diff --git a/content/11-Your-First-CI-Workflow-Executions/2-Get-The-Prepared-Source-Code/_index.md b/content/11-Your-First-CI-Workflow-Executions/2-Get-The-Prepared-Source-Code/_index.md index 366341f..7cf27ac 100644 --- a/content/11-Your-First-CI-Workflow-Executions/2-Get-The-Prepared-Source-Code/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/2-Get-The-Prepared-Source-Code/_index.md @@ -30,4 +30,4 @@ rm -rf ./workshop-2-awsome-books/.git && cp -r ./workshop-2-awsome-books/. . && code . ``` -Next, let's go through parts that need to review or change for our CI/CD pipeline. \ No newline at end of file +Next, let's go through parts that need to review or change for your CI/CD pipeline. \ No newline at end of file diff --git a/content/11-Your-First-CI-Workflow-Executions/3-Review-CI-Workflow/_index.md b/content/11-Your-First-CI-Workflow-Executions/3-Review-CI-Workflow/_index.md index 4368efd..b296c1e 100644 --- a/content/11-Your-First-CI-Workflow-Executions/3-Review-CI-Workflow/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/3-Review-CI-Workflow/_index.md @@ -220,13 +220,13 @@ This GitHub Actions workflow is designed to perform CI jobs when specific events **pull_request:** triggers the workflow for pull requests targeting the *main* branch, specifically when they are *opened*, *synchronized*, or *reopened*. It ignores changes to documentation and certain configuration files. -**merge_group:** triggers the workflow when merge groups are created on the main branch. +**merge_group:** triggers the workflow when *merge group*s are created on the *main* branch (explore more about *merge group* in [13. Experiments With GitHub Actions Merge Group](13-experiments-with-gitHub-actions-merge-group)). **workflow_dispatch:** allows the workflow to be manually started for debugging without inputs. #### Concurrency -Ensures that only one instance of the workflow runs for a specific pull request at a time, canceling any in-progress runs if a new one starts for that pull request. +Ensures that only one instance of the workflow runs for a specific pull request at a time, canceling any in-progress runs if a new one starts for that pull request (explore more about *concurrency group* in [14. Experiments With GitHub Actions Concurrency Group](14-experiments-with-gitHub-actions-concurrency-group)). #### Jobs diff --git a/content/11-Your-First-CI-Workflow-Executions/4-Review-Update-Dependency-Cache-Workflow/_index.md b/content/11-Your-First-CI-Workflow-Executions/4-Review-Update-Dependency-Cache-Workflow/_index.md index f4be4c3..3a315e8 100644 --- a/content/11-Your-First-CI-Workflow-Executions/4-Review-Update-Dependency-Cache-Workflow/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/4-Review-Update-Dependency-Cache-Workflow/_index.md @@ -61,13 +61,14 @@ jobs: This GitHub Actions workflow is designed to update the dependency cache for a project, specifically for Java Gradle-based projects. Let's take a high-level look at key components of the workflow. #### Events -**push**: triggers the workflow when the merge group for a given pull request is successful and the PR is actually merged into the *main* branch. +**push**: triggers the workflow when the *merge group* for a given pull request is successful and the PR is actually merged into the *main* branch. **workflow_dispatch:** allows the workflow to be manually started for debugging without inputs. #### Concurrency -Ensures that only one instance of the workflow runs for a specific branch at a time, canceling any in-progress runs if a new one starts. +Ensures that only one instance of the workflow runs for a specific branch at a time, canceling any in-progress runs if a new one starts (explore more about *concurrency group* in [14. Experiments With GitHub Actions Concurrency Group](14-experiments-with-gitHub-actions-concurrency-group)). + #### Job diff --git a/content/11-Your-First-CI-Workflow-Executions/5-Review-Reusable-Workflows/_index.md b/content/11-Your-First-CI-Workflow-Executions/5-Review-Reusable-Workflows/_index.md index 078bacc..724d952 100644 --- a/content/11-Your-First-CI-Workflow-Executions/5-Review-Reusable-Workflows/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/5-Review-Reusable-Workflows/_index.md @@ -6,17 +6,17 @@ chapter : false pre : " 11.5 " --- -As mentioned in the High-Level Design section, there are several reusable jobs in the Release and Rollback workflows. +Both the Release and Rollback workflows leverage reusable jobs for efficiency: + +- The *Validate version format* job is ideal for reuse in both workflows to ensure consistency when handling version inputs. +- The *Release* and *Rollback* jobs, which interact with AWS ECS and AWS CodeDeploy for deploying and rolling back project versions, can be streamlined into a reusable component through the Deploy workflow. + ![0001](/images/11/5/0001.svg?featherlight=false&width=100pc) ![0002](/images/11/5/0002.svg?featherlight=false&width=100pc) -- **Validate version format** job can be reused in both workflows to check [semantic versioning](https://semver.org/) of the project. -- A **Release** job (in the Release workflow) and a **Rollback** job (in the Rollback process) can be combined to create a reusable job. - - -You now explore the reusable workflows. + \ No newline at end of file diff --git a/content/11-Your-First-CI-Workflow-Executions/6-Review-Release-Workflow/_index.md b/content/11-Your-First-CI-Workflow-Executions/6-Review-Release-Workflow/_index.md index b1755cd..da493df 100644 --- a/content/11-Your-First-CI-Workflow-Executions/6-Review-Release-Workflow/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/6-Review-Release-Workflow/_index.md @@ -117,15 +117,16 @@ jobs: This GitHub Actions workflow is designed to perform release tasks when specific events occur on the repository. Let's take a high-level look at key components of the workflow. #### Events -- **push**: triggered when a push event happens on any tag matching the pattern v*.*.* (typically indicating semantic versioning tags like v1.0.0) +- **push**: triggered when a push event happens on any tag matching the specific pattern (typically indicating semantic versioning tags like v1.0.0) #### Concurrency -Ensures that only one instance of this workflow runs for a given tag at a time, identified by the workflow name and reference. You might not want to run multiple releases in at the same time. +Ensures that only one instance of this workflow runs for a given tag at a time, identified by the workflow name and reference. You might not want to run multiple releases in at the same time (explore more about *concurrency group* in [14. Experiments With GitHub Actions Concurrency Group](14-experiments-with-gitHub-actions-concurrency-group)). + #### Jobs **validate-version-format**: -- This job reuses jobs or steps defined in the workflow **.github/workflows/wc-validate-version-format.yml** +- This job reuses jobs or steps defined in the workflow **.github/workflows/wc-validate-version-format.yml**. - Validates the format of the version tag to ensure it follows semantic versioning. **build-image** @@ -143,4 +144,8 @@ Ensures that only one instance of this workflow runs for a given tag at a time, - Download the image artifact built in job **build-image**. - Load the Docker image to Docker engine. - Perform image vulnerability scanning. - - Upload the vulnerability report for review later if the scanning are not canceled. \ No newline at end of file + - Upload the vulnerability report for review later if the scanning are not canceled. + +**release** +- This job reuses jobs or steps defined in the workflow **./.github/workflows/wc-deploy.yml**. +- It essentially automates the release of an ECS service using AWS resources defined in the workflow. \ No newline at end of file diff --git a/content/11-Your-First-CI-Workflow-Executions/7-Review-Rollback-Workflow/_index.md b/content/11-Your-First-CI-Workflow-Executions/7-Review-Rollback-Workflow/_index.md index 5714c79..37e8f7e 100644 --- a/content/11-Your-First-CI-Workflow-Executions/7-Review-Rollback-Workflow/_index.md +++ b/content/11-Your-First-CI-Workflow-Executions/7-Review-Rollback-Workflow/_index.md @@ -4,4 +4,111 @@ date : "`r Sys.Date()`" weight : 7 chapter : false pre : " 11.7 " ---- \ No newline at end of file +--- + +You now explore the Rollback workflow. + +![0001](/images/11/7/0001.svg?featherlight=false&width=100pc) + +Check out *.github/workflows/rollback.yml* file. + +```yml +name: Rollback + +on: + # Allow manual rollback + workflow_dispatch: + inputs: + version: + description: Specify the semantic version to rollback to, in the format "v*.*.*" (e.g., "v0.0.1") + type: string + required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +permissions: + id-token: write + contents: read + +jobs: + validate-version-format: + name: Validate semantic version format + uses: ./.github/workflows/wc-validate-version-format.yml + with: + version: ${{ inputs.version }} + + check-version-exists: + name: Check semantic version exists on AWS ECR repository + needs: [validate-version-format] + runs-on: ubuntu-latest + env: + ECR_REPOSITORY: ${{ vars.PROJECT }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + sparse-checkout: | + .github + sparse-checkout-cone-mode: false + + - name: Set permissions to run scripts + run: chmod +x -R ./.github/scripts + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.ROLE_TO_ASSUME }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Check version ${{ inputs.version }} existed in AWS ECR repository ${{ env.ECR_REPOSITORY }} + run: ./.github/scripts/check-version-exists.sh ${{ env.ECR_REPOSITORY }} ${{ inputs.version }} + + rollback: + name: Rollback + needs: [check-version-exists] + uses: ./.github/workflows/wc-deploy.yml + with: + rollback: true + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.ROLE_TO_ASSUME }} + ecr-repository: ${{ vars.PROJECT }} + image-tag: ${{ inputs.version }} + task-definition: ${{ vars.PROJECT }} + container-name: ${{ vars.PROJECT }} + ecs-cluster: ${{ vars.ECS_CLUSTER }} + ecs-service: ${{ vars.PROJECT }} + codedeploy-application: ${{ vars.CODEDEPLOY_APPLICATION }} + codedeploy-application-group: ${{ vars.CODEDEPLOY_APPLICATION_GROUP }} +``` + +This GitHub Actions workflow automates the rollback of an ECS deployment to a specified version using AWS services. Let's take a high-level look at key components of the workflow. + +#### Events +- **workflow_dispatch**: this enables manual triggering of the workflow through the GitHub UI. It accepts an input parameter *version*. The user might provide the semantic version (e.g., v1.0.0) they want to rollback to. This is required for the Rollback workflow. + +#### Concurrency + +Ensures that only one instance of this workflow runs for a given branch at a time, identified by the workflow name and reference. You might not want to run multiple rollbacks in at the same time (explore more about *concurrency group* in [14. Experiments With GitHub Actions Concurrency Group](14-experiments-with-gitHub-actions-concurrency-group)). + +#### Jobs +**validate-version-format**: +- This job reuses jobs or steps defined in the workflow **.github/workflows/wc-validate-version-format.yml** +- Validates the format of the version tag to ensure it follows semantic versioning. + +**check-version-exists** +- Check semantic version exists on AWS ECR repository. +- Steps: + - Checkout the code. + - Configure AWS Credentials + - Login to Amazon ECR + - Use the AWS CLI to verify if the specified version exists. + +**rollback** + +- This job reuses jobs or steps defined in the workflow **./.github/workflows/wc-deploy.yml**. +- It essentially automates the rollback of an ECS service using AWS resources defined in the workflow. \ No newline at end of file diff --git a/static/images/11/3/0001.svg b/static/images/11/3/0001.svg index d5bd603..2221dbe 100644 --- a/static/images/11/3/0001.svg +++ b/static/images/11/3/0001.svg @@ -1,4 +1,4 @@ -
Run unit tests
Scan
source code
Run
integration tests
Start
local development
Local development process on the short-live "feature" branch
Write / update
tests
Write / update code 
Refactor code
End
local development
git commit
+
 git push
Notify to Slack
Build image
Passed
Scan image
All jobs succeed
CI process on the remote short-live "feature" branch
Create
pull request
(PR)
CI workflow
Add PR to the merge queue
Trigger
End CI workflow
CI workflow failed
End PR review
process
PR reviewed
&& approved
Update dependency cache process on the trunk
PR is pending review
Merge
code changes
to trunk
Update
dependency cache
Trigger
Passed
Failed
Failed
Perform
unit tests
Perform
unit tests
Update dependency cache workflow
End
Update dependency cache workflow
PR review process on the remote short-live "feature" branch
Review PR
Approved
Not approved
>= 1 job(s) failed
\ No newline at end of file +
Run unit tests
Scan
source code
Run
integration tests
Start
local development
Local development process on the short-live "feature" branch
Write / update
tests
Write / update code 
Refactor code
End
local development
git commit
+
 git push
Notify to Slack
Build image
Passed
Scan image
All jobs succeed
CI process on the remote short-live "feature" branch
Create
pull request
(PR)
CI workflow
Trigger
End CI workflow
CI workflow failed
End PR review
process
PR reviewed
&& approved
Update dependency cache process on the trunk
PR is pending review
Merge
code changes
to trunk
Update
dependency cache
Trigger
Passed
Failed
Failed
Perform
unit tests
Perform
unit tests
Update dependency cache workflow
End
Update dependency cache workflow
PR review process on the remote short-live "feature" branch
Review PR
Approved
Not approved
>= 1 job(s) failed
Add PR to the merge queue
\ No newline at end of file diff --git a/static/images/11/4/0001.svg b/static/images/11/4/0001.svg index 3768290..c36affb 100644 --- a/static/images/11/4/0001.svg +++ b/static/images/11/4/0001.svg @@ -1,4 +1,4 @@ -
Run unit tests
Scan
source code
Run
integration tests
Start
local development
Local development process on the short-live "feature" branch
Write / update
tests
Write / update code 
Refactor code
End
local development
git commit
+
 git push
Notify to Slack
Build image
Passed
Scan image
All jobs succeed
CI process on the remote short-live "feature" branch
Create
pull request
(PR)
CI workflow
Add PR to the merge queue
Trigger
End CI workflow
CI workflow failed
End PR review
process
PR reviewed
&& approved
Update dependency cache process on the trunk
PR is pending review
Merge
code changes
to trunk
Update
dependency cache
Trigger
Passed
Failed
Failed
Perform
unit tests
Perform
unit tests
Update dependency cache workflow
End
Update dependency cache workflow
PR review process on the remote short-live "feature" branch
Review PR
Approved
Not approved
>= 1 job(s) failed
\ No newline at end of file +
Run unit tests
Run unit tests
Scan
source code
Scan...
Run
integration tests
Run...
Start
local development
Start...
Local development process on the short-live "feature" branch
Local development process on the short-live "feature" branch
Write / update
tests
Write / update...
Write / update code 
Write / update c...
Refactor code
Refactor code
End
local development
End...
git commit
+
 git push
git commit...
Notify to Slack
Notify to Slack
Build image
Build image
Passed
Passed
Scan image
Scan image
All jobs succeed
All jobs succeed
CI process on the remote short-live "feature" branch
CI process on the remote short-live "feature" branch
Create
pull request
(PR)
Create...
CI workflow
CI workflow
Trigger
Trigger
End CI workflow
End C...
CI workflow failed
CI wo...
End PR review
process
End P...
PR reviewed
&& approved
PR reviewed...
Update dependency cache process on the trunk
Update dependency cache process on the trunk
PR is pending review
PR is pending review
Merge
code changes
to trunk
Merge...
Update
dependency cache
Update...
Trigger
Trigger
Passed
Passed
Failed
Failed
Failed
Failed
Perform
unit tests
Perform...
Perform
unit tests
Perform...
Update dependency cache workflow
Update dependency cache workflow
End
Update dependency cache workflow
End...
PR review process on the remote short-live "feature" branch
PR review process on the remote short-live "feature" branch
Review PR
Review PR
Approved
Approved
Not approved
Not approved
>= 1 job(s) failed
>= 1 job(s) fail...
Add PR to the merge queue
Add PR to the me...
Text is not SVG - cannot display
\ No newline at end of file diff --git a/static/images/11/4/0001.svg.crswap b/static/images/11/4/0001.svg.crswap new file mode 100644 index 0000000..c36affb --- /dev/null +++ b/static/images/11/4/0001.svg.crswap @@ -0,0 +1,4 @@ + + + +
Run unit tests
Run unit tests
Scan
source code
Scan...
Run
integration tests
Run...
Start
local development
Start...
Local development process on the short-live "feature" branch
Local development process on the short-live "feature" branch
Write / update
tests
Write / update...
Write / update code 
Write / update c...
Refactor code
Refactor code
End
local development
End...
git commit
+
 git push
git commit...
Notify to Slack
Notify to Slack
Build image
Build image
Passed
Passed
Scan image
Scan image
All jobs succeed
All jobs succeed
CI process on the remote short-live "feature" branch
CI process on the remote short-live "feature" branch
Create
pull request
(PR)
Create...
CI workflow
CI workflow
Trigger
Trigger
End CI workflow
End C...
CI workflow failed
CI wo...
End PR review
process
End P...
PR reviewed
&& approved
PR reviewed...
Update dependency cache process on the trunk
Update dependency cache process on the trunk
PR is pending review
PR is pending review
Merge
code changes
to trunk
Merge...
Update
dependency cache
Update...
Trigger
Trigger
Passed
Passed
Failed
Failed
Failed
Failed
Perform
unit tests
Perform...
Perform
unit tests
Perform...
Update dependency cache workflow
Update dependency cache workflow
End
Update dependency cache workflow
End...
PR review process on the remote short-live "feature" branch
PR review process on the remote short-live "feature" branch
Review PR
Review PR
Approved
Approved
Not approved
Not approved
>= 1 job(s) failed
>= 1 job(s) fail...
Add PR to the merge queue
Add PR to the me...
Text is not SVG - cannot display
\ No newline at end of file diff --git a/static/images/11/6/0001.svg b/static/images/11/6/0001.svg new file mode 100644 index 0000000..8183008 --- /dev/null +++ b/static/images/11/6/0001.svg @@ -0,0 +1,4 @@ + + + +
Git
Create a tag
for the release
Release (CD) process on the trunk branch
Validate
version format
End Release workflow
Passed
Build image
Failed
Passed
Scan image
Release workflow
Failed
Passed
Release
Failed
Passed
Release workflow failed
Failed
Notify to Slack
Trigger
\ No newline at end of file diff --git a/static/images/11/7/0001.svg b/static/images/11/7/0001.svg new file mode 100644 index 0000000..3c22bbc --- /dev/null +++ b/static/images/11/7/0001.svg @@ -0,0 +1,4 @@ + + + +
Git
Specify an existing version to rollback
Rollback process on the trunk branch
Validate
version format
End Rollback workflow
Passed
Check version exists
Failed
Passed
Rollback
Rollback workflow
Failed
Passed
Rollback workflow failed
Failed
Notify to Slack
Trigger
\ No newline at end of file