MSc Project -CMP060L050H: Workshop 3

ALi JAddoa

Part-2: Automating Your GitHub Project with GitHub Actions

GitHub Actions lets you automate tasks in your repositories. In this lab, you will create workflows to automate project tracking, verify structure, and flag incomplete tasks using Actions written in YAML (check it (YAML) out here ).

Create the Workflow Directory

1. In your GitHub repository, click Add file > Create new file (or you can create the file however you like)
2. Name the file:

   .github/workflows/hello-world.yml
   

Action 1: Your First GitHub Action – Hello World

name: Hello World

on: 
  push:

jobs:
  say-hello:
    runs-on: ubuntu-latest

    steps:
      - name: Print a greeting
        run: echo "Hello, World! This is your first GitHub Action."

What it does: Runs on every push and prints a greeting in the Actions log.

Check and View the Action

1. Navigate to the Actions tab in your GitHub repository
2. Click on the Hello World workflow run
3. Expand the say-hello job and the Print a greeting step

You should see:

Hello, World! This is your first GitHub Action.

This confirms that your Action executed successfully.

Action 2: Automate Weekly Log Creation

In this task, you will automate the creation of a weekly project log. Every Monday morning, GitHub Actions will generate a new Markdown file with a predefined structure to help you track your progress, document challenges, and plan upcoming tasks.

This kind of automation is especially useful for managing MSc projects, dissertations, or team-based collaboration work. You will also learn how to schedule tasks using cron syntax and configure auto-commits via GitHub Actions.

Instructions

1. Create a new workflow file

1. In your GitHub repository, click Add file > Create new file
2. Name the file:

   .github/workflows/weekly-log.yml
   

2. Use the following YAML

name: Weekly Log Generator

on:
  schedule:
    - cron: '0 9 * * 1'  # Runs every Monday at 09:00 UTC
  workflow_dispatch:      # Allows manual triggering from the Actions tab

jobs:
  generate-log:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Create weekly log file
        run: |
          FILE_NAME="weekly-log-$(date +'%Y-%m-%d').md"
          echo "# Weekly Log - $(date +'%A, %d %B %Y')" > $FILE_NAME
          echo "- Tasks completed:" >> $FILE_NAME
          echo "- Challenges faced:" >> $FILE_NAME
          echo "- Plans for next week:" >> $FILE_NAME

      - name: Commit and push log file
        run: |
          git config user.name "github-actions"
          git config user.email "actions@github.com"
          git add *.md
          git commit -m "Add weekly log $(date +'%Y-%m-%d')"
          git push

Note on Scheduling

Choose a time close to now for testing.

For example, today is Wedensday (which is 3 in cron), and the time is 10:30, then use:

cron: '35 10 * * 1'

This will trigger the job at 10:35 UTC. You can also use https://crontab.guru to understand and customise the timing.

3. Commit and test

• Click Commit changes
• Go to the Actions tab
• Select the Weekly Log Generator workflow
• Click Run workflow to trigger it manually

Notes

1. What does cron: '0 9 * * 1' mean?

   The cron value controls when the workflow runs automatically. This is a standard cron expression, which GitHub uses to schedule workflows in UTC time.

   | Field | Value | Description | |---------------|--------|-----------------------------------| | Minute | 0 | At minute 0 | | Hour | 9 | At 09:00 (9 AM) | | Day of Month | * | Every day of the month | | Month | * | Every month | | Day of Week | 1 | On Monday (where Sunday = 0 or 7)|

   Meaning: The action will run every Monday at 09:00 UTC.

   If you're in the UK, note this means:

   • 09:00 local time in winter (GMT)
   • 10:00 local time in summer (BST)

   You can modify the time by changing the values. Use https://crontab.guru to try different schedules and understand how they work.

2. workflow_dispatch: Adds a button in the Actions tab to manually trigger the workflow.

3. Permissions: This will only work if GitHub Actions has push access to your branch. Make sure you're working on a repository you own.

Output

The result will be a new file in your repository like:

weekly-log-2025-06-02.md

With this content:

Weekly Log - Monday, 2 June 2025
- Tasks completed:
- Challenges faced:
- Plans for next week:

You can then edit and fill it in later with updates for your supervisor or your own record-keeping.yaml

Challenge: Try to redo the scehdule action but on push and not using cron

Action 3: Detect TODO Comments and Generate a Markdown Report

In this task, you will use a GitHub Action to automatically scan your code for any TODO comments and generate a Markdown report. This can be useful for tracking unfinished tasks or reminders in your codebase.

What This Workflow Does

• It looks through your project for any lines containing the word TODO
• It creates a file called TODO-Report.md that lists each file and line where a TODO comment is found
• The report is committed and pushed back to your repository

The Workflow File

Create a new file in .github/workflows/todo-scan.yml and paste the following:

name: Detect TODO Comments

on:
  push:

jobs:
  scan-todo:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Search for TODOs and export to Markdown
        run: |
          echo "## TODO Report - $(date)" > TODO-Report.md
          echo "" >> TODO-Report.md
          echo "| File | TODO Comment |" >> TODO-Report.md
          echo "|------|---------------|" >> TODO-Report.md
          grep -rn --exclude-dir=.git "TODO" . | while IFS=: read -r file line content
          do
            printf "| \`%s\` | %s |
" "$file:$line" "$content" >> TODO-Report.md
          done

      - name: Commit and push TODO Report
        run: |
          git config user.name "github-actions"
          git config user.email "actions@github.com"
          git add TODO-Report.md
          git commit -m "Update TODO Report - $(date +'%Y-%m-%d')"
          git push

Try It Yourself

1. Open or create a Python file in your repository, for example example.py.
2. Add a TODO comment inside the code. For example:

# TODO: Optimise this logic
def sample_function():
    pass

3. Save the file.

Commit and Push

Now open your terminal and push the changes:

git add .
git commit -m "Added TODO comment"
git push

Check the Action and Report

1. Go to your GitHub repository.
2. Click the Actions tab and open the latest run of "Detect TODO Comments".
3. After it completes, go back to the Code tab and open the newly created file TODO-Report.md.

You should see a table listing your TODO comment with the file and line number.

Extension Task

• Try adding multiple TODOs in different files.
• See how the report automatically updates.
• Experiment with detecting other keywords like FIXME, HACK, or custom tags.

Action4: Automate Visualisation Task – Weekly Security Incidents

Here you will use GitHub Actions to automate the visualisation of weekly cybersecurity incident data. This is a practical way to integrate automation into your MSc project, research activity, or log monitoring routine.

Step 1: Create a Dataset

Add the following file to your repository: File: security_incidents.csv

This dataset reflects common cybersecurity incident types and their frequencies.

Step 2: Add Your Python Script

You have two options:

• Download the script file and place it in your repository
• OR manually create the Python visualisation script using the code below

File: plot_security_incidents.py

import pandas as pd
import matplotlib.pyplot as plt

# Load the dataset
df = pd.read_csv("security_incidents.csv")

# Create a bar chart
plt.figure(figsize=(10, 6))
plt.bar(df["category"], df["incident_count"], color="tomato")

# Add title and labels
plt.title("Weekly Security Incidents by Category")
plt.xlabel("Incident Type")
plt.ylabel("Number of Incidents")
plt.xticks(rotation=45)
plt.grid(axis="y", linestyle="--", alpha=0.7)

# Save output
plt.tight_layout()
plt.savefig("security_incidents_chart.png")

Step 3: Create the GitHub Action

Create the following workflow file to automate the execution of the Python script.

File: .github/workflows/plot_incidents.yml

name: Security Incident Visualisation

on:
  workflow_dispatch:  # Allows manual execution from the Actions tab

jobs:
  generate-chart:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.x'

      - name: Install Python dependencies
        run: pip install pandas matplotlib

      - name: Run the plotting script
        run: python plot_security_incidents.py

      - name: Commit and push generated chart
        run: |
          git config user.name "github-actions"
          git config user.email "actions@github.com"
          git add security_incidents_chart.png
          git commit -m "Auto-generated security incident chart"
          git push

Step 4: Run and Verify

After committing and pushing your changes:

1. Go to the Actions tab in your GitHub repository
2. Select Security Incident Visualisation
3. Click Run workflow

After a short while, you should see the generated chart:

security_incidents_chart.png

This image contains your auto-generated bar chart based on the incident data.

Extra:

Below you can learn more about:

• GitHub Actions
• MS Short Course

Author: Dr Ali Jaddoa
Email: Ali.Jaddoa@roehampton.ac.uk

Thank you for reading this MDBook. If you have any questions or suggestions, feel free to reach out.