I have created GitHub Environment Secrets for staging and productions for example
Enviroment > Production > DB_PASS
and
Enviroment > Staging > DB_PASS
in my workflow I have
on:
push:
branches:
- main
- staging
jobs:
deploy:
environment: Production
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Debug Secret
run: echo ${{ secrets.DB_PASS}}
How can I change the environment to Staging when branch merged is staging, probably by using
gihub.ref for the branch name. I tried passing the value dynamically to environment from the previous job using needs.job1.outputs.output1 but it didn't work.
I found that some developer on Stackoverflow has suggested using a prefix in secret names
like
PROD_DB_PASS
STG_DB_PASS
but is there any better and cleaner way to do this?
Like you mentioned github.ref is probably the best way to go about it.
on:
push:
branches:
- main
- staging
jobs:
deploy-production:
environment: Production
name: Deploy production
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- name: Debug Secret
run: echo ${{ secrets.DB_PASS }}
deploy-staging:
environment: Staging
name: Deploy staging
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/staging' }}
steps:
- name: Debug Secret
run: echo ${{ secrets.DB_PASS }}
Agreed there is a lot of duplicated code, but I think it is simpler, clearer and more reliable than dynamically passing the environment based on some previous job.
Related
Trying to make a CI pipeline that will bump root package.json and tag repo using a machine user access token, then have another workflow that triggers to make releases.
But currently, the release workflow never seems to fire.
Linke to a example repo https://github.com/labithiotis/ci-tag-release
I've noticed my PAT in github says it's never been used.
version.yml
name: Versioning
on:
workflow_run:
workflows: [CI]
branches: [main]
types:
- completed
jobs:
versioning:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
name: Increment Versions
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Increment API version
uses: phips28/gh-action-bump-version#master
env:
GITHUB_TOKEN: ${{ secrets.HAL_PAT }}
with:
tag-prefix: v
release.yml
name: Release
on:
push:
tags: ['v*']
jobs:
release:
name: Release Builds
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout#v2
- run: yarn
- run: yarn wsrun -p #kernel/plugin.main -m build
- name: Release Builds
uses: marvinpinto/action-automatic-releases#latest
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
prerelease: false
files: *
I need to build docker image form the source code of the current repository, run a container, then execute some API calls. How to do that with the github action?
name: Docs Generator
on:
pull_request:
types: [opened]
jobs:
pr-labeler:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Get the version
id: vars
run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
- name: Build the tagged Docker image
run: docker build . --file Dockerfile --tag service:${{steps.vars.outputs.tag}}
- name: Run docker image
docker run -v ${{ inputs.path }}:/src service:${{steps.vars.outputs.tag}}
- name: Call API
run: |
curl +x http://localhost:8080/test
.....
For this purpose, you could use a combination of https://github.com/marketplace/actions/build-and-push-docker-images and https://github.com/addnab/docker-run-action
The first would build and publish a container, and the second would take this container and run your commands there.
The example is below. I don't use this setup myself but I have tested it. Replace username/container with your username and container.
name: Docker Image CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
compile:
name: Build and run the container
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action#v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action#v1
- name: Login to DockerHub
uses: docker/login-action#v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action#v2
with:
push: true
tags: username/container
- name: Check out the repo
uses: actions/checkout#v2
- name: Run the build process with Docker
uses: addnab/docker-run-action#v3
with:
image: username/container:latest
options: -v ${{ github.workspace }}:/data
run: |
echo "Hello World"
Note that building a container is quite a long task and might deplete your Github Action limits quickly. You might consider building/publishing a container separately, or add better caching here (i.e. to rebuild it only on Dockerfile change)
Note that you need to set up DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets.
Instead of echo "Hello World", use the commands you want to run. The repo data will be in the /data directory, for this setup.
I have two workflows, develop.yml and production.yml.
develop is configured to run on develop:
name: Develop
on:
push:
workflow_dispatch:
branches:
- develop
jobs:
perform-linting:
runs-on: windows-latest
steps:
- name: Checkout repository code
uses: actions/checkout#v2
- name: Setup node
uses: actions/setup-node#v2
with:
node-version: "14.x"
- name: Install base dependencies
run: npm install
- name: Bootstrap
run: lerna bootstrap
- name: Run ESLint
run: lerna run lint
And production is configured to run on master:
name: Production
on:
push:
workflow_dispatch:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repo code
uses: actions/checkout#v2
- name: Deploy to Heroku
uses: akhileshns/heroku-deploy#v3.12.12
with:
heroku_api_key: ${{secrets.HEROKU_API_KEY}}
heroku_app_name: ${{secrets.HEROKU_APP_NAME}}
heroku_email: ${{secrets.HEROKU_EMAIL}}
However, pushing changes to develop or master will trigger both of these workflows to run:
In the above scenario, why is production being run when I only pushed to develop?
your configuration effectively says 'run on all pushes, only allow manual dispatch on a particular branch' (though the latter isn't an option it seems).
You probably mean:
develop.yml
name: Develop
on:
push:
branches:
- develop
workflow_dispatch:
production.yml
name: Production
on:
push:
branches:
- master
workflow_dispatch:
My Rust repository containing multiple subfolders.I would like to be able to build and test each of the projects for each pull request or when a new code is pushed to the master. So I created a ci.sh. Performing the action, I get a "Can't open ./scripts/ci.sh" error.
I've checked that ci.sh has been added to the repo.
What's the proper way to designate ci.sh's path?
name: Rust
on:
push:
branches: [master]
pull_request:
branches: [master]
env:
CARGO_TERM_COLOR: always
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Build, test, clippy all
# run: "${{ format('{0}/.github/scripts/ci.sh', github.workspace) }}" <-also can't find script
run: sh ./scripts/ci.sh
Directory Structure:
MY_EXAMPLES
- .github
- workflows
- scripts
- ci.sh
- build.yml
- EXAMPLE_1
- EXAMPLE_2
- EXAMPLE_3
I did the following and it worked.
echo hi > .github/workflows/scripts/ci.sh
name: test
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: test
run: sh .github/workflows/scripts/ci.sh
I have a project on GitHub, I want to setup CI job to build docker images and push to AWS ECR. My requirements are -
One single ci file (I have created.github/workflows/aws.yml)
CI job must trigger on the push to master and sandbox branches only
If pushed to sandbox branch, then docker images should be pushed ECR1
If pushed to master branch, then docker image should be pushed to ECR2
So far I have made the following CI file
.github/workflows/aws.yml -
name: CI
on:
pull_request:
branches:
- master
- sandbox
push:
branches:
- master
- sandbox
env:
AWS_REPOSITORY_URL_MASTER: ${{ secrets.AWS_REPOSITORY_URL_MASTER }}
AWS_REPOSITORY_URL_SANDBOX: ${{ secrets.AWS_REPOSITORY_URL_SANDBOX }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
build-and-push:
name: Build and push image to AWS ECR master
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Setup ECR
run: $( aws ecr get-login --no-include-email --region ap-south-1)
- name: Build and tag the image
run: docker build -t $AWS_REPOSITORY_URL_MASTER .
- name: Push
run: docker push $AWS_REPOSITORY_URL_MASTER
build-and-push-sandbox:
name: Build and push image to AWS ECR master
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Setup ECR
run: $( aws ecr get-login --no-include-email --region ap-south-1)
- name: Build and tag the image
run: docker build -t $AWS_REPOSITORY_URL_SANDBOX .
- name: Push
run: docker push $AWS_REPOSITORY_URL_SANDBOX
How will the script distinguish when to run build-and-push-master(triggered on master branch push) and build-and-push-sandbox(triggered on sandbox branch push)?
Add an if clauses at the job level:
jobs:
build-and-push:
name: Build and push image to AWS ECR master
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
steps:
and
build-and-push-sandbox:
name: Build and push image to AWS ECR sandbox
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/sandbox'
steps:
Alternatively, since the jobs are so similar, you can try to unify them and set an env variable $AWS_REPOSITORY to either ${{ secrets.AWS_REPOSITORY_URL_MASTER }} or ${{ secrets.AWS_REPOSITORY_URL_SANDBOX }}, depending on the value of github.ref.