GitHub Actions on Ubuntu

GitHub Actions on Ubuntu

GitHub Actions is GitHub's built-in CI/CD platform that runs workflows in response to repository events (push, pull request, schedule). Each workflow runs on a runner — either GitHub's cloud runners (ubuntu-latest is a fresh Ubuntu VM) or a self-hosted runner on your own server. For infrastructure repositories with Ansible playbooks and Terraform configs, GitHub Actions provides free CI with direct integration into your code review workflow.

GitHub Actions concepts

Your first workflow

mkdir -p .github/workflows
nano .github/workflows/ansible-lint.yml

.github/workflows/ansible-lint.yml

name: Ansible Lint and Test

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 6 * * 1'    # Run every Monday 6 AM

jobs:
  lint:
    runs-on: ubuntu-latest    # GitHub-hosted Ubuntu runner
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.12'

      - name: Install Ansible and ansible-lint
        run: |
          pip install ansible ansible-lint

      - name: Run ansible-lint
        run: ansible-lint site.yml

  deploy:
    runs-on: ubuntu-latest
    needs: lint          # Only run if lint job passes
    if: github.ref == 'refs/heads/main'    # Only deploy from main branch
    steps:
      - uses: actions/checkout@v4

      - name: Deploy to production
        env:
          DEPLOY_KEY: ${{ secrets.DEPLOY_SSH_KEY }}    # Secret from repo settings
        run: |
          echo "${DEPLOY_KEY}" > /tmp/deploy_key
          chmod 600 /tmp/deploy_key
          ansible-playbook site.yml             --private-key=/tmp/deploy_key             -i inventory/production

Self-hosted runner on Ubuntu

# Self-hosted runners: run on your own Ubuntu server
# Useful for: accessing private networks, using custom tools, or cost savings

# Set up self-hosted runner:
# 1. Go to GitHub repo → Settings → Actions → Runners → New self-hosted runner
# 2. Choose Linux/x64, follow the displayed commands:
mkdir actions-runner && cd actions-runner
curl -o actions-runner-linux-x64-2.316.0.tar.gz -L   https://github.com/actions/runner/releases/download/v2.316.0/actions-runner-linux-x64-2.316.0.tar.gz
tar xzf ./actions-runner-linux-x64-2.316.0.tar.gz

# Configure (GitHub provides the token):
./config.sh --url https://github.com/yourorg/infra-configs --token YOUR_TOKEN_HERE

# Install as systemd service so it runs permanently:
sudo ./svc.sh install
sudo ./svc.sh start

# Verify runner appears as Online in GitHub repo settings
# Use in workflow:
# runs-on: self-hosted    (instead of ubuntu-latest)

Conclusion

Store all CI/CD secrets (SSH deploy keys, API tokens, passwords) in GitHub repository secrets (Settings → Secrets and variables → Actions) and reference them with ${{ secrets.SECRET_NAME }} in workflows. Never hardcode credentials in workflow YAML files — they are stored in git and visible to anyone with repository access. Self-hosted runners are required when your deployment targets are on private networks that GitHub's cloud runners cannot reach.