Table: github_workflow - Query GitHub Workflows using SQL
GitHub Workflows is a feature within GitHub Actions that allows you to automate, customize, and execute your software development workflows right in your repository. It provides a flexible way to build an automated software development lifecycle workflow. With GitHub Workflows, you can build, test, and deploy your code right from GitHub.
Table Usage Guide
The github_workflow
table provides insights into Workflows within GitHub Actions. As a DevOps engineer, explore workflow-specific details through this table, including workflow configurations, status, and associated branches. Utilize it to monitor and manage workflows, such as those with specific event triggers, the branches associated with a workflow, and the verification of workflow configurations.
Important Notes
- You must specify the
repository_full_name
column inwhere
orjoin
clause to query the table.
Examples
List workflows
Explore the characteristics and details of workflows within a specific GitHub repository. This can help in understanding the workflow structure and any specific patterns or anomalies, thereby aiding in effective repository management.
select repository_full_name, name, path, node_id, state, urlfrom github_workflowwhere repository_full_name = 'turbot/steampipe';
select repository_full_name, name, path, node_id, state, urlfrom github_workflowwhere repository_full_name = 'turbot/steampipe';
Control examples
- CIS Software Supply Chain v1.0.0 > 2 Build Pipelines > 2.3 Pipeline Instructions > 2.3.1 Ensure all build steps are defined as code
- CIS Software Supply Chain v1.0.0 > 2 Build Pipelines > 2.3 Pipeline Instructions > 2.3.7 Ensure pipelines are automatically scanned for vulnerabilities
- CIS Software Supply Chain v1.0.0 > 2 Build Pipelines > 2.3 Pipeline Instructions > 2.3.8 Ensure scanners are in place to identify and prevent sensitive data in pipeline files
- CIS Software Supply Chain v1.0.0 > 2 Build Pipelines > 2.4 Pipeline Integrity > 2.4.2 Ensure all external dependencies used in the build process are locked
- CIS Software Supply Chain v1.0.0 > 2 Build Pipelines > 2.4 Pipeline Integrity > 2.4.6 Ensure pipeline steps sign the SBOM produced
- CIS Software Supply Chain v1.0.0 > 3 Dependencies > 3.1 Third-Party Packages > 3.1.7 Ensure dependencies are pinned to a specific, verified version
- CIS Software Supply Chain v1.0.0 > 3 Dependencies > 3.2 Validate Packages > 3.2.2 Ensure packages are automatically scanned for known vulnerabilities
- CIS Software Supply Chain v1.0.0 > 3 Dependencies > 3.2 Validate Packages > 3.2.3 Ensure packages are automatically scanned for license implications
Schema for github_workflow
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
badge_url | text | Badge URL for the workflow. | |
created_at | timestamp with time zone | Time when the workflow was created. | |
html_url | text | HTML URL for the workflow. | |
id | bigint | = | Unique ID of the workflow. |
login_id | text | =, !=, ~~, ~~*, !~~, !~~* | Unique identifier for the user login. |
name | text | The name of the workflow. | |
node_id | text | Node where GitHub stores this data internally. | |
path | text | Path of the workflow. | |
pipeline | jsonb | Github workflow in the generic pipeline entity format to be used across CI/CD platforms. | |
repository_full_name | text | = | Full name of the repository that contains the workflow. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
state | text | State of the workflow. | |
updated_at | timestamp with time zone | Time when the workflow was updated. | |
url | text | URL of the workflow. | |
workflow_file_content | text | Content of github workflow file in text format. | |
workflow_file_content_json | jsonb | Content of github workflow file in the JSON format. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- github
You can pass the configuration to the command with the --config
argument:
steampipe_export_github --config '<your_config>' github_workflow