|
1 | 1 | # GitHub Actions Workflows
|
2 | 2 |
|
3 |
| -## Setup |
4 |
| -- workloads run using [GitHub self-hosted runners](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners) |
5 |
| -- project admins maintain a private Google Compute Engine VM for running tests |
6 |
| - - VM should be at least n1-standard-4 with 50GB persistent disk |
7 |
| - - instructions for setting up the VM can be found in repo settings under "Actions" |
8 |
| - - ⚠️ WARNING: VM should be set up with no GCP service account |
9 |
| - - external contributors could contribute malicious PRs to run code on our test VM. Ensure no service accounts or other secrets exist on the VM |
10 |
| - - An empty GCP project should be used for extra security |
11 |
| - - to set up dependencies, run the following commands: |
12 |
| - ``` |
13 |
| - # install kubectl |
14 |
| - sudo apt-get install -yqq kubectl git |
15 |
| -
|
16 |
| - # install go |
17 |
| - curl -O https://storage.googleapis.com/golang/go1.12.9.linux-amd64.tar.gz |
18 |
| - tar -xvf go1.12.9.linux-amd64.tar.gz |
19 |
| - sudo chown -R root:root ./go |
20 |
| - sudo mv go /usr/local |
21 |
| - echo 'export GOPATH=$HOME/go' >> ~/.profile |
22 |
| - echo 'export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin' >> ~/.profile |
23 |
| - source ~/.profile |
24 |
| -
|
25 |
| - # install addlicense |
26 |
| - go get -u github.com/google/addlicense |
27 |
| - sudo ln -s $HOME/go/bin/addlicense /bin |
28 |
| -
|
29 |
| - # install kind |
30 |
| - curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(uname)-amd64" && \ |
31 |
| - chmod +x ./kind && \ |
32 |
| - sudo mv ./kind /usr/local/bin |
33 |
| -
|
34 |
| - # install skaffold |
35 |
| - curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ |
36 |
| - chmod +x skaffold && \ |
37 |
| - sudo mv skaffold /usr/local/bin |
38 |
| -
|
39 |
| - # install docker |
40 |
| - sudo apt install -yqq apt-transport-https ca-certificates curl gnupg2 software-properties-common && \ |
41 |
| - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - && \ |
42 |
| - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \ |
43 |
| - sudo apt-get update && \ |
44 |
| - sudo apt-get install -yqq docker-ce && \ |
45 |
| - sudo usermod -aG docker ${USER} |
46 |
| -
|
47 |
| - # logout and back on |
48 |
| - exit |
49 |
| - ``` |
50 |
| - - ensure GitHub Actions runs as background service: |
51 |
| - ``` |
52 |
| - sudo ∼/actions-runner/svc.sh install |
53 |
| - sudo ∼/actions-runner/svc.sh start |
54 |
| - ``` |
55 |
| -
|
56 |
| -
|
57 |
| ---- |
58 |
| -## Workflows |
59 |
| -
|
60 |
| -### ci.yaml |
61 |
| -
|
62 |
| -#### Triggers |
63 |
| -- commits pushed to master |
64 |
| -- PRs to master |
65 |
| -- PRs to release/ branches |
66 |
| -
|
67 |
| -#### Actions |
68 |
| -- ensures kind cluster is running |
69 |
| -- builds all containers in src/ |
70 |
| -- deploys local containers to kind |
71 |
| - - ensures all pods reach ready state |
72 |
| - - ensures HTTP request to frontend returns HTTP status 200 |
73 |
| -- deploys manifests from /releases |
74 |
| - - ensures all pods reach ready state |
75 |
| - - ensures HTTP request to frontend returns HTTP status 200 |
| 3 | +This page describes the CI/CD workflows for the Online Boutique app, which run in [Github Actions](https://github.com/GoogleCloudPlatform/microservices-demo/actions). |
| 4 | + |
| 5 | +## Infrastructure |
| 6 | + |
| 7 | +The CI/CD pipelines for Online Boutique run in Github Actions, using a pool of two [self-hosted runners]((https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners)). These runners are GCE instances (virtual machines) that, for every open Pull Request in the repo, run the code test pipeline, deploy test pipeline, and (on master) deploy the latest version of the app to [onlineboutique.dev](https://onlineboutique.dev) |
| 8 | + |
| 9 | +We also host a test GKE cluster, which is where the deploy tests run. Every PR has its own namespace in the cluster. |
| 10 | + |
| 11 | +## Workflows |
| 12 | + |
| 13 | +**Note**: In order for the current CI/CD setup to work on your pull request, you must branch directly off the repo (no forks). This is because the Github secrets necessary for these tests aren't copied over when you fork. |
| 14 | + |
| 15 | +### Code Tests - [ci-pr.yaml](ci-pr.yaml) |
| 16 | + |
| 17 | +These tests run on every commit for every open PR, as well as any commit to master / any release branch. Currently, this workflow runs only Go unit tests. |
| 18 | + |
| 19 | + |
| 20 | +### Deploy Tests- [ci-pr.yaml](ci-pr.yaml) |
| 21 | + |
| 22 | +These tests run on every commit for every open PR, as well as any commit to master / any release branch. This workflow: |
| 23 | + |
| 24 | +1. Creates a dedicated GKE namespace for that PR, if it doesn't already exist, in the PR GKE cluster. |
| 25 | +2. Uses `skaffold run` to build and push the images specific to that PR commit. Then skaffold deploys those images, via `kubernetes-manifests`, to the PR namespace in the test cluster. |
| 26 | +3. Tests to make sure all the pods start up and become ready. |
| 27 | +4. Gets the LoadBalancer IP for the frontend service. |
| 28 | +5. Comments that IP in the pull request, for staging. |
| 29 | + |
| 30 | +### Push and Deploy Latest - [push-deploy](push-deploy.yml) |
| 31 | + |
| 32 | +This is the Continuous Deployment workflow, and it runs on every commit to the master branch. This workflow: |
| 33 | + |
| 34 | +1. Builds the contaner images for every service, tagging as `latest`. |
| 35 | +2. Pushes those images to Google Container Registry. |
| 36 | + |
| 37 | +Note that this workflow does not update the image tags used in `release/kubernetes-manifests.yaml` - these release manifests are tied to a stable `v0.x.x` release. |
| 38 | + |
| 39 | +### Cleanup - [cleanup.yaml](cleanup.yaml) |
| 40 | + |
| 41 | +This workflow runs when a PR closes, regardless of whether it was merged into master. This workflow deletes the PR-specific GKE namespace in the test cluster. |
| 42 | + |
| 43 | +## Appendix - Creating a new Actions runner |
| 44 | + |
| 45 | +Should one of the two self-hosted Github Actions runners (GCE instances) fail, or you want to add more runner capacity, this is how to provision a new runner. Note that you need IAM access to the admin Online Boutique GCP project in order to do this. |
| 46 | + |
| 47 | +1. Create a GCE instance. |
| 48 | + - VM should be at least n1-standard-4 with 50GB persistent disk |
| 49 | + - VM should use custom service account with permissions to: access a GKE cluster, create GCS storage buckets, and push to GCR. |
| 50 | +2. SSH into new VM through the Google Cloud Console. |
| 51 | +3. Follow the instructions to add a new runner on the [Actions Settings page](https://github.com/GoogleCloudPlatform/bank-of-anthos/settings/actions) to authenticate the new runner |
| 52 | +4. Start GitHub Actions as a background service: |
| 53 | +``` |
| 54 | +sudo ~/actions-runner/svc.sh install ; sudo ~/actions-runner/svc.sh start |
| 55 | +``` |
| 56 | +5. Install project-specific dependencies, including go, docker, skaffold, and kubectl: |
| 57 | + |
| 58 | +``` |
| 59 | +wget -O - https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/.github/workflows/install-dependencies.sh | bash |
| 60 | +``` |
| 61 | + |
0 commit comments