跳到主要内容

Product Overview

What is AtomGit Action

AtomGit Action is the native automation pipeline engine of the AtomGit platform, adopting the Pipeline as Code concept, allowing you to define, trigger, and execute software delivery processes by writing YAML configuration files in your code repository. Pipeline configurations are stored alongside business code, versioned together, following the GitOps practice of Everything as Code.

Core Concepts

ConceptDescription
Pipeline as CodePipeline definitions are stored in the .gitcode/workflows/ directory, shared with business code for submission, review, and audit processes, all changes are traceable
Declarative ConfigurationDefine pipeline structure using concise YAML syntax, no need to write orchestration scripts, lowering the learning curve
Reusable OrchestrationAction plugins and reusable workflows (workflow_call) support cross-repository references and nested calls, avoiding repetitive maintenance
Security IsolationBuilt-in pull_request / pull_request_target dual-event model, Secret encryption storage, Token minimum permission control, ensuring pipeline security in Fork scenarios

Platform Capabilities Overview

Event-Driven: Multiple Trigger Methods

AtomGit Action supports a rich set of event triggers, covering the full range of code collaboration scenarios:

Trigger MethodDescriptionTypical Scenario
pushCode push triggerAutomatic build and deployment after main branch merge
pull_requestTrigger on PR creation, update, or mergePR code check, build validation
pull_request_targetSecure mode PR trigger (target branch context)Fork PR auto-tagging, comments (can access Secrets)
issue_commentIssue comment trigger/deploy command-based deployment
pull_request_commentPR comment trigger (supports regex filtering)Execute specific actions within PR comments
workflow_dispatchManual trigger (supports input parameters)Release specific versions, emergency hotfixes
workflow_callReusable workflow callOrganization-level standardized process orchestration
scheduleScheduled trigger (cron expression)Daily build, regular inspection

Each event supports branches, paths, tags and other filtering rules, precisely controlling the trigger scope. A single workflow can combine multiple trigger events.

Execution Orchestration: Stages + Jobs + Steps

AtomGit Action provides a two-tier orchestration mechanism, balancing flexibility and controllability:

Event → Workflow → Stages (serial) → Jobs (parallel within stage) → Steps (serial)
├─ run (Shell command)
└─ uses (Action plugin)
  • Stages Mechanism: Unique to AtomGit Action, stages are executed serially, jobs within a stage are parallel by default, supports fail_fast fast-fail strategy, suitable for delivery processes requiring strict gatekeeping
  • Needs Dependency Mechanism: DAG dependency orchestration at the job level, enabling flexible topological relationships
  • Post Processing: A unique post-processing stage in AtomGit Action, default run_always: true, used for notifications, cleanup, reporting, etc.
  • Matrix Strategy: Achieve parallel builds and tests across multiple OS, versions, and architectures through strategy.matrix

Runtime Environment: Managed + Self-hosted Runner

Runner TypeDescriptionTag Format
Official ManagedCloud resource pool ready to use, pre-installed with mainstream language toolchainsThree-part format {os},{arch},{flavor}, such as {ubuntu-24,x64,small}
Self-hostedSelf-built infrastructure, supports GPU, internal network, custom toolchainsself-hosted + custom tags

The official resource pool provides 6 specifications from 1 core 4G (slim) to 32 cores 128G (2xlarge), defaulting to [ubuntu-latest, x64, small] (2 cores 8G). It supports specifying a custom Docker image via the container field.

Variables and Secrets: Four-Level Configuration System

TypeScopeReference MethodApplicable Scenario
envworkflow / job / step three levels$VAR_NAME or ${{ env.VAR }}Temporary environment variables
varsorganization / project level${{ vars.VAR }}Cross-pipeline shared configuration
secretsorganization / project${{ secrets.NAME }}Sensitive information (passwords, Tokens) (logs automatically masked)
inputsworkflow_dispatch / workflow_call${{ inputs.NAME }}Workflow input parameters (only supports string type)

Context and Expressions

AtomGit Action provides 12 contexts, dynamically accessing runtime information in workflows using ${{ context.property }} expression syntax:

ContextDescriptionTypical Use
atomgitPlatform and event core informationBranch judgment atomgit.ref, event type atomgit.event_name
envCustom environment variablesVariable reference env.APP_NAME
varsConfiguration variablesDeployment target vars.DEPLOY_ENV
secretsEncrypted keysCredential reference secrets.DEPLOY_TOKEN
inputsInput parametersManual trigger parameters inputs.environment
job / jobsCurrent / called Job informationStatus judgment job.status
stepsStep information and outputsCross-step value passing steps.id.outputs.result
runnerRunner environment informationSystem runner.os, temporary directory runner.temp
matrix / strategyMatrix variables and strategy informationMatrix parameters matrix.version

Expressions support comparison operations, logical operations, status functions (success/failed/always/cancelled), and string functions (contains/startsWith/format/hashFiles, etc.).

Security and Permissions

Security CapabilityDescription
Secret Encryption StorageKeys are encrypted when created in the interface, logs automatically mask them as ***, Fork PRs default to not being able to access project Secrets
Token Minimum PermissionThe scope of ATOMGIT_TOKEN permissions is precisely controlled by the permissions field (read/write/none), supporting the minimal permission mode permissions: {}
PR Security IsolationIn the pull_request event, workflows in Fork repositories have only read permissions and cannot access Secrets; pull_request_target uses the workflow file of the target branch, preventing malicious PRs from tampering with execution logic
Concurrency ControlLimit the number of parallel runs for the same workflow through concurrency, supporting the IGNORE (ignore) and QUEUE (queue) strategies

Artifacts and Cache

CapabilityDescription
ArtifactsTransfer build artifacts across Jobs, supports upload/download, can set retention days
CacheFile-based dependency caching mechanism, accelerates dependency installation for npm, Maven, pip, Gradle, etc., through key + restore-keys prefix matching

Overview of Workflow File Structure

A complete AtomGit Action workflow file includes the following core fields:

name: Example Pipeline                   # Workflow name

on: # Trigger event
push:
branches: [main]
workflow_dispatch:
inputs:
environment:
type: string

env: # Workflow-level environment variables
APP_NAME: my-app

defaults: # Default settings
run:
shell: bash

concurrency: # Concurrency control
enable: true
max: 3
exceed-action: QUEUE

permissions: # Permission declaration
repository: read
pr: write

stages: # Stage definition (optional)
- name: build-stage
fail_fast: true
jobs:
build:
runs-on: [ubuntu-latest, x64, small]
steps:
- uses: checkout
- run: make build

- name: deploy-stage
jobs:
deploy:
runs-on: [ubuntu-latest, x64, small]
steps:
- run: make deploy

post: # Post-processing stage
run_always: true
steps:
- run: echo "notification"