GitHub Actions Bootcamp

This is the sample app for GitHub Actions Presentation.

WARNING

• Please fork this repository and practice on it.
• You must enable GitHub Actions on the forked-repository.
• You just click I understand my workflows... button. If not, the Workflows may not run.

Lab 1: Hello, World!

There is an workflow located at .github/workflows/hello-world.yaml.

Let's add a new step into the Job named hello. It should execute the following command:

cat requirements.txt

1. In the main branch, open .github/workflows/hello-world.yaml then click the edit button:
2. Add new step into the job hello:

jobs:
  hello:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: echo "Hello, World!"
      - run: cat requirements.txt

3. Commit to forked-repository
4. Next, open Actions tab in GitHub. You will see the workflow hello-world.
5. Finally, make sure that you see the new step completed successfully:

Lab 2: Django CI

Now, let's create a new workflow django.yaml and perform Continuous Integration (CI) for the app.

1. Open your repository page in GitHub
2. Click on Actions tab
3. Click on New workflow button in the left column
4. Next, search workflow templates using keyword Django
5. In the search results, you will see the Django workflow template. Click on Configure button.
6. Now, set the python-version to v3.10:

      matrix:
        python-version: ["3.10"]

7. Commit and make sure that the workflow is running

Lab 3: Secrets

In this lab, the hello job should print Hello, $NAME! instead of Hello, World!.

The $NAME is an user-defined repository secret variable that will be injected by GitHub Actions.

1. Open Settings page
2. Open Secrets and variables > Actions
3. Add your repository secrets
4. Change the step:

jobs:
  hello:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - env:
          NAME: ${{ secrets.NAME }}
        run: echo "Hello, $NAME!"

5. Check your workflow logs:

Lab 4: Docker build & push

There is a Dockerfile file in this repository. It will be used to build the Docker image for this app.

Let's create a new workflow for automate-building the Docker images in GitHub Actions and push them to GitHub Container Registry.

Requirements:

• The workflow should only trigger when having the push and pull_request event on the main branch only.
• The workflow shouldn't push the images to the registry server during pull request.
• The workflow should push the image with tags: latest and build-${{ vars.GITHUB_RUN_NUMBER }}.

1. We use an Action Build and push Docker images in GitHub Marketplace
2. Scrolling down to the Git context section and copy the sample workflow YAML
3. Prepare your Docker repository secret: REGISTRY_SERVER=ghcr.io
4. Create new workflow docker.yaml file, paste the sample workflow.
5. First, let's modify the event triggers. In this case, we want to trigger this workflow when having new PR/push to the main branch (only main branch).

on:
  push:
    branches:
      - 'main'
  pull_request:
    branches:
      - 'main'

6. Next, make the login step use the registry server by reading Secrets:

      - name: Login to the container registry server
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY_SERVER }}   # User-defined repository secret variable. Value: ghcr.io
          username: ${{ github.repository_owner }}   # Pre-defined variable by GitHub Actions
          password: ${{ secrets.GITHUB_TOKEN }}      # Pre-defined variable by GitHub Actions

7. Add some args for the Build and push step

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: ${{ github.event_name == 'push' }}   # Only push Docker images to the registry server on the push event 
          tags: |-
            ${{ secrets.REGISTRY_SERVER }}/${{ github.repository }}:latest
            ${{ secrets.REGISTRY_SERVER }}/${{ github.repository }}:build-${{ vars.GITHUB_RUN_NUMBER }}

8. Check the workflow logs

Lab 5: Continuous Deployment using SSH

In this lab, we will setup continuous deployment for project using SSH key.

Requirements:

• Add new job named deploy. It should exec the deploy script.
• The deploy job will be trigger after the docker built/pushed successfully. If Docker CI failed, the deploy job shouldn't run.
• The deploy job shouldn't trigger during pull request.

Prepare:

• Generate a new SSH Key and add the public key to file ~/.ssh/authorized_keys
• Make sure you can open SSH connection from your local to the server
• Next, prepare some secret variables for your repository:
  • SSH_PRIVATE_KEY: The SSH private key (PEM format)
  • SSH_SERVER_IP: The IP address of the server
  • SSH_USER: The username will be used to authenticate with SSH server
• Now, let's add the deploy job:

  deploy:
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    needs: docker
    env:
      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
      SSH_SERVER_IP: ${{ secrets.SSH_SERVER_IP }}
      SSH_USER: ${{ secrets.SSH_USER }}
      DOCKER_IMAGE: ${{ secrets.REGISTRY_SERVER }}/${{ github.repository }}:build-${{ vars.GITHUB_RUN_NUMBER }}
    steps:
      - name: Run ssh-agent in background
        run: eval "$(ssh-agent -s)"
      - name: Add SSH Key
        run: |-
          echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
          ssh-add -l
      - name: Run deploy script
        run: |-
          ssh $SSH_USER@$SSH_SERVER_IP -t "docker pull $DOCKER_IMAGE"
          ssh $SSH_USER@$SSH_SERVER_IP -t "DOCKER_IMAGE=$DOCKER_IMAGE docker-compose up -d"

• Commit and check the workflow logs