Various applications are moving from Travis CI to Github Actions for their CI/CD pipeline. While not a requirement, using Github Actions is preferred for CI/CD.
- It provides seamless integration since it's part of Github and can stay within the site when reviewing pull requests.
- Staying on the Github site allows us to manage permissions and security settings in the repo instead of navigating to a different site.
- DevOps has worked on providing a smooth Open ID Connect (OIDC) auth integration so Travis keys are not rotated every few months.
- There's a large community and marketplace with pre-built action templates that can be add to projects.
Resources:
- Github's quickstart guide.
Applications are moving towards deployment with Docker on AWS Elastic Container Registry (ECR) and Elastic Container Service (ECS). The AWS account that an app deploys to varies per app and per portfolio team. When configuring AWS credentials with DevOps, make sure it's the appropriate credentials for the desired AWS account for the QA and production actions -- typically, the QA and production stacks are on different accounts such as nypl-dev
and nypl
, for example.
The following are good examples of Github Action scripts that build a Docker image, push it up to the appropriate ECR repository, and then deploy it to the appropriate ECS cluster.
While the above examples can serve as a template, there are a few things to note:
- Make sure to have the following before the
jobs
step which is needed for OIDC:
permissions:
id-token: write
contents: read
- Every AWS account has a different IAM key. Make sure to update the
role-to-assume
configuration with the proper key obtained from DevOps.
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::[REPLACE-THIS]:role/GithubActionsDeployerRole
aws-region: us-east-1
- In the build step, make sure to update the
ECR_REPOSITORY
with the app's ECR repo name. - In the
aws ecs update-service
command step, update the app's ECS cluster and service name.
Github Actions are also great for running unit tests, creating git tags, publishing to npm, or running any other automated tasks.
Examples of Actions that run unit tests:
- patron-info-poller (python)
- circulation (python)
- research-catalog (node)
- digital-collections (node)
Other actions include but are not limited to: