8 posts tagged with "github actions"

We've released an update to the StackQL GitHub provider adding new services and expanding coverage across several existing ones.

New Services​

Some of the newly added services of note include:

agent_tasks​

The agent_tasks service exposes GitHub's AI agent task API, allowing you to query and manage agent task runs within a repository. Resources include:

This covers the audit and observability side of AI agent operations in GitHub - useful for tracking what agent tasks have run, their status, and step-level output.

campaigns​

The campaigns service covers GitHub's security campaign management, part of GitHub Advanced Security. Resources include:

Security campaigns let you coordinate remediation of code scanning or secret scanning alerts across an org. This service lets you query campaign state and participation programmatically.

classroom​

The classroom service brings GitHub Classroom into StackQL. Resources include:

This is useful for institutions managing GitHub Classroom at scale - querying assignment completion or generating reports across multiple classrooms.

hosted_compute​

The hosted_compute service covers GitHub's hosted compute networking resources, relevant to organizations using GitHub-hosted runners with custom network configurations. Resources include:

This is relevant if you're using GitHub's hosted compute with Azure private networking or similar integrations.

private_registries​

The private_registries service exposes org-level private registry configurations - credentials and settings stored in GitHub for use by Actions workflows. Resources include:

This allows you to audit which private registries (npm, Docker Hub, Maven, etc.) are configured at the org level without going through the GitHub UI.

enterprise_teams​

The enterprise_teams service provides enterprise-scoped team management, distinct from org-level teams. Resources include:

This is useful for enterprises managing teams that span multiple organizations.

Updates​

Notable updates to existing services include:

actions​

New resources added to the actions service:

• hosted_runners - query and manage GitHub-hosted runner configurations at the org or repo level
• runner_group_network_configurations - network config details for runner groups

orgs​

• New org_roles and org_role_assignments resources for querying custom org role definitions and their assignments

repos​

• New repo_rules_suites resource for querying rule suite evaluation history (useful for auditing branch protection rule evaluations)

Get Started​

Pull the latest GitHub provider:

stackql registry pull github

Visit us on GitHub and let us know how you're using it.

The stackql-deploy docs site is now available, offering a comprehensive guide to using stackql-deploy for your cloud resource deployments and tests. The site includes detailed documentation, examples, and best practices to help you get started quickly and effectively.

Let us know what you think! ⭐ us on GitHub.

stackql-deploy is now available in the GitHub Actions Marketplace.

Given this example stackql-deploy stack definition in a GitHub repo, you would simply add the following to your GitHub Actions workflow:

...
jobs:
  stackql-actions-test:
    name: StackQL Actions Test
    runs-on: ubuntu-latest
    env:
      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
    
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy a Stack
        uses: stackql/setup-deploy@v1.0.1
        with:
          command: build
          stack-dir: examples/k8s-the-hard-way
          stack-env: dev
          env-vars: GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo

Example output is shown here:

Let us know what you think! ⭐ us on GitHub.

The StackQL Linode provider is now available. Using the StackQL Linode provider you can create, query, and manage Linodes (instances), Volumes, NodeBalancers, Firewalls, StackScripts, Databases, Kubernetes Clusters, Object Storage Buckets, and much more.

You can use the StackQL Linode provider with other StackQL providers (such as aws, google, azure, digitalocean, and more) to perform multi-cloud CSPM, inventory queries, or multi-provider stack deployments. Documentation for the Linode provider is available at StackQL Linode provider docs.

Here is an example of creating a Linode (a VM instance), passing variables from a jsonnet config file as well as CI secrets (GitHub Actions Secrets, GitLab CI Secrets, etc.):

INSERT INTO linode.instances.linodes(
  data__authorized_keys,
  data__authorized_users,
  data__root_pass,
  data__image,
  data__label,
  data__region,
  data__type
)
SELECT
  '[ "{{ .authorized_key }}" ]',
  '[ "{{ .authorized_user }}" ]',
  '{{ .root_pass }}',
  '{{ .image }}',
  '{{ .label }}',
  '{{ .region }}',
  '{{ .type }}'
;

Querying objects in Linode can be done using SELECT statements, such as:

select id, 
label, 
region, 
JSON_EXTRACT(specs, '$.vcpus') as vcpus,
JSON_EXTRACT(specs, '$.memory') as memory,
JSON_EXTRACT(specs, '$.disk') as disk,
status 
from linode.instances.linodes;

Which would return:

|----------|-----------|--------------|-------|--------|-------|---------|                                                                                                                                              
|    id    |   label   |    region    | vcpus | memory | disk  | status  |                                                                                                                                              
|----------|-----------|--------------|-------|--------|-------|---------|                                                                                                                                              
| 46063573 | my-linode | ap-southeast |     1 |   1024 | 25600 | running |                                                                                                                                              
|----------|-----------|--------------|-------|--------|-------|---------| 

Summary or aggregate queries such as GROUP BY -> COUNT or SUM are fully supported with StackQL, as are JOIN and UNION operations (including cross-provider JOIN operations).

StackQL supported outputs include table, csv (using a comma or user-specified delimiter), and json.

StackQL can be accessed through the interactive shell stackql shell as well as noninteractive access using stackql exec and server-based access using stackql srv - where you can use any Postgres wire protocol client to run StackQL queries. GitHub actions, Jupyter notebooks, and Superset dashboards are other options for using StackQL.

The Digital Ocean provider is now available for StackQL. You can use StackQL to provision, manage or report on Droplets, Apps, Functions, Databases, Volumes, Spaces, and more.

To use the Digital Ocean provider, generate a Personal Access Token from the Digital Ocean Control Panel under the API section. Export the value of the token created to a variable named DIGITALOCEAN_TOKEN (on your local system or as a CI secret). You can then run queries against the Digital Ocean provider using StackQL.

The following example demonstrates the creation of a Droplet in Digital Ocean.

INSERT INTO digitalocean.droplets.droplets ( 
data__name, 
data__region, 
data__size, 
data__image, 
data__backups, 
data__ipv6, 
data__monitoring, 
data__tags 
) 
SELECT 
'droplet-1.example.com', 
'nyc3', 
's-1vcpu-1gb', 
'ubuntu-20-04-x64', 
true, 
true, 
true, 
'["env:prod", "web"]';

You can use jsonnet as a configuration, templating language with StackQL to provide variables or parameters to IaC operations in StackQL; this can be done using the --data flag in the stackql exec command as follows:

./stackql exec --infile create_droplets.iql --iqldata vars.jsonnet

The code for create_droplets.iql and vars.jsonnet is shown here:

{{range $index, $element := .droplets}}
INSERT INTO digitalocean.droplets.droplets ( 
data__name, 
data__region, 
data__size, 
data__image, 
data__backups, 
data__ipv6, 
data__monitoring, 
data__tags 
) 
SELECT 
'droplet-{{$index}}.stackql.io', 
'nyc3', 
'{{.size}}', 
'ubuntu-20-04-x64', 
true, 
true, 
true, 
'["env:prod", "web"]';
{{end}}

{
	droplets: [
		{ size: 's-1vcpu-512mb-10gb' },
		{ size: 's-1vcpu-1gb' },
		{ size: 's-1vcpu-1gb-amd' },
	]
}

StackQL is a unified SQL-based framework that can be used for analytics and reporting as well as provisioning, de-provisioning, and lifecycle opertaions. As a native multi-cloud solution, StackQL can analyze and report across assets across multiple different providers; an example is shown here:

SELECT 
name, 
JSON_EXTRACT(region, '$.name') as region, 
JSON_EXTRACT(size, '$.slug') as size,
'digitalocean' as provider
FROM digitalocean.droplets.droplets
UNION
SELECT
instanceId as name,
'us-east-1' as region,
instanceType as size,
'aws' as provider
FROM aws.ec2.instances 
WHERE region = 'us-east-1';

Digital Ocean and multi-cloud queries can be visualized using BI tools or notebooks; examples of using StackQL with Jupyter can be found here.

More information about the Digital Ocean provider for StackQL can be found here.