Sign in

當我們已經在自己的Repository寫好CI/CD workflow之後

要如何讓其他沒有Actions基礎的開發協作者快速套版呢?

這時就可以使用Github內建的 Template 功能

Template能夠在同一個Account/Organization底下設定使用

(以下統一用Organization代稱)

可以在命名為 .github 的Repo中創建workflow模板

並與Organization中的其他用戶共享

官方文件可以參考

我們以上篇python ci workflow為例子

要設定template前必須在Organization下建立名為 .github 的Repo

並在其中新增一個資料夾名為 workflow-templates

.github/
┗ workflow-templates

再來的操作都是在workflow-templates 底下喔!

現在可以直接把之前寫好的python-ci.yml copy到workflow-templates底下

再新增一個metadata file 檔名必須與workflow檔名相同

再加上 .properties.json 而不是 .yml 擴展名

以我們的workflow python-ci.yml來説

metadata file 檔名必須為 python-ci.properties.json

檔案新增完畢再來編輯metadata內容

其中必填的是name、description

iconName會去找同個path底下同名稱的svg Icon作為template的圖示

categories則會根據你的repo語言屬性主動推薦你適合的類別templates

{    "name": "Jane Python CI Workflow",    "description": "Jane Organization Python CI workflow template.",    "iconName": "cat_icon",    "categories": [        "Python"    ]}

這樣就完成metadata的設定

icon的部分推薦大家可以去https://www.flaticon.com

找喜歡的素材(please download svg file)

最後可以看到.github repo底下必須長這樣~~

.github/
┗ workflow-templates/
┣ cat_icon.svg
┣ python-ci.properties.json
┗ python-ci.yml

上code後就可以在Organization底下任何一個repo的Actions查看結果

若同一個repo中已經有workflow就需要再點一層才會到上面的畫面


Github Actions能夠在developer commit上去後

上code的同時trigger Actions並且在console上顯示結果

以一般的CI流程來說就是

  1. Git Pull (Sync Code)
  2. Setup environment
  3. Unit Test
  4. Build Code
  5. Scan Code
  6. Upload Artifact
  7. Build Docker Image
  8. Push Image to Docker Hub

而CD的流程是

  1. Pull Image
  2. Deploy Image to Cloud Provider

這邊以Python CI作為範例 Github

python-ci.yml

name: Python-CIon: [push, workflow_dispatch]jobs:
ci-job:
runs-on: ubuntu-latest steps:
- uses: actions/checkout@v2

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.9'…


GitHub Actions是一個Github自家推出的CI/CD服務

而CI的過程中也包含了Scan Image的動作

Github自家也推出了Scan Code Service

CodeQL

自動找出程式碼中的vulnerabilities 與 errors

CodeQL support的語言有

  • C/C++
  • C#
  • Go
  • Java
  • JavaScript/TypeScript
  • Python

Github Actions當然也可以使用自家的CodeQL Scan

這邊的用法跟一般的要從console先做設定才能使用Actions

各個repo的Security下Overview

找到Code scanning alerts點選Set up code scanning

就可以看到以下畫面 套用官方給的CodeQL Workflow Template


最近工作上時常會用到CI/CD

也對於Github Action有點興趣

使用後真的覺得Github Actions是最方便的CI/CD服務

因為trigger速度之快~~XD

這是其他CI/CD服務比不上的

不管使用的是Github本身或是self-host

只要commit code馬上就執行job

如果是example code 一兩秒就跑完了 超神~

不僅是速度上的優勢

在工作上也把原本在Jenkins與circleci的CI/CD流程搬到Github Actions了

Actions完全可以達到 push 到 repo 後unit test、自動 build、自動跑API test、自動部署

而且還可以寫template給Github enterprise同個Organisation底下的所有Repo …


順序有點錯誤....

應該要先看看這篇 create an action

再來本篇看如何 [ 發表自己的Action到Github Marketplace ]

Github actions let developer create actions and publish to GitHub Marketplace

As I mentioned in this article

Shows how to write a simply action using Dockerfile and script

In this article

I will demonstrate how to publish that action to GitHub Marketplace

  1. select Draft release

2. Take Github Authentication


harbor has a feature that can create a robot account

robot account just can pull or push(you can choose)

harbor will generate a pair with "robot$xxx" and "token"

then, you can apply in automation script or k8s cluster

the pros is the robot account limit authority that reduce security problems

K8s can setting secrets to pull private registry => link

I’m trying using the harbor robot account and token as k8s secret to pull image.

$ kubectl create secret docker-registry harbor-registry-secret —- docker-server=xxx.com --docker-username=robot$xxx --docker-password=xxx

However, after add k8s secret success, when I pull image using that secret will return “ImagePullBackOff” and show unauthorized

then I figure our this problem by escape dollar sign

I create the secret using

--docker-username=”robot/$xxx” instead of 
--docker-username=’robot$xxx’

The harbor robot account in k8s secret worked!


Get K8s info

kubectl cluster-info

create auth-token in cluster

kubectl create secret docker-registry <your-token-name>--docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

view the secret in yaml formate

kubectl get secret <your-token-name> — output=yaml
  • To understand what is in the .dockerconfigjson
  • base64 encode
kubectl get secret <your-token-name> --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

reference: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/


When running this action to pull current branch code line into runner

- uses: actions/checkout@v2

Reference : https://github.com/marketplace/actions/checkout#Fetch-all-history-for-all-tags-and-branches

sometimes will pop-up this error message

Error: error: insufficient permission for adding an object to repository database .git/objects87 Error: fatal: failed to write object88 Error: fatal: unpack-objects failed

I find some ways to figure out the problem

  1. add AutoModality/action-clean@v1
    Reference: https://github.com/marketplace/actions/clean-workspace
  2. using another branch to trigger this event
  3. Somebody mentioned…
- uses: actions/checkout@v2
with:
lfs: true
token: ${{ secrets.ACCESS_TOKEN }}

4. Waiting for 10 second then checkout
Reference : https://github.com/actions/checkout/issues/417#issuecomment-842157976)

Finally, the methods 1 and 4 can figure out this…


Overview

GitHub Actions help you automate tasks within your software development life cycle. GitHub Actions are event-driven, meaning that you can run a series of commands after a specified event has occurred. For example, every time someone creates a pull request for a repository, you can automatically run a command that executes a software testing script.

Workflows

a YAML file

The workflow is an automated procedure that you add to your repository. Workflows are made up of one or more jobs and can be scheduled or triggered by an event. …


Install git emoji in mac

  • brew install gitmoji
  • gitmoji -l

Jane

Life’s a Struggle But You Can Win

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store