Pass the GitHub Certification GitHub-Actions Questions and answers with ExamsMirror

The workflow_dispatch event is used to manually trigger a workflow run in GitHub Actions. You can specify this event in the workflow file to allow users to manually trigger the workflow from the GitHub UI, often with optional input parameters.

A composite action allows you to bundle multiple steps into a single reusable action within a workflow. It is composed of multiple run steps or other actions and can be reused across workflows, making it the perfect choice for bundling a series of steps.

For a Docker container action to run in a GitHub Actions workflow, the runner must have Docker installed. The runs-on attribute of the job should specify an environment that supports Docker, typically a Linux environment (e.g., ubuntu-latest), since Docker is widely supported and commonly used in Linux-based environments.

The GITHUB_REF environment variable specifies the branch or tag that triggered the workflow. It contains the full reference to the branch or tag, such as refs/heads/main for a branch or refs/tags/v1.0 for a tag.

Using a corporate secret store like HashiCorp Vault provides a secure, centralized location for sensitive information. GitHub Actions can then retrieve and store the token securely during deployment by setting it as an environment variable, ensuring the token remains secure and accessible at runtime.

Storing the token as an organizational-level encrypted secret in GitHub ensures it is accessible across multiple repositories, minimizing management overhead. GitHub Actions can then use this secret during deployment by setting it as an environment variable, allowing the microservice to access it securely at runtime.

First, the dataset should be encrypted before being stored. This ensures that the data is protected when stored in a repository.

The encrypted dataset can be stored in a GitHub secret, ensuring it is securely kept and not exposed publicly.

The encryption key needed to decrypt the dataset should also be stored in a GitHub secret to maintain security during the workflow, allowing access only when needed.

You can enable specific actions for the organization by identifying them and providing version control, ensuring only trusted versions are used in workflows.

GitHub-verified actions can be enabled at the enterprise level, providing an extra layer of security by ensuring that only trusted actions are available to workflows.

Actions can be published to an internal marketplace, allowing organizations to share reusable actions securely within their enterprise without exposing them to the public.

The $GITHUB_OUTPUT file is used to pass data from one step to another in GitHub Actions. The echo command appends the key-value pair to this file, which sets the output variable (MY_OUTPUT) for the current step.

GitHub Actions allows you to configure environment protection rules, where you can require specific users or teams to approve the deployment before the workflow proceeds to the next step. This ensures that the required reviewers approve the workflow before any sensitive actions (such as deployment) occur.

Scheduled workflows in GitHub Actions are triggered at specified times, and they run on the latest commit of the branch that triggers the workflow. This means the workflow will run on the most recent commit on the branch that was active at the time the scheduled event occurs.