云原生之旅 - 13）基于 Github Action 的自动化流水线

前言

GItHub Actions是一个持续集成和持续交付的平台，能够让你自动化你的编译、测试和部署流程。GitHub 提供 Linux、Windows 和 macOS 虚拟机来运行您的工作流程，或者您可以在自己的数据中心或云基础架构中托管自己的自托管运行器。它是 GitHub 于2018年10月推出的持续集成服务。

 

基本概念 

• workflow （工作流程）：持续集成一次运行的过程，就是一个 workflow。
• job （任务）：一个 workflow 由一个或多个 jobs 构成，含义是一次持续集成的运行，可以完成多个任务。
• step（步骤）：每个 job 由多个 step 构成，一步步完成。
• action （动作）：每个 step 可以依次执行一个或多个命令（action）

 ### 本文同步发表于知乎 https://zhuanlan.zhihu.com/p/584810055

 

使用

下面用例子来介绍一个workflow

首先定义一个workflow 的 name 

# This is a CICD workflow for demo
name: cicd-demo

然后定义一下事件触发机制

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the below branch and specific path
on:
  push:
    branches:
    - main
    - develop
    paths:
      - 'demo-app/**'
  pull_request:
    branches:
    - main
    paths:
      - 'demo-app/**'

然后定义一个 Build Job 以及 Outputs 供后续步骤使用

jobs:
# The "build" job
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    outputs:
      image_tag: ${{ steps.build_app.outputs.image_tag }}
      actor: ${{ steps.build_app.outputs.actor }}
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:

来看Steps

Checkout 代码

    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE
    - name: checkout repo
      uses: actions/checkout@v3

Setup go env

    - name: Setup go
      uses: actions/setup-go@v3
      with:
        go-version-file: 'demo-app/go.mod'
        check-latest: true
        cache: true
        cache-dependency-path: demo-app/go.sum

Login google container registry

    - name: Login to GCR
      uses: docker/login-action@v2
      with:
        registry: asia.gcr.io
        username: _json_key
        password: ${{ secrets.GCR_JSON_KEY }}

Build Image and Push to registry

make 命令很简单，执行的就是docker build 和 push

    - name: build application
      id: build_app
      run: |-
        VER=`cat demo-app/Makefile| grep TAG= | awk -F "=" 'NR==1{print $2}'`
        GIT_COMMIT=$(git log | grep commit | awk 'NR==1{print $2}' | cut -c1-7) 
        cd helm-go-client
        make push TAG2=-$GIT_COMMIT
        # set output
        echo "::set-output name=image_tag::$(echo "$VER-$GIT_COMMIT")"
        echo "::set-output name=actor::$(echo "$GITHUB_ACTOR")"

Makefile 供参考

export TAG=1.0.0
export DOCKERHUB=wadexu007/demo-app

hello:
	echo "This is Go client call helm sdk"

local: hello
	echo "run locally"
	go run main.go

build: hello
	echo "building docker container"
	docker build -t ${DOCKERHUB}:${TAG} .

push: build
	echo "pushing to my docker hub"
	docker push ${DOCKERHUB}:${TAG}

### 本文同步发表于知乎 https://zhuanlan.zhihu.com/p/584810055

 

Post setup

    # Workaround to avoid Post Use step failures related to cache
    # Error: There are no cache folders on the disk
    - name: Post setup
      run: mkdir -p /home/runner/.cache/go-build
      continue-on-error: true

接下来我们定义Deploy job

Checkout K8S YAML manifests repository

  deploy:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    needs: build
    steps:    
    # Checks-out k8s YAML manifests repository 
    - name: checkout k8s manifests repo
      uses: actions/checkout@v3
      with:
        # clone https://github.com/xxx/sre_manifests which contains deploy manifests
        repository: xxx/sre_manifests
        # auth by ssh key or personal toke 
        ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
        ref: refs/heads/master

然后用Kustomize 来 Edit image tag， 它是由上面步骤 output出来的

    # Update image version
    - name: Update Kubernetes resources
      run: |
       cd demo-manifests/services/demo-app/dev 
       kustomize edit set image asia.gcr.io/sre-dev/demo-app:${{ needs.build.outputs.image_tag }}
       cat kustomization.yaml

接下来我们可以直接连到cluster kubectl apply部署， 也可以commit 代码然后触发 ArgoCD， ArgoCD可以自动Sync repo来部署以及更新同步资源，后续文章会讲到。

下面例子是 gcloud login 然后 获取cluster 最后用kubectl apply 部署资源。

      # authentication via credentials json
      - id: 'auth'
        uses: 'google-github-actions/auth@v0'
        with:
          credentials_json: '${{ secrets.GCR_JSON_KEY }}' # test key's json
      # Setup gcloud CLI
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v0
      # Get the GKE credentials so we can deploy to the cluster
      - name: Set up GKE credentials
        run: |-
          gcloud container clusters get-credentials xxx_gke_cluster --region xxx_gke_region --project xxx_gcp_project
      # Deploy to the GKE cluster
      - name: Deploy
        run: |-
          gcloud container clusters list --project xxx_gcp_project
          cd demo-manifests/services/demo-app/dev
          cat kustomization.yaml
          kustomize build . | kubectl apply -f -
          kubectl rollout status deploy/demo-app -n demo

 完整例子可以参考 My Github repo

### 本文同步发表于知乎 https://zhuanlan.zhihu.com/p/584810055

 

参考

https://docs.github.com/en/actions/quickstart

 

 

感谢阅读，如果您觉得本文的内容对您的学习有所帮助，您可以打赏和推荐，您的鼓励是我创作的动力