Added a section for GH Actions code styles

medic · Mar 30, 2021 · 80dfe5e · 80dfe5e
1 parent c52f93f
commit 80dfe5e
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/content/en/contribute/code/style-guide.md b/content/en/contribute/code/style-guide.md
@@ -484,4 +484,34 @@ providing a length property for a collection class.
 
 [sideeffect]: http://en.wikipedia.org/wiki/Side_effect_(computer_science)
 
+## Github Actions
+
+### Managing Secrets
+
+Secrets are encrypted for use for things like passwords or API keys and can be added at the org or repository level. They must be added by an admin. 
+
+To access a secret you can use this format in your yml. 
+
+```
+steps:
+  - name: My first action
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      FIRST_NAME: Mona
+      LAST_NAME: Octocat
+```
+
+See the full [documentation](https://docs.github.com/en/actions/reference/encrypted-secrets) on Github's site. 
+
+### Third Party Actions
+
+Actions allow us to leverage code written by others to do tasks at build time. The concept is similar to NPM and packages. 
+
+Follow the github actions best practices for security purposes. The main points in the security best [practices documents](https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions) are
+
+1. Pin actions to a full length commit SHA so any malicious or buggy updates are not silently included
+1. Audit the source code of the action
+1. Pin actions to a tag only if you trust the creator
+
+