Skip to main content

Use the GitHub Actions Drone plugin

GitHub Actions are a GitHub feature that enable you to automate various event-driven activities in GitHub, such as cloning a repository, generating Docker images, and testing scripts.

Harness CI supports launching GitHub Actions as part of a pipeline stage using the generic Plugin step or the GitHub Action plugin steps.

This topic describes how to use the GitHub Actions Drone plugin in a Plugin step to run GitHub Actions. When your pipeline runs, the Github Actions Drone Plugin runs the GitHub Action in the background using nektos/act.

For information about the specialized GitHub Action plugin step, go to Use the GitHub Action plugin step.


These steps assume you have a CI pipeline with a Build stage that is connected to your codebase and has defined build infrastructure.

If you've never created a CI pipeline before, get started with the fastest CI on the planet or try the Kubernetes cluster build infrastructure tutorial. If you're new to Harness CI, you might want to review Harness CI concepts and CI pipeline concepts.

Add Build stage and connect codebase

Make sure you have a CI pipeline with a Build stage that is connected to your codebase.

To add a Build stage to an existing pipeline:

  1. Go to the pipeline you want to edit.
  2. In the Pipeline Studio, select Add Stage, and then select Build.
  3. Enter a Stage Name, enable Clone Codebase, and then select Set Up Stage.

To check codebase configuration for existing pipelines, select Codebase while viewing the pipeline in the Pipeline Studio. For more information about codebase configuration, go to Create and Configure a Codebase.

Define build infrastructure
  1. In the Pipeline Studio, select the Build stage, and then select the Infrastructure tab.
  2. Define the build farm for the codebase. For more information, go to Set up build infrastructure.

For more information about stage configuration, go to CI Build stage settings.


You can use expressions or Runtime Inputs for Platform settings.

Add the Plugin step

  1. In your pipeline's Build stage, and a Plugin step.

  2. Enter a Name and optional Description.

  3. For Container Registry, select a container registry connector that has DockerHub access.

  4. In the Image field, enter the name of the GitHub Actions Drone Plugin image: plugins/github-actions.

  5. Expand the Optional Configuration, and select Privileged.

    The GitHub Actions Drone Plugin uses nektos/act to run GitHub Actions in Harness CI. It requires DinD (Docker-in-Docker) to run your images. Hence, the Privileged attribute needs to be enabled to run with escalated permissions.

Define variables and attributes

Use Settings to specify the Github Action you want to use and to pass variables and attributes required by the Action and the Drone Plugin. You must specify uses and with. You can use env to specify environment variables, such as GitHub tokens to access private Action repos.

KeyDescriptionValue formatValue example
usesRequired. Specify the Action's repo, along with a branch or tag.[repo]@[tag]actions/setup-go@v3
withRequired. Provide a map of key-value pairs representing settings required by the GitHub Action itself.key: valuego-version: '>=1.17.0' or {path: pom.xml, destination: cie-demo-pipeline/github-action, credentials: <+stage.variables.GCP_SECRET_KEY_BASE64>}
envOptional. Specify a map of environment variables to pass to the Action.key: valueGITHUB_TOKEN: <+secrets.getValue("github_pat")>

You can use variable expressions for these values, such as credentials: <+stage.variables.[TOKEN_SECRET]>, which uses a stage variable.

                          - step:
identifier: gcsuploader
name: gcsuploader
type: Plugin
connectorRef: dockerhub # Your Docker connector ID
image: plugins/github-actions
privileged: true
uses: google-github-actions/upload-cloud-storage@main # The GitHub Action you want to use
with: # Action settings
path: pom.xml
destination: cie-demo-pipeline/github-action
credentials: <+stage.variables.GCP_SECRET_KEY_BASE64>

For more examples of GitHub Actions in Plugin steps, go to the GitHub Actions Support in Harness CI blog post.

Private Action repos

If you want to use an Action composite that is located in a private repository, you must add a GITHUB_TOKEN environment variable to the env settings. You need a GitHub personal access token that has pull permissions to the target repository. Additional permissions may be necessary depending on the Action's purpose.

  • Key: env
  • Value: GITHUB_TOKEN: <+secrets.getValue("[SECRET_NAME]")>

If you have multiple environment variables, add the GITHUB_TOKEN variable to the existing env map.


You can use a variable expressions, such as <+secrets.getValue("[SECRET_NAME]")> to call a token stored as a Harness Secret.

Here's an example of the YAML for a Plugin step using a private Action repo:

- step:
type: Plugin
name: private action
identifier: private_action
connectorRef: dockerhub
image: plugins/github-actions
privileged: true
uses: myorg/private-action-step@v1
path: pom.xml
GITHUB_TOKEN: <+secrets.getValue("github_pat")>

Test your pipeline

  1. Select Apply Changes to save the step settings, and then select Save to save the pipeline.
  2. Select Run to test the pipeline.

You can observe the GitHub Action in the build's logs.

Pipeline YAML example

The following YAML example includes a Plugin step that uses the Google upload-cloud-storage GitHub Action. The comments indicate values you must modify to use this code in your own Harness account.

name: gcp-upload-github-action # Configure your Pipeline name
identifier: gcpuploadgithubaction # Configure your Pipeline identifier
projectIdentifier: Demo_CI_pipelines # Configure your Project identifier
orgIdentifier: default # Configure your Organization
tags: {}
- stage:
identifier: gcp_upload_success_gha # Configure your Stage identifier
name: stage 1
type: CI
- name: GCP_SECRET_KEY_BASE64 # Configure your Secret Key Name
type: Secret
value: gcpbase64secret # Configure your Secret Key Value
- step:
identifier: gcsuploader # Configure your step identifier name
name: step one # Configure your step name
type: Plugin
connectorRef: dockerhub
image: plugins/github-actions
privileged: true
settings: # Configure your plugins Settings configuration
uses: google-github-actions/upload-cloud-storage@main
path: pom.xml
destination: cie-demo-pipeline/github-action
credentials: <+stage.variables.GCP_SECRET_KEY_BASE64>
infrastructure: # Configure your Infrastructure Settings
type: KubernetesDirect
connectorRef: buildfarm
namespace: cie-demo-pipeline
codebase: # Configure your Codebase
connectorRef: githubautouser
repoName: springboot
type: branch
branch: ci-autouser