Skip to main content
In this lesson you’ll perform a dry-run migration of a Jenkins job into a GitHub Actions workflow using the GitHub Actions Importer CLI. A dry run converts a Jenkins job (or pipeline) into an equivalent GitHub Actions workflow and writes the output files to a directory you specify. It does not open a pull request or modify any repositories — it only generates the converted workflow and logs the conversion process so you can inspect and iterate locally. What you will learn:
  • How to run a dry-run for a Jenkins job.
  • Where to find logs and the generated workflow file.
  • How to supply credentials and control conversion behavior.
  • Key flags and options to customize the dry-run output.

1. Run the dry-run command

Use the gh plugin for the GitHub Actions Importer to perform a dry run. Replace --source-url with the URL of the Jenkins job you want to convert and set --output-dir to the directory where the converted files should be written.
gh actions-importer dry-run jenkins \
  --source-url "http://jenkins.example.com/job/Generate%20ASCII%20Artwork/" \
  --output-dir tmp/dry-run
When the command completes it prints the location of the log file and any generated output file(s). Example compact output:
[2025-05-22 10:10:51] Logs: 'tmp/dry-run/log/valet-20250522-101051.log'
[2025-05-22 10:10:51] Output file(s):
   tmp/dry-run/Generate_ASCII_Artwork/.github/workflows/generate_ascii_artwork.yml

2. Inspect the logfile

A detailed logfile is produced in the output directory. The log shows the importer requesting the job’s config.xml, locating transformers for Jenkins features, and writing the workflow YAML. This helps you identify any gaps in the conversion or steps that may need manual adjustment. Example excerpt from the logfile:
# Logfile created on 2025-05-22 10:10:51 +0000 by logger.rb/v1.6.0
I, [2025-05-22T10:10:51.167421 #1]  INFO -- : Using GitHub Features: Defaults
I, [2025-05-22T10:10:51.169121 #1]  INFO -- : request: GET http://139.84.149.83:8080/job/Generate%20ASCII%20Artwork/config.xml
I, [2025-05-22T10:10:51.252549 #1]  INFO -- : response: Status 200
D, [2025-05-22T10:10:51.262487 #1]  DEBUG -- : [Transformers::Jenkins::DesignerPipeline::Jobs]: Located transformer for 'hudson.tasks.Shell'
D, [2025-05-22T10:10:51.339226 #1]  DEBUG -- : [Transformers::Jenkins::DesignerPipeline::Env]: Located transformer for 'org.jenkinsci.plugins...'
I, [2025-05-22T10:10:51.341622 #1]  INFO -- : Output file(s):
I, [2025-05-22T10:10:51.352145 #1]  INFO -- :  tmp/dry-run/Generate_ASCII_Artwork/.github/workflows/generate_ascii_artwork.yml
I, [2025-05-22T10:10:51.539123 #1]  INFO -- : request: GET https://api.github.com/user
I, [2025-05-22T10:10:51.836812 #1]  INFO -- : response: Status 200
I, [2025-05-22T10:10:51.838139 #1]  INFO -- : Sending telemetry with transaction id '11ebd3df-87dc-4e38-a189-ba2650ff0d4c'
The log confirms which built-in transformers were used (for example, shell transformer and secret build wrapper transformer) and shows the path of the generated workflow.

3. Open the generated workflow YAML

The dry-run writes the converted workflow YAML under the specified output directory. Review the file to validate the conversion, adjust environment mappings, secrets, or steps as needed. Example converted workflow (trimmed and corrected for clarity):
name: Generate_ASCII_Artwork
on:
  workflow_dispatch:
env:
  m_username: "${{ secrets.MONGO_DB_PASSWORD_M_USERNAME }}"
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v4.1.0
      - name: run_command
        shell: bash
        run: |-
          # Build a message by invoking ADVICESLIP API
          curl -s REDACTED://api.adviceslip.com/advice > advice.json
          cat advice.json
          # Test to make sure the advice message has more than 5 words.
          jq -r .slip.advice < advice.json > advice.message
          if [ "$(wc -w < advice.message)" -gt 5 ]; then
            echo "Advice has more than 5 words"
          else
            echo "Advice - $(cat advice.message) has 5 words or less"
          fi
          # Deploy / display
          echo "$m_username"
          sudo apt-get update -y
          sudo apt-get install cowsay -y
          echo "$PATH"
          export PATH="$PATH:/usr/games:/usr/local/games"
          cat advice.message | cowsay -f "$(ls /usr/share/cowsay/cows | shuf -n 1)"
Notes on the conversion:
  • Jenkins environment variables are mapped into env: (secrets preserved as secrets.* where possible).
  • Shell steps are converted into run steps using a single bash script block.
  • Sensitive values are preserved as secret references when they could be detected.
Use dry-run when you want a local, inspectable conversion of a Jenkins job before migrating it into a repository. It helps validate transformation choices (actions, transformers, secrets) without modifying your repos.

4. Why use dry-run instead of audit?

Both audit and dry-run can help with migration analysis, but dry-run is designed for safe, iterative conversions:
  • Writes the converted workflow to disk for local inspection and testing.
  • Produces detailed logs that indicate transformer choices and potential issues.
  • Accepts overrides (credentials, allowed actions, custom transformers, features) on a per-run basis so you can simulate different migration settings.

5. Common options for dry-run

Run --help to see the full list of options:
gh actions-importer dry-run jenkins --help
Key flags and what they do:
FlagPurposeExample
-s, --source-url <source-url>The URL of the Jenkins job to migrate (REQUIRED).--source-url "http://jenkins.example.com/job/MyJob/"
-o, --output-dir <output-dir>Destination for the generated files (REQUIRED).--output-dir tmp/dry-run
-u, --jenkins-instance-url <jenkins-instance-url>Jenkins instance base URL.--jenkins-instance-url "http://jenkins.example.com"
-n, --jenkins-username <jenkins-username>Username for the Jenkins instance.--jenkins-username siddharth
-t, --jenkins-access-token <jenkins-access-token>Access token for Jenkins.--jenkins-access-token xxxxxxxxx
--github-access-token <github-access-token>Access token for GitHub (used for telemetry or repo access if provided).--github-access-token ghp_XXXX
--allowed-actions <allowed-actions>Comma-separated list to restrict mapped GitHub Actions.--allowed-actions actions/checkout@v4,actions/setup-node@v3
--custom-transformers <custom-transformers>Paths to custom transformer files for special Jenkins steps.--custom-transformers ./my_transformers.rb
--enable-features / --disable-featuresToggle specific GHES/feature flags used during transformation.--enable-features someFeature
`--yaml-verbosity <info|minimal|quiet>`Control the verbosity of YAML output.--yaml-verbosity info
--no-telemetryDisable telemetry during the dry-run.--no-telemetry
--no-ssl-verifyDisable SSL certificate verification for HTTP requests.--no-ssl-verify
Note: The full help output contains many more flags such as --credentials-file, --source-file-path, and --github-instance-url. Use --help for complete details.

6. Supplying credentials and overrides

You can provide Jenkins and GitHub credentials either through environment variables or by passing the corresponding CLI flags. Example environment variables (replace placeholders with real tokens/URLs):
export GITHUB_ACCESS_TOKEN="ghp_XXXXXXXXXXXX"
export GITHUB_INSTANCE_URL="https://github.com"
export JENKINS_ACCESS_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export JENKINS_INSTANCE_URL="http://139.84.149.83:8080/"
export JENKINS_USERNAME="siddharth"
Or provide them directly on the CLI:
gh actions-importer dry-run jenkins \
  --source-url "http://139.84.149.83:8080/job/Generate%20ASCII%20Artwork/" \
  --output-dir tmp/dry-run \
  --jenkins-username siddharth \
  --jenkins-access-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
  --github-access-token ghp_XXXXXXXXXXXX
Security tip: prefer environment variables or a credentials file to avoid exposing secrets in shell history.

7. Allowed actions, transformers, and features

  • --allowed-actions: Restrict which GitHub Actions the importer may map Jenkins steps to. Useful to enforce an approved action list.
  • --allow-verified-actions and --allow-github-created-actions: Enforce stricter policies for action selection during conversion.
  • --custom-transformers: Provide custom conversion logic for Jenkins plugins or steps not covered by built-in transformers.
  • --enable-features / --disable-features: Toggle features that influence how the importer maps Jenkins behavior to GitHub Actions capabilities.

8. Summary and next steps

  • gh actions-importer dry-run jenkins converts a Jenkins job into a GitHub Actions YAML file and writes it to disk without creating PRs.
  • Inspect the logfile and generated YAML to validate the conversion and identify any manual adjustments required.
  • Use CLI flags or environment variables to control credentials, allowed actions, transformers, and features.
  • After validating the dry-run output, proceed with a final migrate step or manually commit the generated workflow to your repo.
That’s all for this lesson.

Watch Video