Merge pull request #42 from camihmerhar/Updates-Sub-OD-4.1.1-4.1.8

Updated content for 4.1.1-4.1.8

Author: lavanyanooka

learn-pr/github/manage-github-actions-enterprise/includes/manage-actions-workflows.md

@@ -111,7 +111,9 @@ Once a workflow template is created, users in your organization can find it unde
 
 :::image type="content" source="../media/workflow-template.png" alt-text="Workflow template example." border="false":::
 
-<!-- INFOMAGNUS UPDATES for sub OD 4.1.8. go here. Source Material: Infomagnus team to find source material and cite it. -->
+<!-- INFOMAGNUS UPDATES for sub OD 4.1.8. go here. Source Material: Infomagnus team to find source material and cite it. 
+https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets-->
+
 ## Reusable Templates for Actions and Workflows
 
 GitHub Actions allows for **workflow automation**, and a key part of managing workflows efficiently is using **reusable templates**. Reusable templates help standardize and streamline development across multiple repositories, reducing redundancy and improving maintainability.
@@ -248,3 +250,95 @@ By leveraging workflow templates, enterprises can:
 - Enforce best practices across repositories.
 - Accelerate onboarding and setup for new projects.
 - Maintain consistency in CI/CD processes.
+
+
+## Rule sets and Actions
+### Repository Rule Sets
+Repository rule sets are part of GitHub’s branch protection rules and repository protection features introduced to enforce policies for branches and tags across repositories. They allow you to standardize configurations across multiple branches or an entire organization. Defines reusable branch protection and tag protection rules. You can apply them to multiple repositories, branches, or tag patterns. Rule sets also provides fine-grained access and enforcement, including bypass permissions, commit requirements, and review restrictions.
+
+##### Components of Rule Sets
+- Target: The branches or tags the rule set applies to. You can use wildcard patterns (e.g., main, release/*).
+- Commit Requirements:
+    - Require signed commits.
+    - Require linear history (no merge commits).
+    - Restrict force pushes or deletions.
+- Pull Request Requirements:
+    - Require a pull request before merging.
+    - Require a certain number of approving reviews.
+    - Dismiss stale pull request approvals.
+    - Require status checks to pass before merging.
+- Bypass Permissions:
+    - Grant specific roles or teams the ability to bypass some or all rules.
+- Enforcement: Rule sets can be configured as active or dry-run for testing without enforcement.
+
+##### Use Cases:
+- Enforcing CI/CD quality gates.
+- Mandating code review practices.
+- Preventing accidental deletion or force-pushes.
+- Standardizing commit conventions across repositories.
+
+##### How to Configure (UI/CLI/API):
+- UI: Go to your repository > Settings > Rules > Create Rule Set.
+- CLI (gh): Use GitHub CLI extensions or APIs.
+- API: [GitHub REST API V3](https://docs.github.com/en/rest/repos/rules)
+
+### GitHub Actions
+GitHub Actions is a powerful CI/CD and automation framework built directly into GitHub.
+
+##### Key Concepts:
+- Workflow: A YAML file that defines the automation process. Stored in .github/workflows/.
+- Job: A set of steps run on the same runner. Jobs can run in parallel or sequentially.
+- Step: A single task like running a command or action.
+- Runner: The execution environment (GitHub-hosted or self-hosted).
+- Action: A reusable component that can be called in workflows. Actions can be written in JavaScript or as Docker containers.
+
+##### Core Features:
+- Event-driven: Trigger workflows on events like push, pull_request, schedule, or custom webhooks.
+- Matrix Builds: Run tests across multiple OS and language versions.
+- Caching & Artifacts: Speed up builds and preserve build output.
+- Environment Secrets: Securely inject API keys and credentials.
+- Job Dependencies: Define dependencies using needs.
+
+##### Sample Workflow:
+
+```sh
+name: CI Pipeline
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+      - run: npm install
+      - run: npm test
+
+```
+
+##### Popular Use Cases:
+- Running tests and linters on pull requests.
+- Deploying applications to AWS/Azure/GCP.
+- Automating version bumps and releases.
+- Notifying Slack/Teams of deployments or failures.
+
+##### Best Practices:
+- Use reusable workflows (.github/workflows/reusable.yml).
+- Store secrets in GitHub Secrets.
+- Use third-party verified Actions with caution.
+- Leverage caching for faster builds.
+- Avoid hardcoding credentials.
+
+##### Summary:
+Combining Rule Sets and GitHub Actions enhances repo governance:
+- Rule Sets can enforce that certain Actions (e.g., tests) must pass before merges.
+- Required status checks can point to specific workflows.
+- You can enforce review requirements alongside automated quality gates.