Starting Github Action Workflows From Observable

Using Observable as the front end for Github Actions is a great way to provide a nice interface without the hassle of hosting anything. Recently I developed a notebook library that allows authenticated and unauthenticated users to kick off Action workflow via a repository dispatch.

A repository dispatch triggers Github Action workflows via an authenticated HTTP request. See the documentation on Github. From there you can do all kinds of things, even programmatically creating commits.

In this article, we document two major ways to trigger actions from Observable notebooks.

1. authenticated, where notebook readers provide the access token to trigger a workflow
2. pre-authenticated, where the notebook author configures a proxy using their own creds, so anybody can trigger workflows on the author’s blessed path.

Repository Dispatch Client Library for Observable

The authenticated dispatch function takes an access token, plus the other options, to perform the dispatch

Example Usecase 1: Pass Personal Token In Notebook

To use our simple dispatch function, we need a Github API access token. A simple way is to ask the reader for one.

Note: If you use localStorageView you can remember the input across page sessions in local storage.

There are situations where you don’t want the reader to provide a token. For this, we need to introduce a secure environment.

Code executed on webcode.run is remote, and so secrets are not exposed to notebook readers. By creating a proxy to do the request, we can expose Github workflows to the public without requiring them to supply tokens. Instead, the secret can be set in the inline UI (or at @endpointservices/secrets). But default, the secret should be called github_token, but you can override this in the createDispatchProxy arguments.

Note, configuration of the dispatch function has to be done when creating the proxy…