GitHub Actions 使用Marketplace动作 #
GitHub Marketplace提供了大量社区贡献的动作,可以帮助你快速构建工作流。本节介绍如何发现和使用这些动作。
Marketplace概述 #
什么是GitHub Marketplace? #
GitHub Marketplace是一个动作市场,提供:
- 官方维护的动作
- 社区贡献的动作
- 各种工具和服务的集成
访问Marketplace #
- 网页访问:https://github.com/marketplace?type=actions
- 在工作流编辑器中搜索
- 使用GitHub CLI搜索
bash
gh search actions "setup node"
使用动作 #
基本语法 #
yaml
steps:
- uses: owner/repo@version
版本指定 #
yaml
steps:
# 使用具体版本(推荐)
- uses: actions/checkout@v4
# 使用SHA(最安全)
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
# 使用主版本
- uses: actions/checkout@v4
# 使用分支(不推荐)
- uses: actions/checkout@main
传递参数 #
yaml
steps:
- uses: actions/checkout@v4
with:
repository: owner/repo
ref: main
token: ${{ secrets.GITHUB_TOKEN }}
常用官方动作 #
actions/checkout #
检出代码:
yaml
- uses: actions/checkout@v4
with:
repository: owner/repo
ref: main
token: ${{ secrets.GITHUB_TOKEN }}
path: ./src
fetch-depth: 0
submodules: true
actions/setup-node #
设置Node.js环境:
yaml
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: subdir/package-lock.json
registry-url: 'https://registry.npmjs.org'
actions/setup-python #
设置Python环境:
yaml
- uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
architecture: 'x64'
actions/setup-go #
设置Go环境:
yaml
- uses: actions/setup-go@v5
with:
go-version: '1.21'
cache: true
actions/cache #
缓存依赖:
yaml
- uses: actions/cache@v4
with:
path: |
~/.npm
~/.cache
key: ${{ runner.os }}-cache-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-cache-
actions/upload-artifact #
上传制品:
yaml
- uses: actions/upload-artifact@v4
with:
name: my-artifact
path: dist/
retention-days: 5
actions/download-artifact #
下载制品:
yaml
- uses: actions/download-artifact@v4
with:
name: my-artifact
path: ./downloaded
actions/github-script #
执行GitHub API脚本:
yaml
- uses: actions/github-script@v7
with:
script: |
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: 'Automated issue',
body: 'Created by GitHub Actions'
})
常用第三方动作 #
Docker操作 #
yaml
# 登录
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
# 构建和推送
- uses: docker/build-push-action@v5
with:
context: .
push: true
tags: user/app:latest
GitHub Pages部署 #
yaml
- uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
cname: example.com
Slack通知 #
yaml
- uses: slackapi/slack-github-action@v1
with:
channel-id: 'C0123456789'
slack-message: 'Deployment completed!'
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
AWS部署 #
yaml
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
代码检查 #
yaml
# ESLint
- uses: reviewdog/action-eslint@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# Prettier
- uses: creyD/prettier_action@v4.3
with:
prettier_options: --write **/*.{js,md}
测试覆盖率 #
yaml
- uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage/lcov.info
发现动作 #
在Marketplace搜索 #
- 访问 https://github.com/marketplace?type=actions
- 输入关键词搜索
- 按分类筛选
- 查看评分和使用量
使用GitHub CLI #
bash
# 搜索动作
gh search actions "setup node"
# 搜索特定语言的动作
gh search actions "python" --language python
在工作流编辑器中搜索 #
- 在工作流编辑器中点击 “Marketplace”
- 输入关键词搜索
- 查看动作详情和使用示例
评估动作 #
检查项 #
| 检查项 | 说明 |
|---|---|
| 作者 | 是否为官方或可信组织 |
| Stars | 社区认可度 |
| 使用量 | 被使用次数 |
| 更新频率 | 是否积极维护 |
| 文档 | 是否有完整文档 |
| Issue | 是否有未解决的问题 |
安全考虑 #
yaml
# 推荐:使用具体版本
- uses: actions/checkout@v4
# 最安全:使用SHA
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
# 不推荐:使用分支
- uses: actions/checkout@main
使用示例 #
完整CI工作流 #
yaml
name: CI
on: [push, pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run lint
test:
needs: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm test -- --coverage
- uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
build:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
部署到GitHub Pages #
yaml
name: Deploy
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build
- uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
Docker构建和推送 #
yaml
name: Docker
on:
push:
tags:
- 'v*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:latest
最佳实践 #
1. 使用具体版本 #
yaml
# 推荐
- uses: actions/checkout@v4
# 不推荐
- uses: actions/checkout@main
2. 使用官方动作 #
yaml
# 优先使用官方动作
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
3. 检查动作更新 #
定期检查动作更新,获取新功能和安全修复。
4. 使用缓存加速 #
yaml
- uses: actions/setup-node@v4
with:
cache: 'npm'
5. 审查第三方动作 #
使用第三方动作前,检查:
- 源代码
- 权限需求
- 安全历史
下一步学习 #
小结 #
- Marketplace提供大量可用动作
- 使用具体版本确保稳定性
- 优先使用官方动作
- 使用缓存加速构建
- 审查第三方动作安全性
- 定期更新动作版本
最后更新:2026-03-28