub.run_id }}
18	steps:
19	- run: echo "hello from shithub actions"
20	- run: test -n "$RUN_ID"
21	```
22
23	Commit that file as `.shithub/workflows/smoke.yml` and push to the repository.
24	The run appears under the repository's Actions tab and its job also appears as
25	a check run on matching pull requests.
26
27	## What works today
28
29	- `push`, `pull_request`, `schedule`, and `workflow_dispatch` triggers
30	- `run:` steps executed in the operator-configured runner image
31	- `runs-on:` label matching against registered runners
32	- workflow, job, and step `env:`
33	- `${{ secrets.NAME }}`, `${{ vars.NAME }}`, `${{ env.NAME }}`, and
34	`${{ shithub.* }}` expressions
35	- `needs:`, `if:`, `timeout-minutes:`, and concurrency groups
36	- live step logs, cancel, re-run, check-run sync, and the Actions Atom feed
37
38	`runs-on: ubuntu-latest` is a runner label, not a promise that shithub downloads
39	a hosted Ubuntu image for you. The site operator decides which image a matching
40	runner uses. On shithub.sh, use the labels published by the instance operator.
41
42	## Current limit
43
44	Use `run:` steps for now. The parser accepts these reserved aliases:
45
46	- `actions/checkout@v4`
47	- `shithub/upload-artifact@v1`
48	- `shithub/download-artifact@v1`
49
50	The runner does not execute them yet. A workflow containing those `uses:` steps
51	will fail until checkout and artifact execution land. If you need repository
52	files in a smoke workflow today, keep the command self-contained or fetch what
53	you need explicitly inside a `run:` step.
54
55	## Expressions
56
57	Use the shithub namespace:
58
59	```yaml
60	env:
61	REF: ${{ shithub.ref }}
62	SHA: ${{ shithub.sha }}
63	RUN_ID: ${{ shithub.run_id }}
64	```
65
66	The `github.*` namespace is accepted as a compatibility alias for the fields
67	shithub exposes, but new workflows should use `shithub.*`.
68
69	Event payload values such as `${{ shithub.event.pull_request.title }}` are
70	treated as untrusted. The runner passes them through temporary environment
71	bindings instead of splicing them directly into shell command text.
72
73	## Secrets and variables
74
75	Repository and organization settings expose Actions secrets and variables.
76	Secrets are encrypted at rest and are redacted from logs. Variables are
77	plaintext configuration and are suitable for non-secret values such as tool
78	versions or feature flags.
79
80	Repo-scoped values shadow organization-scoped values with the same name.
81
82	## Migrating from GitHub Actions
83
84	Most simple CI files need three edits:
85
86	1. Move the workflow file from `.github/workflows/` to `.shithub/workflows/`.
87	2. Replace `uses:` actions with equivalent `run:` commands.
88	3. Confirm `runs-on:` matches a label registered by your shithub operator.
89
90	Marketplace actions, Docker actions, composite actions, hosted runner images,
91	matrix expansion, service containers, and built-in checkout are not part of the
92	current v1 runner.