I have a GitHub action code with terraform and ECR, ECS now I have two branch master and feature and when I created Pull-request for feature to master
then only my terraform plan code will run but when i create a Pull-request and merge to master then my GitHub action running but that part is skipped i am not sure why it is happing please find the below attached code
---
name: "workflow"
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches: [ "master" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
cd:
name: "Deployment"
runs-on: "ubuntu-latest"
#if: startsWith(github.ref, 'refs/tags/')
steps:
- name: "Checkout Code"
uses: "actions/checkout#v2"
- name: Set tag
id: vars
run: echo "::set-output name=tag::${GITHUB_REF#refs/*/}"
- name: Configure AWS credential
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: my_ecr_repi
IMAGE_TAG: ${{ github.event.head_commit.message }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Setup Terraform
uses: hashicorp/setup-terraform#v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Init
run: |
cd terraform_with_ALB
terraform init
- name: Terraform Format
id: fmt
run: |
cd terraform_with_ALB
terraform fmt -check
- name: Terraform Validate
id: validate
run: |
cd terraform_with_ALB
terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: |
cd terraform_with_ALB
terraform plan -no-color -input=false
continue-on-error: true
till terraform valiate it wokring fine after that it skip terraform plan part
you are missing the pull_request element in the on section.
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
Related
I got a error while running github actions pipeline with the repository isn't found.
workflow.yml
name: CI
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
deploy:
# needs: build
runs-on: ubuntu-latest
name: Deploy
steps:
- name: Extract artifact
uses: D3rHase/ssh-command-action#v0.2.1
with:
HOST: ${{ secrets.HOST }}
USER: ${{ secrets.USER }}
PRIVATE_SSH_KEY: ${{ secrets.SSHGITHUBACTIONS }}
COMMAND: |
source ${{secrets.LOADRUNNER}}
cd ${{ secrets.FRONTENDPATH }}
${{secrets.GETARTIFACTS}}
pm2 restart all
I trying to run my GitHub actions pipeline and I got the repository isn't found
***:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Use --update-env to update environment variables
I want to set up self-hosted runners on a k8s cluster using actions-runner-controller.
My question is, given that as per the official docs, persistent runners are not recommended
Although not generally recommended, it’s possible to disable the
passing of the --ephemeral flag by explicitly setting ephemeral: false
in the RunnerDeployment or RunnerSet spec. When disabled, your runner
becomes “persistent”.
how can one leverage artifact caching when using this controller?
Where will the cache content will be stored in the k8s cluster, given that containers are ephemeral?
If you are not using the enterprise version, the caches will be handled by Github itself. I came across some similar problems at my self-hosted runner to create a cache for nodeJs, VueJs, and Java. Here's what I did:
VueJs (moving dist folder) (note the actions/upload-artifact#v3)
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
build-web:
runs-on: self-hosted
container:
image: node:14
steps:
- uses: actions/checkout#v3
- name: Build shc-web
run: |
yarn config set cache-folder .yarn
yarn
yarn run build
- uses: actions/upload-artifact#v3
with:
name: dist-folder
path: dist/
registry-web:
runs-on: self-hosted
needs: ['build-web']
steps:
- uses: actions/checkout#v3
- uses: actions/download-artifact#v3
with:
name: dist-folder
path: dist/
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shccp
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
Also, I used two different jobs to handle the build. It could be done in only one so there was no need to upload/download the dist. Actually, that was precisely what I had to do in the NodeJs action. The node_modules is just too big to be uploaded.
NodeJS:
name: CI
on:
push:
branches: [ "stage" ]
pull_request:
branches: [ "stage" ]
workflow_dispatch:
jobs:
ci-api:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: 14
- name: Build api
run: npm install
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
id: registry-aws
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shcapi
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
echo "::set-output name=image-tag::$REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID"
No cache is needed once it is done in a single job. That is a pretty nice feature of Github actions btw.
The Java cache, on the other hand, is handled by the following action:
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
ci-etlv4:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-java#v3
with:
distribution: adopt-openj9
java-version: 8
cache: 'maven'
- uses: stCarolas/setup-maven#v4.4
with:
maven-version: 3.8.2
- name: Build ETLv4
run: |
echo ${{ secrets.SETTINGS_BASE64 }} | base64 -d > settings.xml
mvn --settings settings.xml --global-settings settings.xml clean package -DskipTests=true
- uses: docker/login-action#v2
with:
registry: "iad.ocir.io"
username: ${{ secrets.OCI_REGISTRY_USER }}
password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
- uses: docker/setup-qemu-action#v2
- uses: docker/setup-buildx-action#v2
with:
driver: docker
- uses: docker/build-push-action#v3
with:
context: .
push: true
tags: XXXXX
The actions/setup-java#v3 can deal with the maven/gradle caches.
Hope it helps.
I am working on a GitHub Actions pipeline where I am creating a terraform plan and then after downloading and reviewing the plan in a file authentication the apply stage. Everything is working smoothly, I get a plan that I am then saving as a tt file using the 'out' flag, but I am not able to figure out how to download the plan file from the runner to my local machine or even save it as an artifact. Please help me out if there is a workaround.
name: 'Terraform PR'
on:
push:
branches:
- main
pull_request:
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
defaults:
run:
working-directory: infrastructure/env/dev-slb-alpha/dev
permissions:
id-token: write
contents: write
steps:
- name: Clone Repository (Latest)
uses: actions/checkout#v2
if: github.event.inputs.git-ref != ''
- name: Clone Repository (Custom Ref)
uses: actions/checkout#master
if: github.event.inputs.git-ref == ''
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#master
with:
role-to-assume: arn:aws:iam::262267462662:role/slb-dev-github-actions
aws-region: us-east-1
# role-session-name: GithubActionsSession
- name: Setup Terraform
uses: hashicorp/setup-terraform#v1
with:
terraform_version: 1.1.2
- name: Terraform Format
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
run: |
# cd infrastructure/env/dev-slb-alpha/dev
terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
continue-on-error: true
run: |
# cd infrastructure/env/dev-slb-alpha/dev
touch tfplan.txt
# terraform force-unlock -force d5f2d86a-e0f6-222f-db3f-2c1d792ed528
# terraform force-unlock -force QOCDA86JVO02CCFV3SB010RGP3VV4KQNSO5AEMVJF66Q9ASUAAJG
terraform plan -lock=false -input=false -out=tfplan.txt
readlink -f tfplan.txt
- name: terraform plan upload
uses: actions/upload-artifact#v2
with:
name: plan
path: tfplan.txt
retention-days: 5
- uses: actions/download-artifact#v3
with:
name: my-plan
path: tfplan.txt
- name: Terraform Apply
id: apply
if: github.event_name == 'pull_request'
run: |
cd infrastructure/env/dev-slb-alpha/dev
terraform force-unlock -force 8de3f689-282e-12fd-72b2-cdd27f94e4da
terraform apply
I am going to setup github action pipeline to deploy code into server via azure CLI and azure run command.
Here i have many branches in same repository and i need to deploy the code to corresponding server for each branch
eg. repo if push branch1 --> deploy in server 1
if push branch2 --> deploy in server 2
So if i push to branch1 that should deploy in server1 and same as for all servers
For this i created YAML file using if condition but i don't know whether it will work or not.
I referred many document but cannot get the solution for this scenario
Here is my YAML file
name: deploy
on:
push:
branches: [ branch1, branch2, branch3 ]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Use Node.js
uses: actions/setup-node#v1
with:
node-version: 14.x
- name: Log in with Azure
uses: azure/login#v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS }}'
if: ${{ push.branches == 'branch1' }}
- name: 'Run az commands'
run: |
az list vm
if: ${{ push.branches == 'branch2' }}
- name: 'Run az commands'
run: |
az list vm
if: ${{ push.branches == 'branch3' }}
- name: 'Run az commands'
run: |
az list vm
Can anyone please guide me how to configure yaml file for this scenario?
Should work
name: deploy
on:
push:
branches: [ branch1, branch2, branch3 ]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Use Node.js
uses: actions/setup-node#v1
with:
node-version: 14.x
- name: Log in with Azure
uses: azure/login#v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS }}'
- name: 'Run az commands on branch 1'
if: ${{ github.ref == 'refs/heads/branch1' }}
run: |
az list vm
- name: 'Run az commands on branch 2'
if: ${{ github.ref == 'refs/heads/branch2' }}
run: |
az list vm
- name: 'Run az commands on branch 3'
if: ${{ github.ref == 'refs/heads/branch3' }}
run: |
az list vm
Finally I build my YAML file with proper steps. "github.ref == 'value'" is the syntax for check the branch. Below i mentioned my simplified code for reference if anyone wants same logic.
As per #David Slutsky syntax also works.
name: FFR-deploy
on:
push:
branches: [ Azure-pipeline, Azure-pipeline-devops ]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Log in with Azure
uses: azure/login#v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS }}'
- name: 'Run on azure-pipeline branch'
if: ${{ github.ref == 'refs/heads/Azure-pipeline' }}
run: |
az list vm
- name: 'Run on azure-pipeline-devops branch'
if: ${{ github.ref == 'refs/heads/Azure-pipeline-devops' }}
run: |
az list vm
[![enter image description here][2]][2]
on:
push:
branches:
- soubhagya
name: Deploy to Amazon ECS
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: af-south-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: new-cgafrica-backend
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Fill in the new image ID in the Amazon ECS task definition
id: cgafrica-new-backend-task
uses: aws-actions/amazon-ecs-render-task-definition#v1
with:
task-definition: task-definition.json
container-name: cgafrica-backend-container
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition#v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: cgafrica-backend-service
cluster: cgafrica-backend-cluster
wait-for-service-stability: true
Here is my yaml file code added. Please check
I have shared my task-definition.json and github actions pipeline progress.
But, I am getting some error Input required and not supplied: task-definition
Please let me know what is the issue here
The problem is in the last step - Deploy Amazon ECS task definition
The problematic part is ${{ steps.task-def.outputs.task-definition }} which doesn't refer to an existing step. There is not step with id task-def.
In order to work it should be: ${{ steps.cgafrica-new-backend-task.outputs.task-definition }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition#v1
with:
task-definition: ${{ steps.cgafrica-new-backend-task.outputs.task-definition }}
service: cgafrica-backend-service
cluster: cgafrica-backend-cluster
wait-for-service-stability: true