As a developer, you need to make sure that only actions from trusted sources are available for use in your GitHub Enterprise Cloud organization. Which of the following statements are true? (Choose three.)
You can enable specific actions for the organization by identifying them and providing version control, ensuring only trusted versions are used in workflows.
GitHub-verified actions can be enabled at the enterprise level, providing an extra layer of security by ensuring that only trusted actions are available to workflows.
Actions can be published to an internal marketplace, allowing organizations to share reusable actions securely within their enterprise without exposing them to the public.
Which of the following scenarios requires a developer to explicitly use the GITHUB_TOKEN or github.token secret within a workflow? (Choose two.)
Some actions may require a GITHUB_TOKEN as an input to authenticate and perform specific tasks, such as creating issues, commenting on pull requests, or interacting with the GitHub API. In such cases, you would need to explicitly pass the token to the action.
When making an authenticated GitHub API request, the GITHUB_TOKEN is required to authenticate the request. This token is automatically provided by GitHub in the workflow, and it must be explicitly used when interacting with the GitHub API.
Which of the following scenarios would require the use of self-hosted runners instead of GitHub-hosted runners?
GitHub-hosted runners have a limit on the number of concurrent workflows (typically 20 for free-tier accounts and 5 for enterprise). If your organization needs to run more workflows simultaneously, you would need to use self-hosted runners to increase the available concurrency.
Self-hosted runners allow you to configure specialized hardware or software setups that are necessary for certain workflows. GitHub-hosted runners may not have access to custom hardware configurations like GPUs or other specialized resources, so self-hosted runners are required in such cases.
You have exactly one Windows x64 self-hosted runner, and it is configured with custom tools. Which syntax could you use in the workflow to target that runner?
The runs-on keyword allows you to specify the operating system and other labels for the runner. By specifying self-hosted, windows, and x64, you are targeting a self-hosted Windows runner that matches these criteria, which aligns with the custom configuration of your self-hosted runner.
As a DevOps engineer developing a JavaScript action, you need to include annotations to pass warning messages to workflow runners. Which code snippet can you use to implement an annotation in your Actions?
As a DevOps engineer developing a JavaScript action, you need to include annotations to pass warning messages to workflow runners. Which code snippet can you use to implement an annotation in your Actions?
The core.warning() function from the @actions/core package is used to create a warning message in the workflow logs. This is an annotation type that informs users about issues that don't require failing the build but still need attention.
