Welcome back!
In a previous blog, we covered the basics of
GitHub, including how to create a repository, commit
changes, and push code. In this blog, we will explore some of the more advanced features of GitHub,
including automation, pull requests, and collaboration.
In this article, we wil be building on that knowledge and showing a couple more advanced example use cases for GitHub. The first will use GitHub Actions and workflows with secrets to
clear the Cloudflare cache on a website. The second will show how to download and sync files to a group of devices using
self-hosted runners.
GitHub Actions: Automate Everything
GitHub Actions is a powerful automation tool built into GitHub. It lets you automate workflows for building,
testing, and deploying code right from your repo. For example, you can set up an action to run a test
every time you push code, or automatically deploy your site when you merge to the main branch. Actions are defined
in YAML files under .github/workflows/
in your repo.
Custom Automation Example: Clearing Cloudflare Cache with GitHub Actions
GitHub Actions can be used for more than just code deployment—you can automate almost any task, including
interacting with external APIs and updating documentation. Here’s a real-world example I use that clears Cloudflare
cache when I need to make production changes.
name: Clear Cloudflare Cache
on:
workflow_dispatch:
jobs:
clear-cache:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Purge Everything in Cloudflare Zone
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
run: |
curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"purge_everything":true}'
GitHub Secrets: Secure Your Credentials
When automating deployments or integrations, you often need to use API keys or other sensitive data. GitHub Secrets
lets you securely store and use these values in your workflows. Secrets are encrypted and only exposed to workflows
you authorize. To use a secret, add it in your repository settings, then reference it in your workflow file like
${{ secrets.MY_SECRET_KEY }}
.
Secret Example: Saving Cloudflare Credentials
When your workflow needs to interact with external services like Cloudflare, you should never hard-code sensitive information (such as API tokens or zone IDs) directly in your code. Instead, use GitHub Secrets to securely store these values.
To add your Cloudflare credentials as secrets:
1. Go to your repository on GitHub.
2. Click Settings → Secrets and variables → Actions.
3. Click New repository secret.
4. Add CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID with their respective values.
In your workflow, you can reference these secrets like this:
${{ secrets.CLOUDFLARE_API_TOKEN }} and ${{ secrets.CLOUDFLARE_ZONE_ID }}
This keeps your credentials safe and ensures they are only available to workflows you authorize.
What is a GitHub Self-Hosted Runner?
A GitHub self-hosted runner is a machine that you own and manage (such as a server, desktop, VM, or even a
Raspberry Pi) that runs your GitHub Actions workflows. Instead of using GitHub’s cloud-hosted runners, you can use
your own hardware to execute jobs. This gives you more control over the environment, allows access to private
networks or internal resources, and can help with specialized hardware or software requirements.
When you register a self-hosted runner with your repository or organization, it listens for jobs from GitHub
Actions. When a workflow targets it (using runs-on: [self-hosted, YourLabel]
), the runner downloads the
job, executes it locally, and reports the results back to GitHub. Self-hosted runners are especially useful for
deployments, custom build environments, or syncing files across your own infrastructure.
How to Easily Install a Self-Hosted Runner
Setting up a self-hosted runner is straightforward. Here’s a quick guide:
1. Go to your repository on GitHub.
2. Click on Settings → Actions → Runners.
3. Click Add runner and choose your operating system.
4. Follow the instructions provided.
Example: Syncing Files to Multiple Devices with Self-Hosted Runners
Here’s an example workflow that syncs code to three different devices using workers and saving to a specific
location:
name: Sync All Repos locally
on:
push:
branches:
- main
jobs:
deploy_worker1:
runs-on: [self-hosted, Worker1]
steps:
- name: Pull latest changes
run: |
cd /home/huey/www
git pull
deploy_worker2:
runs-on: [self-hosted, Worker2]
steps:
- name: Pull latest changes
run: |
cd /home/huey/www
git pull
deploy_worker3:
runs-on: [self-hosted, worker3]
steps:
- name: Pull latest changes
run: |
cd /home/huey/www
git pull
In this workflow, each job targets a different self-hosted runner (Worker1, Worker2, worker3). When you push to the
main
branch, each worker pulls the latest changes from your repository. This approach helps you keep
multiple environments in sync automatically, reducing manual deployment steps and the risk of errors.
You can view the full workflow file in the repository here:
https://github.com/gregheffner/www/blob/main/.github/workflows/sync.yml
Wrapping Up: Real-World GitHub Actions for Websites and Infrastructure
As you can see, GitHub’s advanced features—Actions, Secrets, and self-hosted runners—make it possible to automate
almost every aspect of your development and deployment workflow. Whether you’re managing a static website, deploying
containers, or keeping multiple servers in sync, there’s a GitHub Action for the job.
Here are some real-world workflow examples from my cicd repository:
I served in the U.S. Army, specializing in Network Switching Systems and was attached to a Patriot Missile System Battalion. After my deployment and Honorable discharge, I went to college in Jacksonville, FL for Computer Science. I have two beautiful and very intelligent daughters. I have more than 20 years professional IT experience. This page is made to learn and have fun. If its messed up, let me know. Im still learning :)