How I accidentally took down GitHub Actions
Last December, I was invited to a private bug bounty program to test a beta version of GitHub Actions. GitHub Actions is a workflow automation tool integrated with GitHub. One common use case of GitHub Actions is for CI builds – a project can fairly easily start up a Docker container every time they push a commit (e.g.), and run their project’s tests in the container.
At the time, I wasn’t too familiar with the details of how GitHub Actions worked, so I decided to just try it out and see what would happen.
I used GitHub’s configuration wizard to create a config file. First, it let me select from a list of triggers for the Action (“do something when a commit is pushed”, “do something when someone creates an issue”, etc). I selected “do something when a comment is added to an issue”.
Next, it gave a list of options for what should happen when the trigger activates, which mainly consisted of different cloud services/containers (“Run something on AWS”, “Run code in Docker”, etc.). I selected “Run code in Docker” and specified that the file ./foo.sh in the repository should be executed.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24801728/Screenshot_2023_07_21_at_1.45.12_PM.jpeg)
