GitHub Actions

Action Description Source Status / Logs
ASAN Build the code using the Address Sanitizer asan.yml
Build and Test Build the code and run some tests build-and-test.yml
CIFuzz Code Fuzzing cifuzz.yml
CodeQL Static Code Checking codeql.yml
Coveralls Code coverage tests coveralls.yml
Coverity Static analysis of the code coverity.yml
Debug Test all configure's --debug-* options debug.yml
Docker Build a docker image to speed up automated builds ubuntu.yml
Doxygen Build code docs doxygen.yml
Fedora Do test builds on some Fedora releases fedora.yml
macOS Test builds on macOS macos.yml
Translate Update the Translation Leaderboard translate.yml
XUnused Check for unused functions xunused.yml


GitHub Actions allow us automate lots of common tasks, such as:

  • Building the code
  • Testing the code
    • Unit tests
    • Static tests
  • Code Coverage
  • Deployment
    • Updating docs
    • Updating web pages

An Action is a YAML config file which can conditionally run commands and scripts.
It lives in the .github/workflows directory in a git repo.

Actions are triggered by GitHub events, e.g.

  • Pushing a commit to a branch
  • Creating or updating a pull-request
  • Scheduled, e.g. “Mondays at 3am”

See also:

Common Behaviour

3rd-Party Actions

NeoMutt’s Actions use several other published Actions.
Our most frequently used are:

See also:


Actions run in containers. These containers are empty.
If we want to build our code, then we need to install all the build tools.

We can do this, but it’s slow and creates a lot of network traffic.

To speed things up, we’ve created a Docker image that contains all the tools we’ll need.

See also:

Workflow Triggers

Some actions can be triggered by workflow_dispatch, meaning they’re manual.

If the actions supports it…

  • Go to the log page
  • Select a branch using the “Run workflow” dropdown
  • Hit the “Run workflow” button

workflow button


Many of NeoMutt’s Actions deploy their results.

Secrets and Tokens

A basic Action, like build, doesn’t require any privileges.
It uses publicly available resources: a couple of repos.

However, many of the Actions require a token in order to write to repos, or upload to services such as Coverity.

For security, these tokens are encrypted and stored by GitHub. They are only decrypted when the Action needs them.

Using tokens means we don’t have to set up and install ssh keys.

Creating a Secret Token

First, we create a Personal access token.

Generate a new token and set the permissions that the Action will require.
For the Translate Action, we’ve granted it:

  • [X] repo – Full control of repositories

This will display a token like: ghp_9BNi2SkEWkcXPHvOhR9Yqtzqs313Cekj56JP

Next, create the Secret.
We create a Repository secret – it can only be accessed by the neomutt repo.

New repository secret:

  • Secret: ghp_9BNi2SkEWkcXPHvOhR9Yqtzqs313Cekj56JP
    (from the instructions above)

Now, the Actions in the NeoMutt repo will be able to use ${{ secrets.TEST_DEPLOY_KEY }}

See also:

Search by Algolia