Using Github Actions for Production Deployment

Github Actions makes it easy for developers to automate software workflows like code deployment, running automated test suites and other CI/CD operations. The end goal of each workflow varies from case to case. We use it on daily basis for staging and production deployments. In this post, we will be going through the input parameters, code deployment flow and using encrypted secrets.

Jenkins vs Github Actions

Before Github Actions, we used tools like Jenkins for staging and production deployments. Jenkins setup needs significant infrastructure resources and maintenance by the DevOps team. With Github Actions, you don't need any infra setup. You just need to define workflow steps in a yml file.

Actions can run on any language, including Node.js, Ruby, Python, PHP and a lot more languages. Every action creates detailed logs that can be used to troubleshoot deploys in realtime while your actions are running. GitHub Actions have a very strong community of developers with several templates of prebuilt actions, examples, and workflows so you don’t have to start from scratch.

Workflow YML/YAML File Format

Each workflow is written in its own file and follows a yml syntax. File extension could be yml or yaml and the name of the file could be anything that the developer decides. All the workflow yml files must be placed under the “.github/workflows” directory of your repository.

Automatic Trigger of Github Actions

Github Actions is fully integrated into Github. GitHub Actions let you build, test, and deploy your code right from GitHub. There are specific activities called events that trigger an Action. For example, you can trigger an Action when new code is pushed to the repository or when a pull request is created or merged.

Production Deployment Workflow

In this article, I’m going to share how we are using github workflow for our production deployment. The way it works is that you create actions in your repositories by creating one or more yml files. Let's create “.github/workflows/production.yml” file which will do a production deployment. You need to commit this file in your repository.

Specify Input Parameters

You can create Github Actions with or without parameters. Following  production.yml file expects 2 input parameters for deployment.

name: Production Deploy

on:
  workflow_dispatch:
    inputs:
      branch:
        description: 'Enter github branch name to be deployed'
        required: true
        default: 'master'
      description:
        description: 'Enter description about deployment'
        required: true
        default: 'New feature release'

workflow_dispatch allows users to provide input parameters. These parameters then can be used in deployment job steps. Here we are asking two input parameters from users:

  • branch: Branch name to be deployed
  • description: Description about deployment

Once you specify input parameters in yml file, you will see the workflow UI like below:

GitHub Workflow Jobs

Each workflow can have one or more jobs. Each job is identified by an ID label, a unique name that starts with a letter or underscore and contains only alphanumeric characters plus a hyphen or an underscore. Specifying ID is an optional field.

Each job will also have a series of steps and these are a sequence of tasks that you want the job to perform.

Append the following job content in ".github/workflows/production.yml" file. "Logging" and "actions/checkout@v3" job performs following steps respectively:

  • Printing of input parameters
  • Checkout branch specified by user in workflow UI
jobs:
  deployment:
    runs-on: ubuntu-latest
    steps:

    - name: Logging
      run: |
        echo "Deploying Branch : ${{ github.event.inputs.branch }}"
        echo "Deployment Description: ${{ github.event.inputs.description }}"
        echo "PWD: $(pwd)"

    - uses: actions/checkout@v3
      with:
        ref: ${{ github.event.inputs.branch }}
        path: web_app

Using Github Secrets in Actions

Github secrets play an important role in Github Actions. Github secrets are encrypted environment variables that you create in an organization or repository. You can learn more about github secrets here. The secrets that we create are available to use in workflows. Secrets can vary from project to project. Github secrets can be used in Action yml file as follows:

${{ secrets.P_W_HOST }}

As you can see below, using github secrets we are building and deploying code to the production server. Append the following content under jobs in ".github/workflows/production.yml" file to perform following:

  • Create build -  Building the code
  • Copy file via scp action - Deploying the code to server using scp.
   - name: Create build
      run: |
        cat > web_app/.env.local <<- EOT
        W_HOST=${{ secrets.P_W_HOST }}
        W_DOMAIN=${{ secrets.P_W_DOMAIN }}

        zip -r build.zip web_app -x web_app/.github
        ls -all

    - name: Copy file via scp action
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.P_AWS_APP_HOST }}
        username: ${{ secrets.P_AWS_APP_USERNAME }}
        key: ${{ secrets.P_AWS_APP_PRIVATE_KEY }}
        port: ${{ secrets.P_SSH_PORT }}
        # Proxy host is jump box host
        proxy_host: ${{ secrets.P_AWS_NAT_HOSTNAME }}
        # Proxy username is jump box username
        proxy_username: ${{ secrets.P_AWS_NAT_USERNAME }}
        # Proxy private key is jump box private key
        proxy_key: ${{ secrets.P_AWS_NAT_PRIVATE_KEY }}
        proxy_port: ${{ secrets.P_SSH_PORT }}
        source: "build.zip"
        target: "./app"
Build and Deploy Code

Your code is deployed in zip format on your production server. Now you can extract the code and perform application specific actions to complete the deployment process. That is out of scope of this blog as running application depends on project to project.

Conclusion

Github Actions have given a big boost to the open-source software community and to developers working on various side projects to automate flows without any additional configuration and infrastructure setup.

Abhay

Abhay

Pune, India