{"id":47012479,"url":"https://github.com/stephrobert/github-actions-training","last_synced_at":"2026-03-11T21:24:40.651Z","repository":{"id":330006790,"uuid":"1121277840","full_name":"stephrobert/github-actions-training","owner":"stephrobert","description":null,"archived":false,"fork":false,"pushed_at":"2025-12-23T06:05:27.000Z","size":45,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-24T07:45:06.093Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stephrobert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-22T18:11:23.000Z","updated_at":"2025-12-23T06:05:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/stephrobert/github-actions-training","commit_stats":null,"previous_names":["stephrobert/github-actions-training"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/stephrobert/github-actions-training","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stephrobert%2Fgithub-actions-training","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stephrobert%2Fgithub-actions-training/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stephrobert%2Fgithub-actions-training/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stephrobert%2Fgithub-actions-training/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stephrobert","download_url":"https://codeload.github.com/stephrobert/github-actions-training/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stephrobert%2Fgithub-actions-training/sbom","scorecard":{"id":1240743,"data":{"date":"2025-12-23T06:05:36Z","repo":{"name":"github.com/stephrobert/github-actions-training","commit":"7592ff67f741df820b5c4e10abb8e2928720438f"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":6.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":0,"reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: outscale france contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"project was created in last 90 days. please review its contents carefully","details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:   9 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":10,"reason":"3 out of the last 3 releases have a total of 3 signed artifacts.","details":["Info: provenance for release artifact: github-actions-training-1.1.0.tar.gz.intoto.jsonl: https://api.github.com/repos/stephrobert/github-actions-training/releases/assets/331830373","Info: provenance for release artifact: github-actions-training-1.0.3.tar.gz.intoto.jsonl: https://api.github.com/repos/stephrobert/github-actions-training/releases/assets/331827462","Info: provenance for release artifact: github-actions-training-1.0.2.tar.gz.intoto.jsonl: https://api.github.com/repos/stephrobert/github-actions-training/releases/assets/331826050"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yml:61","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:18","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yml:19","Info: found token with 'none' permissions: .github/workflows/release.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-12-25T19:05:08.753Z","repository_id":330006790,"created_at":"2025-12-25T19:05:08.753Z","updated_at":"2025-12-25T19:05:08.753Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30401669,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T21:02:20.017Z","status":"ssl_error","status_checked_at":"2026-03-11T20:59:32.667Z","response_time":84,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-11T21:24:40.081Z","updated_at":"2026-03-11T21:24:40.638Z","avatar_url":"https://github.com/stephrobert.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TP GitHub Actions pour Dev \u0026 Ops\n\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/stephrobert/github-actions-training/badge)](https://scorecard.dev/viewer/?uri=github.com/stephrobert/github-actions-training)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n\nBienvenue dans ce projet de **Travaux Pratiques GitHub Actions** !\n\nCes TP vous guideront dans l'apprentissage pratique de **GitHub Actions** pour\nl'automatisation CI/CD. Chaque TP est organisé dans un **sous-dossier** avec son\npropre énoncé et des tests de validation. Au début, les explications seront\ndétaillées, mais très vite, vous serez plus autonome.\n\n## Pré-requis\n\n### Compte GitHub\n\n- Un compte **GitHub** (gratuit suffit pour commencer)\n- Un dépôt de test (fork de ce projet ou nouveau dépôt)\n- **GitHub CLI** installé (optionnel mais recommandé)\n\n### Environnement local\n\n- **Git** installé et configuré\n- Un éditeur de code (VS Code recommandé avec l'extension GitHub Actions)\n- **act** pour tester les workflows localement\n- **actionlint** pour valider la syntaxe des workflows\n\n- [**Installation de Git**](https://blog.stephane-robert.info/docs/developper/version/git/)\n- [**Installation de Docker**](https://blog.stephane-robert.info/docs/conteneurs/moteurs-conteneurs/docker/)\n- [**Installation de GitHub CLI**](https://blog.stephane-robert.info/docs/pipeline-cicd/github/gh-cli/)\n- [**Installation de act**](https://blog.stephane-robert.info/docs/pipeline-cicd/github/act/)\n- [**Installation de actionlint**](https://blog.stephane-robert.info/docs/pipeline-cicd/github/actionlint/)\n\n**Vérifications rapides :**\n\n```bash\ndocker --version\ngit --version\ngh --version\nact --version\nactionlint --version\n```\n\n## Documentation obligatoire\n\nAvant de commencer un TP, vous devez **lire la documentation** liée au sujet sur\n[mon site de documentation](https://blog.stephane-robert.info/docs/pipeline-cicd/github/).\n\nChaque énoncé précisera quelle section lire.\n**Aucune aide ne sera donnée sur des notions qui y sont expliquées.**\n\n**Lectures recommandées :**\n\n- [Tout savoir sur GitHub Actions CI/CD](https://blog.stephane-robert.info/docs/pipeline-cicd/github/)\n- [Sécurité GitHub Actions](https://blog.stephane-robert.info/docs/pipeline-cicd/github/securite/)\n- [Documentation officielle GitHub Actions](https://docs.github.com/en/actions)\n\n## Structure du projet\n\nChaque TP est placé dans un **sous-dossier** indépendant :\n\n```bash\n/github-actions-training/\n│\n├── tp-01-premier-workflow/        # Créer son premier workflow\n├── tp-02-events-triggers/         # Événements et déclencheurs\n├── tp-03-contexts-expressions/    # Contexts et expressions\n├── tp-04-variables-secrets/       # Variables et secrets\n├── tp-05-matrix-strategy/         # Stratégies de matrix\n├── tp-06-conditions-if/           # Conditions et contrôle de flux\n├── tp-07-cache-artifacts/         # Cache et artifacts\n├── tp-08-reusable-workflows/      # Workflows réutilisables\n├── tp-09-composite-actions/       # Actions composites\n├── tp-10-self-hosted-runners/     # Runners self-hosted\n├── tp-11-securite-permissions/    # Sécurité et permissions\n├── tp-12-oidc-cloud/              # OIDC et déploiements cloud\n├── tp-13-attestations-slsa/       # Attestations et provenance SLSA\n└── tp-14-projet-final/            # Projet de synthèse\n```\n\n## Parcours d'apprentissage\n\n### 🟢 Niveau Débutant (TP 01-04)\n\nObjectif : comprendre les bases de GitHub Actions\n\n| TP | Sujet | Durée estimée |\n|----|-------|---------------|\n| 01 | Premier workflow | 30 min |\n| 02 | Events et triggers | 45 min |\n| 03 | Contexts et expressions | 1h |\n| 04 | Variables et secrets | 45 min |\n\n### 🟡 Niveau Intermédiaire (TP 05-09)\n\nObjectif : maîtriser les patterns avancés\n\n| TP | Sujet | Durée estimée |\n|----|-------|---------------|\n| 05 | Matrix strategy | 1h |\n| 06 | Conditions et if | 45 min |\n| 07 | Cache et artifacts | 1h |\n| 08 | Reusable workflows | 1h30 |\n| 09 | Composite actions | 1h |\n\n### 🔴 Niveau Avancé (TP 10-14)\n\nObjectif : sécuriser et industrialiser\n\n| TP | Sujet | Durée estimée |\n|----|-------|---------------|\n| 10 | Self-hosted runners | 1h30 |\n| 11 | Sécurité et permissions | 1h30 |\n| 12 | OIDC et cloud | 1h30 |\n| 13 | Attestations et SLSA | 2h |\n| 14 | Projet final | 3h |\n\n## Validation des exercices\n\nChaque TP contient :\n\n1. **Un README.md** avec l'énoncé et les tutoriels\n2. **Un dossier `challenge/`** avec un exercice à réaliser\n3. **Des tests automatisés** pour valider votre travail\n\nPour valider un challenge :\n\n```bash\ncd tp-XX-xxx/challenge\n# Suivre les instructions du README.md\n...\n...\n# Puis exécuter les tests\n./validate.sh\n```\n\n## Conseils pour réussir\n\n1. **Lisez la doc avant de coder** : chaque TP indique les sections à lire\n2. **Testez localement avec `act`** : plus rapide que de pousser à chaque fois\n3. **Validez vos workflows avec `actionlint`** : détecte les erreurs avant le push\n4. **Utilisez les logs** : `ACTIONS_RUNNER_DEBUG=true` pour le debug\n5. **Commitez souvent** : un commit = une étape fonctionnelle\n6. **Sécurité d'abord** : ne jamais commiter de secrets !\n\n## Outils de développement local\n\nCette section détaille les outils pour travailler efficacement sur vos workflows\n**sans avoir à pousser sur GitHub à chaque modification**.\n\n### actionlint — Valider la syntaxe des workflows\n\n[actionlint](https://github.com/rhysd/actionlint) est un linter qui détecte les\nerreurs de syntaxe, les problèmes de sécurité et les mauvaises pratiques dans\nvos fichiers workflow.\n\n**Utilisation :**\n\n```bash\n# Valider tous les workflows du projet\nactionlint\n\n# Valider un workflow spécifique\nactionlint .github/workflows/ci.yml\n\n# Afficher les erreurs au format JSON (pour intégration CI)\nactionlint -format json\n```\n\n**Exemple de sortie :**\n\n```\n.github/workflows/ci.yml:15:9: property \"runs-on\" is required\n.github/workflows/ci.yml:23:17: \"actions/checkout@v3\" should be pinned by SHA\n```\n\n**Intégration VS Code :**\nInstallez l'extension [actionlint](https://marketplace.visualstudio.com/items?itemName=arahata.linter-actionlint)\npour voir les erreurs directement dans l'éditeur.\n\n**Ce que actionlint détecte :**\n\n| Type d'erreur | Exemple |\n|---------------|---------|\n| Syntaxe YAML invalide | Indentation incorrecte, caractères spéciaux |\n| Propriétés manquantes | `runs-on` oublié dans un job |\n| Expressions invalides | `${{ secrets.TOKEN }` (accolade manquante) |\n| Actions non épinglées | `uses: actions/checkout@v4` (recommande SHA) |\n| Permissions trop larges | `permissions: write-all` |\n| Shells non supportés | `shell: zsh` sur un runner ubuntu |\n\n### Vérifier le code Python avant de créer le workflow\n\nAvant de créer votre workflow CI, assurez-vous que le code Python fonctionne\nlocalement. Voici la procédure complète :\n\n**1. Se placer dans le dossier du challenge :**\n\n```bash\ncd tp-01-premier-workflow/challenge\n```\n\n**2. Créer un environnement virtuel (recommandé) :**\n\n```bash\n# Créer l'environnement\npython3 -m venv .venv\n\n# Activer l'environnement\nsource .venv/bin/activate  # Linux/macOS\n# ou\n.venv\\Scripts\\activate     # Windows\n```\n\n**3. Installer les dépendances :**\n\n```bash\npip install -r requirements.txt\n```\n\n**4. Vérifier la syntaxe Python (sans exécuter) :**\n\n```bash\n# Vérifier la syntaxe de tous les fichiers Python\npython3 -m py_compile src/*.py tests/*.py\n\n# Si aucune erreur n'apparaît, la syntaxe est correcte\n```\n\n**5. Lancer les tests localement :**\n\n```bash\n# Exécuter pytest\npytest\n\n# Avec plus de détails\npytest -v\n\n# Voir la couverture de code\npytest --cov=src\n```\n\n**6. Vérifier le style du code (optionnel mais recommandé) :**\n\n```bash\n# Installer les linters\npip install ruff black\n\n# Vérifier le style avec ruff\nruff check .\n\n# Formater le code avec black\nblack --check .  # Vérifier seulement\nblack .          # Appliquer le formatage\n```\n\n**Exemple de session complète :**\n\n```bash\n$ cd tp-01-premier-workflow/challenge\n$ python3 -m venv .venv \u0026\u0026 source .venv/bin/activate\n$ pip install -r requirements.txt\n...\n$ pytest -v\n========================= test session starts ==========================\ncollected 4 items\n\ntests/test_calculator.py::test_add PASSED                         [ 25%]\ntests/test_calculator.py::test_subtract PASSED                    [ 50%]\ntests/test_calculator.py::test_multiply PASSED                    [ 75%]\ntests/test_calculator.py::test_divide PASSED                      [100%]\n\n========================== 4 passed in 0.02s ===========================\n```\n\nSi tous les tests passent localement, vous pouvez créer votre workflow CI !\n\n---\n\n### act — Exécuter les workflows localement\n\n[act](https://github.com/nektos/act) permet d'exécuter vos workflows GitHub Actions\nsur votre machine, sans pousser sur GitHub. Idéal pour le développement itératif.\n\n**Installation :**\n\n```bash\n# Linux\ncurl -s https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash\n\n# macOS\nbrew install act\n\n# Windows\nchoco install act-cli\n```\n\n**Pré-requis :** Docker doit être installé et en cours d'exécution.\n\n**Première utilisation :**\n\n```bash\n# Lancer le workflow par défaut (événement push)\nact\n\n# act vous demandera quelle image Docker utiliser :\n# - Micro   : ~200MB, fonctionnalités limitées\n# - Medium  : ~500MB, bon compromis (recommandé)\n# - Large   : ~18GB, image complète comme GitHub\n```\n\n**Commandes courantes :**\n\n```bash\n# Lister les workflows disponibles\nact -l\n\n# Exécuter un événement spécifique\nact push                    # Simule un push\nact pull_request            # Simule une PR\nact workflow_dispatch       # Déclenche manuellement\n\n# Exécuter un job spécifique\nact -j test                 # Lance uniquement le job \"test\"\n\n# Exécuter un workflow spécifique\nact -W .github/workflows/ci.yml\n\n# Mode verbose (voir les commandes exécutées)\nact -v\n\n# Passer des secrets (ne pas les mettre en clair dans l'historique !)\nact -s MY_SECRET=value\nact --secret-file .secrets  # Fichier .secrets (à ajouter au .gitignore !)\n```\n\n**Fichier de configuration `.actrc` :**\n\nCréez un fichier `.actrc` à la racine du projet pour éviter de répéter les options :\n\n```bash\n# .actrc\n-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-24.04\n-P ubuntu-24.04=ghcr.io/catthehacker/ubuntu:act-24.04\n--secret-file .secrets\n```\n\n**Limitations de act :**\n\n- ❌ Pas de support pour les services Docker (`services:`)\n- ❌ Les caches GitHub (`actions/cache`) ne fonctionnent pas\n- ❌ Pas d'accès aux secrets GitHub (il faut les passer manuellement)\n- ❌ Certaines actions du Marketplace peuvent ne pas fonctionner\n\n## Ressources complémentaires\n\n### Documentation officielle\n\n- [GitHub Actions Documentation](https://docs.github.com/en/actions)\n- [Workflow syntax reference](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions)\n- [Security hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)\n\n## Contribution\n\nLes contributions sont les bienvenues ! Consultez [CONTRIBUTING.md](CONTRIBUTING.md)\npour les guidelines.\n\n## Licence\n\nCe projet est sous licence MIT. Voir [LICENSE](LICENSE) pour plus de détails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstephrobert%2Fgithub-actions-training","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstephrobert%2Fgithub-actions-training","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstephrobert%2Fgithub-actions-training/lists"}