Using Observable as the front end for Github Actions is a great way to provide a nice interface without the hassle of hosting anything. Recently I developed a notebook library that allows authenticated and unauthenticated users to kick off Action workflow via a repository dispatch.
A repository dispatch triggers Github Action workflows via an authenticated HTTP request. See the documentation on Github. From there you can do all kinds of things, even programmatically creating commits.
In this article, we document two major ways to trigger actions from Observable notebooks.
- authenticated, where notebook readers provide the access token to trigger a workflow
- pre-authenticated, where the notebook author configures a proxy using their own creds, so anybody can trigger workflows on the author’s blessed path.
Repository Dispatch Client Library for Observable
The authenticated dispatch function takes an access token, plus the other options, to perform the dispatch
Example Usecase 1: Pass Personal Token In Notebook
To use our simple dispatch function, we need a Github API access token. A simple way is to ask the reader for one.
Note: If you use localStorageView you can remember the input across page sessions in local storage.
There are situations where you don’t want the reader to provide a token. For this, we need to introduce a secure environment.
Code executed on webcode.run is remote, and so secrets are not exposed to notebook readers. By creating a proxy to do the request, we can expose Github workflows to the public without requiring them to supply tokens. Instead, the secret can be set in the inline UI (or at @endpointservices/secrets). But default, the secret should be called
github_token, but you can override this in the
Note, configuration of the dispatch function has to be done when creating the proxy…