Files
logseq/pages/hls__SATToSE_2023_paper_1_1683189313287_0.md
T
2025-06-05 22:07:12 +02:00

6.2 KiB

file:: SATToSE_2023_paper_1_1683189313287_0.pdf file-path:: ../assets/SATToSE_2023_paper_1_1683189313287_0.pdf

  • workflows to rely on reusable components, the so-called Actions ls-type:: annotation hl-page:: 1 hl-color:: green id:: 6453706c-bdd2-4584-b316-9dc1b43ee920
  • . This paper presents preliminary insights on the dependency network induced by these Actions. ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537082-9991-4f1a-bca2-9a1f45f753a8
  • ecosystem of Actions ls-type:: annotation hl-page:: 1 hl-color:: green id:: 6453708c-15ad-43da-b0c4-0933a5487fb4
  • 2,817 Actions having received more than 10 stars on the GitHub Marketplace in January 2023, we report on the characteristics of these Actions and we explore to which extent they are developed using JavaScript, Docker or as composite Actions ls-type:: annotation hl-page:: 1 hl-color:: green id:: 645370e4-a9dd-4d3e-999b-9462be22f53d
  • During collaborative development, a multitude of tasks must be executed, including coding, debugging, testing, quality and security analysis, packaging and releasing software distributions, and so forth. ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537bc1-d789-4c6e-8031-9e0c6c244025
  • GitHub, hosting millions of software repositories and having served over 94 million users in 2022 ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537bd9-b2f8-4345-821c-515737f7e382
  • (CI/CD) was introduced to automate a plethora of repetitive development-related tasks ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537bff-dbb0-43f5-a059-334aa2367302
  • Only 18 months after its public release, GitHub Actions has become the dominant CI/CD service on GitHub [5]. ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537c0e-6c41-44b3-a611-3292c1890b24
  • J ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537c7d-7894-4ebc-8058-01469d20dd59
  • Actions can be developed in three different ways: using JavaScript code, using Docker containers, or through the mechanism of composite Actions. ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537c81-03ac-411f-ba9f-984e679e93c5
  • This justifies the current article, which studies the dependency network of Actions that are developed through GitHub repositories and published on the GitHub Marketplace ls-type:: annotation hl-page:: 1 hl-color:: green id:: 64537c9b-64fd-4e72-b520-c5f84f8f6a8c
  • 𝑅𝑄1.1 What are the characteristics of Actions distributed through the GitHub Marketplace? ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537db4-a585-48ae-834e-3a0e1f39741c
  • How do different types of Actions evolve? ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537db8-7806-4918-ace5-2cfaf63d6451
  • 𝑅𝑄1.2 How do different types of Actions evolve? ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537dbf-8901-4e90-bb0c-8c773daef041
  • dependency characteristics for the three types of Actions ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537dc9-293b-412c-9ac3-533c18b5eb8b
  • Several empirical studies have evaluated the adoption and usage details of Actions, typically by analysing data from GitHub repositories that use and adopt them for specific automation tasks. ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537e5c-c2d4-4cdb-b178-3e2283ef7234
  • They characterised the repositories and their workflows by analysing job types, steps and used Actions. ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537f1f-c5f9-47a6-bbd7-e0893a9b557b
  • developers tend to favour Actions created by verified individuals and having a higher number of stars ls-type:: annotation hl-page:: 2 hl-color:: green id:: 64537f51-027d-4d14-9b1c-a1253337c464
  • rior studies that have explored dependencies in other software ecosystems. ls-type:: annotation hl-page:: 2 hl-color:: green id:: 6453bb9e-9d5e-41b2-93c9-afdfc1de14a9
  • package managers and registries ls-type:: annotation hl-page:: 2 hl-color:: green id:: 6453bbaa-bfb9-460f-b89a-ea6d72a3b53c
  • GitHub Actions is a CI/CD tool integrated into GitHub to allow maintainers of GitHub repositories to automate a wide range of task ls-type:: annotation hl-page:: 3 hl-color:: green id:: 6453bbc3-d6cf-4124-8b02-3fbed912a054
  • Jobs are defined in terms of the steps that will be executed when the workflow is triggered. ls-type:: annotation hl-page:: 3 hl-color:: green id:: 6453bbd8-d15c-4f78-b9e5-0d95f7a298fb
  • The first method is expected to be computationally expensive and time-consuming. ls-type:: annotation hl-page:: 3 hl-color:: green id:: 6453bc00-0d3b-4676-8880-c518d70bd21f
  • GitHub Actions has become the de facto CI/CD automation service for GitHub repositories ls-type:: annotation hl-page:: 8 hl-color:: green id:: 6453bc47-0436-4e6a-b004-8a7c5b29b44c
  • we distinguished between three types of Actions: those that are developed using JavaScript, those that are developed using Docker, and finally the so-called composite Actions. ls-type:: annotation hl-page:: 8 hl-color:: green id:: 6453bc5a-420d-4a8a-b720-3eb9cc642de2
  • Docker ls-type:: annotation hl-page:: 8 hl-color:: green id:: 6453bc60-f2ac-4fe9-b20b-11648db4031d
  • JavaScript Actions have many dependencies towards npm packages, leading to a huge number of transitive dependencies that are deeply nested in the dependency tree ls-type:: annotation hl-page:: 8 hl-color:: purple id:: 6453bc6e-7c25-4ae5-b8c8-04fc2d1ebad7 hl-stamp:: 1683209328794
  • we intend to assess the impact of security vulnerabilities and maintainability issues on the GitHub Action ecosystem due to its cross-ecosystem dependencies to Docker images and npm packages. ls-type:: annotation hl-page:: 8 hl-color:: purple id:: 6453bc87-547a-431f-8450-f28969bb9f5b
  • Through this process, we extracted 2,817 distinct Actions and their associated metadata including their primary and secondary categories, the name of the repository in which the Action is developed, its number of stars, issues, pull requests, and so on ls-type:: annotation hl-page:: 4 hl-color:: purple id:: 6453bcf0-eb08-4c96-af90-8e2cebd74930