https://github.com/acdh-oeaw/gl-autodevops-minimal-port

A minimal port of gitlabs AutoDevOps workflow to github actions

https://github.com/acdh-oeaw/gl-autodevops-minimal-port

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.8%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

A minimal port of gitlabs AutoDevOps workflow to github actions

Basic Info
  • Host: GitHub
  • Owner: acdh-oeaw
  • License: mit
  • Default Branch: main
  • Size: 353 KB
Statistics
  • Stars: 2
  • Watchers: 5
  • Forks: 5
  • Open Issues: 2
  • Releases: 0
Created about 4 years ago · Last pushed over 1 year ago
Metadata Files
Readme License

README.md

A port of the Gitlab AutoDevOps Workflow to GitHub Actions

This repository contains reusable workflows that try to achieve the same result as the

  • build
  • custom test and
  • deploy

stages of the Gitlab AutoDevOps workflow.

Usage

To use this you add a starter.yaml to .github/workflows in your GitHub repository with something like this:

```yaml name: workflows starter

env: is empty, see setup-env and the outputs there

on: push: {} workflowdispatch: {} jobs: setupworkflow_env: runs-on: ubuntu-latest

Optionally specify the environment that should be used on this branch

# environment: review/dev
outputs:

It seems you have to specify the environment twice (passed to reusable workflow)

as there is no way yet to get the active environment

  # environment: review/dev

or see the switch on ref_name script below

  environment: ${{ steps.get_environment_from_git_ref.outputs.environment }}
  environment_short: ${{ steps.get_environment_from_git_ref.outputs.environment_short }}
  image_name: your-image-name

Please note that the next line only works correctly with repositories that don't contain

upper case characters. If you have such a repo name please replace ${{ github.repository }}

with org/repo-name (all lower case).

E. g. ACDH-OEAW/OpenAtlas-Discovery -> acdh-oeaw/openatlas-discovery

  registry_root: ghcr.io/${{ github.repository }}/
  default_port: "5000"

Usually you don't deal with all commits since the repository was created.

Increase if you e.g don't find a tag you want to display in the application

  fetch-depth: 10
  submodules: "true"

herokuishbaseimage: ghcr.io/acdh-oeaw/herokuish-for-cypress/main:latest-22

  APP_NAME: your-app-name

This together with the branch name is also used as the namespace to deploy to

  APP_ROOT: "/"     
  # SERVICE_ID: "99999" # Better use GtiHub environment variables for this
  # PUBLIC_URL: "https://some-stuff.acdh-ch-dev.oeaw.ac.at" # Use GitHub environment variables for a stable custom public url
  # POSTGRES_ENABLED: "false" # needs to be set to true to enable a postgres db installed next to the deployed app

You should not need to have to change anything below this line

-----------------------------------------------------------------------------------------------------

steps:
  - name: Get environment from git ref
    id: get_environment_from_git_ref
    run: |
      echo "Running on branch ${{ github.ref_name }}"
      if [ "${{ github.ref }}" = "refs/heads/main" ]; then
        echo "environment=production"
        echo "environment=production" >> $GITHUB_OUTPUT
        echo "environment_short=prod" >> $GITHUB_OUTPUT
      else
        echo "environment=review/${{ github.ref_name }}"
        echo "environment=review/${{ github.ref_name }}" >> $GITHUB_OUTPUT
        echo "environment_short=$(echo -n ${{ github.ref_name }} | sed 's/feat\(ure\)\{0,1\}[_/]//' | tr '_' '-' | tr '[:upper:]' '[:lower:]' | cut -c -63 )" >> $GITHUB_OUTPUT
      fi

generateworkflowvars: needs: [setupworkflowenv] environment: name: ${{ needs.setupworkflowenv.outputs.environment }} runs-on: ubuntu-latest steps: - name: Generate PUBLICURL if not set id: generatepublicurl run: | kubeingressbasedomain="${{ vars.KUBEINGRESSBASEDOMAIN }}" publicurl="${{ needs.setupworkflowenv.outputs.PUBLICURL || vars.PUBLICURL }}" if [ "${publicurl}x" == 'x' ] then publicurl=https://${{ needs.setupworkflowenv.outputs.environmentshort }}.${kubeingressbasedomain} fi echo "publicurl=$publicurl" >> $GITHUBOUTPUT outputs:
PUBLIC
URL: ${{ steps.generatepublicurl.outputs.publicurl }} _1: needs: [setupworkflowenv, generateworkflow_vars] uses: acdh-oeaw/gl-autodevops-minimal-port/.github/workflows/build-cnb-and-push-to-registry.yaml@main secrets: inherit

if you run this outside of of an org that provides KUBE_CONFIG etc as a secret, you need to specify every secret you want to pass by name

with:
  environment: ${{ needs.setup_workflow_env.outputs.environment }}
  registry_root: ${{ needs.setup_workflow_env.outputs.registry_root }}
  image_name: ${{ needs.setup_workflow_env.outputs.image_name }}
  source_image: ${{ needs.setup_workflow_env.outputs.source_image }}
  default_port: ${{ needs.setup_workflow_env.outputs.default_port }}
  PUBLIC_URL: ${{ needs.generate_workflow_vars.outputs.PUBLIC_URL }}
  fetch-depth: ${{ fromJson(needs.setup_workflow_env.outputs.fetch-depth) }}
  submodules: ${{ needs.setup_workflow_env.outputs.submodules }}

2: needs: [setupworkflowenv, generateworkflow_vars] uses: acdh-oeaw/gl-autodevops-minimal-port/.github/workflows/herokuish-tests-db-url.yaml@main secrets: inherit

if you run this outside of acdh-oeaw yo uneed to specify every secret you want to pass by name

with:
  environment: ${{ needs.setup_workflow_env.outputs.environment}}
  registry_root: ${{ needs.setup_workflow_env.outputs.registry_root }}
  image_name: ${{ needs.setup_workflow_env.outputs.image_name }}
  default_port: ${{ needs.setup_workflow_env.outputs.default_port }}
  fetch-depth: ${{ fromJson(needs.setup_workflow_env.outputs.fetch-depth) }}
  herokuish_base_image: ${{ needs.setup_workflow_env.outputs.herokuish_base_image }}
  POSTGRES_ENABLED: ${{ needs.setup_workflow_env.outputs.POSTGRES_ENABLED }}
  PUBLIC_URL: ${{ needs.generate_workflow_vars.outputs.PUBLIC_URL }}
  submodules: ${{ needs.setup_workflow_env.outputs.submodules }}

3: needs: [setupworkflowenv, generateworkflow_vars, _1, _2] uses: acdh-oeaw/gl-autodevops-minimal-port/.github/workflows/deploy.yml@main secrets: inherit

if you run this outside of acdh-oeaw yo uneed to specify every secret you want to pass by name

KUBECONFIG: ${{ secrets.KUBECONFIG }}

KUBEINGRESSBASEDOMAIN: ${{ secrets.KUBEINGRESSBASEDOMAIN }}

POSTGRESUSER: ${{ secrets.POSTGRESUSER }}

POSTGRESPASSWORD: ${{ secrets.POSTGRESPASSWORD }}

POSTGRESDB: ${{ secrets.POSTGRESDB }}

K8SSECRETAVARNAME: ${{ }}

with:
  environment: ${{ needs.setup_workflow_env.outputs.environment}}
  fetch-depth: ${{ fromJson(needs.setup_workflow_env.outputs.fetch-depth) }}
  DOCKER_TAG: ${{ needs.setup_workflow_env.outputs.registry_root }}${{ needs.setup_workflow_env.outputs.image_name }}
  APP_NAME: ${{ needs.setup_workflow_env.outputs.APP_NAME }}-${{ needs.setup_workflow_env.outputs.environment_short }}
  APP_ROOT: ${{ needs.setup_workflow_env.outputs.APP_ROOT }}
  SERVICE_ID: ${{ needs.setup_workflow_env.outputs.SERVICE_ID }}
  PUBLIC_URL: ${{ needs.generate_workflow_vars.outputs.PUBLIC_URL }}
  POSTGRES_ENABLED: ${{ needs.setup_workflow_env.outputs.POSTGRES_ENABLED == 'true'}}
  default_port: "${{ needs.setup_workflow_env.outputs.default_port}}"
  submodules: ${{ needs.setup_workflow_env.outputs.submodules }}

```

You can pass many parameters variables like in gitlab or use GitHub's special read protected write only secrets. You can also use environments for having different parameters. For example KUBE_NAMESPACE or HELM_UPGRADE_EXTRA_ARGS can be set as project or environment variables. Deployment specific variables like KUBE_INGRESS_BASE_DOMAIN need to be set on the project level. Note: At least one variable and one secret need to be set on the project level else deploy.yaml will end with an error.

Variables and Secrets

GitHub has two ways of storing data with a repository but not in the gitted code: * Secrets are meant for data that is to be kept secret all as much as possible
Examples would be: * Database passwords * API secrets * Maybe API Keys/Access IDs * Access token * Even encoded files such as a Kubernetes configuration * Variables are a newer edition, that do provide a means to store some additional data that can be publicly available
Examples would be: * the public URL of a deployment * an ID of a deployment * the K8s namespace the deployment uses * API Keys/Access IDs

Also the same mechanism as in gl is implemented to pass Secrets and Variables to the build process and the running deployment (as a K8s Secret).

Variables and secrets can be set on three levels in GitHub: 1. Organization level (Org) 2. Repository level (Repo) 3. Environment level (Env)

A Variable or Secret in a higher level overrides a Variable or Secret with the same name in a lower level.

Note: GitHub Environment Variables are not automaticall Workflow environment variables (vars context vs. env context)

|Name|Required|Type|Level|Description| |----|:------:|----|:---:|-----------| |KUBECONFIG|:whitecheckmark:|Secret|Org|base64 encoded K8s config file. Usually set at the Org level and shared by all (public) repositories. |C2KUBECONFIG|:whitecheckmark:|Secret|Org|If you deploy using the workflow for the second cluster the C2 variant is used |KUBEINGRESSBASEDOMAIN|:whitecheckmark:|Variable|Org/Repo/Env|The DNS suffix used when generating URLs for the service |C2KUBEINGRESSBASEDOMAIN|:whitecheckmark:|Variable|Org/Repo/Env|If you deploy using the workflow for the second cluster the C2 variant is used |KUBENAMESPACE|:whitecheckmark:|Variable|Repo/Env|The K8s namespace the deployment should be installed to |PUBLICURL|:whitecheckmark:|Variable|Env|The URI that should be configured for access to the service |SERVICEID|:whitecheckmark:|Variable|Env|A K8s label ID is attached to the workload/deployment with this value (usually a number) |POSTGRESENABLED||Variable|Repo/Env|Boolean that determines if a PostgreSQL database is installed with the deployment but using a separate helm chart. Default is false. |POSTGRESVERSION||Variable|Repo/Env|Version (tag) of PostgreSQL to deploy. Default is 9.6.16 (for historical gl reasons) |POSTGRESHOST||Variable|Repo/Env|Hostname of an external PostgreSQL service |POSTGRESUSER||Variable|Env|Username for the PostgreSQL database. Will be configured for the new PostgreSQL deployment if POSTGRESENABLED is true |POSTGRESPASSWORD||Secret|Env|Password for the PostgreSQL database. Will be configured for the new PostgreSQL deployment if POSTGRESENABLED is true |POSTGRESDB||Variable|Env|Name of the PostgreSQL database to use. Will be created in the new PostgreSQL deployment if POSTGRESENABLED is true |DATABASEURL||Secret|Env|Credentials for a database passed to the running workload in a URL form (`dbtype://username:password@dbhost/dbname). This is automatically genereated for PostgreSQL database installed with the deployment. Store as a Secret as it usually contains the password. |HELM_UPGRADE_EXTRA_ARGS||Variable|Repo/Env|Used to set a few values from the Helm charts value.yaml using--setcommand line parameters tohelm. If you have to set more or nested values better use aauto-deploy-values.yamlfile in the git repository. Store as a Secret if you--setsensitive information (not recommended) |K8S_SECRET_||Variable/Secret|Repo/Env|PassesENVVARNAMEto the build process and to the running workload using a K8s secret |LC_K8S_SECRET_||Variable/Secret|Repo/Env|Passesenvvarname` to the build process and to the running workload using a K8s secret. GitHub does not allow Variables or Secrets to contain lower case letters (yet)|

Note: Some of the settings stored in variables above are also recognized as Secrets for legacy reasons. There is however no point in using them like this. Also some of the variables can be set in the suggested starter.yaml. This is only a useful place to set such variables if you don't work with environments.

Example DATABASEURLs: * postgres://deployment:abcd098ABCD:5432@dbserver.example.org/deployment * `postgres://$POSTGRESUSER:$POSTGRESPASSWORD@$POSTGRESHOST:5432/$POSTGRES_DB *mariadb://deployment:abcd098ABCD:3306@dbserver.example.org/deployment *mysql://deployment:abcd098ABCD:3306@dbserver.example.org/deployment`

For the POSTGRES_ variables see also the gl docs.

Customizing the deployment

The auto-deploy-app helm chart from gl we use can be tweaked in many ways with a values.yaml file.

If you store your settings as .github/auto-deploy-values.yaml or .gitlab/auto-deploy-values.yaml in the root of your repoitory it will be picked up by the deployment script and used to customize the auto-deploy-app chart.

Minimal code for your auto-deploy-values.yaml yaml replicaCount: 1 image: repository: $repository tag: "$tag" pullPolicy: Always secrets: [] extraLabels: "ID": "$service_id" gitlab: app: "$app_name" envURL: "$repo_url" service: enabled: true name: "web" url: "$public_url" type: ClusterIP externalPort: # the port your app runs on internalPort: # the port your app runs on ingress: enabled: true path: "/" annotations: kubernetes.io/ingressClassName: "nginx" #nginx.ingress.kubernetes.io/app-root: # the root route if it is not / livenessProbe: path: # path to your health check route, can be / initialDelaySeconds: 15 timeoutSeconds: 15 scheme: "HTTP" probeType: "httpGet" readinessProbe: path: # path to your health check route, can be / initialDelaySeconds: 5 timeoutSeconds: 3 scheme: "HTTP" probeType: "httpGet"

$var variables will be replaced with the current values for the action running at the moment.

See also: * auto-deploy-values.yaml created in deploy.yaml * possible $vars

If you need to further customize deployment (like deploying an extra service like solr with your application) you can store a bundled helm chart in a directory chart in your repository and that will be used instead of the generic auto-deploy-app chart from this repository.

See also the gl documentation.

TODO

Nothing right now

Source of the auto-deploy-app

The auto-deploy-app helm chart is part of the Gitlab cluster-integration auto-deploy-image repository

This helm chart should be updated onco in a while.

Note: At least one Secret and one Variable is required for the workflows in this repository to work. Usually at least a K8s config as secret and a KUBEINGRESSBASE_DOMAIN are set so this limitation is rarely encountered.

Owner

  • Name: Austrian Centre for Digital Humanities & Cultural Heritage
  • Login: acdh-oeaw
  • Kind: organization
  • Email: acdh@oeaw.ac.at
  • Location: Vienna, Austria

GitHub Events

Total
  • Issues event: 1
  • Push event: 7
  • Fork event: 1
Last Year
  • Issues event: 1
  • Push event: 7
  • Fork event: 1

Issues and Pull Requests

Last synced: over 1 year ago

All Time
  • Total issues: 3
  • Total pull requests: 1
  • Average time to close issues: about 11 hours
  • Average time to close pull requests: about 8 hours
  • Total issue authors: 3
  • Total pull request authors: 1
  • Average comments per issue: 0.33
  • Average comments per pull request: 1.0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 1
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 1
  • Pull request authors: 0
  • Average comments per issue: 0.0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
  • sennierer (1)
  • b1rger (1)
  • stefanprobst (1)
Pull Request Authors
  • sennierer (1)
Top Labels
Issue Labels
Pull Request Labels

Dependencies

.github/workflows/build-cnb-and-push-to-registry.yaml actions
  • actions/checkout v3 composite
  • buildpacks/github-actions/setup-pack v5.0.1 composite
  • docker/build-push-action v4 composite
  • docker/login-action v2 composite
  • docker/metadata-action v4 composite
  • docker/setup-buildx-action v2 composite
.github/workflows/build-herokuish-and-push-to-registry.yaml actions
  • actions/checkout v3 composite
  • docker/build-push-action v4 composite
  • docker/login-action v2 composite
  • docker/metadata-action v4 composite
  • docker/setup-buildx-action v2 composite
.github/workflows/deploy-cluster-2.yml actions
  • actions/checkout v3 composite
  • actions/upload-artifact v3 composite
  • docker/metadata-action v4 composite
.github/workflows/deploy.yml actions
  • actions/checkout v3 composite
  • actions/upload-artifact v3 composite
  • docker/metadata-action v4 composite
.github/workflows/herokuish-tests-db-url.yaml actions
  • actions/cache/restore v3 composite
  • actions/cache/save v3 composite
  • actions/checkout v3 composite
  • actions/upload-artifact v3 composite
  • docker/build-push-action v4 composite
  • docker/login-action v2 composite
  • docker/setup-buildx-action v2 composite
.github/workflows/herokuish-tests-multi-var.yaml actions
  • actions/cache/restore v3 composite
  • actions/cache/save v3 composite
  • actions/checkout v3 composite
  • actions/upload-artifact v3 composite
  • docker/build-push-action v4 composite
  • docker/login-action v2 composite
  • docker/setup-buildx-action v2 composite
.github/auto-deploy-app/test/go.mod go
  • cloud.google.com/go/compute v1.10.0
  • github.com/aws/aws-sdk-go v1.44.107
  • github.com/boombuler/barcode v1.0.1
  • github.com/cpuguy83/go-md2man/v2 v2.0.2
  • github.com/davecgh/go-spew v1.1.1
  • github.com/emicklei/go-restful/v3 v3.9.0
  • github.com/ghodss/yaml v1.0.0
  • github.com/go-errors/errors v1.4.2
  • github.com/go-logr/logr v1.2.3
  • github.com/go-openapi/jsonpointer v0.19.5
  • github.com/go-openapi/jsonreference v0.20.0
  • github.com/go-openapi/swag v0.22.3
  • github.com/go-sql-driver/mysql v1.6.0
  • github.com/gogo/protobuf v1.3.2
  • github.com/golang/protobuf v1.5.2
  • github.com/google/gnostic v0.6.9
  • github.com/google/gofuzz v1.2.0
  • github.com/google/uuid v1.3.0
  • github.com/gruntwork-io/go-commons v0.13.3
  • github.com/gruntwork-io/terratest v0.40.22
  • github.com/hashicorp/errwrap v1.1.0
  • github.com/hashicorp/go-multierror v1.1.1
  • github.com/imdario/mergo v0.3.13
  • github.com/jmespath/go-jmespath v0.4.0
  • github.com/josharian/intern v1.0.0
  • github.com/json-iterator/go v1.1.12
  • github.com/mailru/easyjson v0.7.7
  • github.com/mattn/go-zglob v0.0.3
  • github.com/mitchellh/go-homedir v1.1.0
  • github.com/moby/spdystream v0.2.0
  • github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
  • github.com/modern-go/reflect2 v1.0.2
  • github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
  • github.com/pmezard/go-difflib v1.0.0
  • github.com/pquerna/otp v1.3.0
  • github.com/russross/blackfriday/v2 v2.1.0
  • github.com/spf13/pflag v1.0.5
  • github.com/stretchr/testify v1.8.0
  • github.com/urfave/cli/v2 v2.17.1
  • github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
  • golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
  • golang.org/x/net v0.0.0-20220927171203-f486391704dc
  • golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
  • golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec
  • golang.org/x/term v0.0.0-20220919170432-7a66f970e087
  • golang.org/x/text v0.3.7
  • golang.org/x/time v0.0.0-20220922220347-f3bd1da661af
  • google.golang.org/appengine v1.6.7
  • google.golang.org/protobuf v1.28.1
  • gopkg.in/inf.v0 v0.9.1
  • gopkg.in/yaml.v2 v2.4.0
  • gopkg.in/yaml.v3 v3.0.1
  • k8s.io/api v0.25.2
  • k8s.io/apimachinery v0.25.2
  • k8s.io/client-go v0.25.2
  • k8s.io/klog/v2 v2.80.1
  • k8s.io/kube-openapi v0.0.0-20220928191237-829ce0c27909
  • k8s.io/utils v0.0.0-20220922133306-665eaaec4324
  • sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2
  • sigs.k8s.io/structured-merge-diff/v4 v4.2.3
  • sigs.k8s.io/yaml v1.3.0
.github/auto-deploy-app/test/go.sum go
  • 243 dependencies
.github/workflows/build-dockerfile-and-push-to-registry.yaml actions
  • actions/checkout v4 composite
  • docker/build-push-action v5 composite
  • docker/login-action v3 composite
  • docker/metadata-action v5 composite
  • docker/setup-buildx-action v3 composite