I want to set up self-hosted runners on a k8s cluster using actions-runner-controller.
My question is, given that as per the official docs, persistent runners are not recommended
Although not generally recommended, it’s possible to disable the
passing of the --ephemeral flag by explicitly setting ephemeral: false
in the RunnerDeployment or RunnerSet spec. When disabled, your runner
becomes “persistent”.
how can one leverage artifact caching when using this controller?
Where will the cache content will be stored in the k8s cluster, given that containers are ephemeral?
If you are not using the enterprise version, the caches will be handled by Github itself. I came across some similar problems at my self-hosted runner to create a cache for nodeJs, VueJs, and Java. Here's what I did:
VueJs (moving dist folder) (note the actions/upload-artifact#v3)
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
build-web:
runs-on: self-hosted
container:
image: node:14
steps:
- uses: actions/checkout#v3
- name: Build shc-web
run: |
yarn config set cache-folder .yarn
yarn
yarn run build
- uses: actions/upload-artifact#v3
with:
name: dist-folder
path: dist/
registry-web:
runs-on: self-hosted
needs: ['build-web']
steps:
- uses: actions/checkout#v3
- uses: actions/download-artifact#v3
with:
name: dist-folder
path: dist/
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shccp
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
Also, I used two different jobs to handle the build. It could be done in only one so there was no need to upload/download the dist. Actually, that was precisely what I had to do in the NodeJs action. The node_modules is just too big to be uploaded.
NodeJS:
name: CI
on:
push:
branches: [ "stage" ]
pull_request:
branches: [ "stage" ]
workflow_dispatch:
jobs:
ci-api:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: 14
- name: Build api
run: npm install
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
id: registry-aws
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shcapi
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
echo "::set-output name=image-tag::$REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID"
No cache is needed once it is done in a single job. That is a pretty nice feature of Github actions btw.
The Java cache, on the other hand, is handled by the following action:
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
ci-etlv4:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-java#v3
with:
distribution: adopt-openj9
java-version: 8
cache: 'maven'
- uses: stCarolas/setup-maven#v4.4
with:
maven-version: 3.8.2
- name: Build ETLv4
run: |
echo ${{ secrets.SETTINGS_BASE64 }} | base64 -d > settings.xml
mvn --settings settings.xml --global-settings settings.xml clean package -DskipTests=true
- uses: docker/login-action#v2
with:
registry: "iad.ocir.io"
username: ${{ secrets.OCI_REGISTRY_USER }}
password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
- uses: docker/setup-qemu-action#v2
- uses: docker/setup-buildx-action#v2
with:
driver: docker
- uses: docker/build-push-action#v3
with:
context: .
push: true
tags: XXXXX
The actions/setup-java#v3 can deal with the maven/gradle caches.
Hope it helps.
Related
I've been trying to follow the example provided by SonarCloud to set it up, but it doesn't work.
name: SonarCloud
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build and analyze
runs-on: macos-latest
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp#v1
- name: Run build-wrapper
run: |
build-wrapper-macosx-x86 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }}<insert_your_clean_build_command>
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
It always goes wrong in the Run build-wrapper-macosx-x86 production process.
Is there enough solution or sample code to guide me?
I'm working with Github Actions to push my site to S3 for continuous integration. Its working for my main branch. Was looking to have it push the site branch code to my Quality Assurance bucket.
Main branch -> live production S3 bucket
QA branch -> QA S3 bucket
name: Upload Website
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Deploy static site to S3 bucket
run: aws s3 sync . s3://PROD_Bucket --delete
I tried the following but it fails. I'm not sure if I'm misunderstanding the logic of the yaml.
name: Upload Website
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Deploy static site to S3 bucket
run: aws s3 sync . s3://PROD_Bucket --delete
on:
push:
branches:
- QA
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Deploy static site to S3 bucket
run: aws s3 sync . s3://QA_Bucket --delete
Is there an easy way to say "when commit is made to QA, go to bucket_2. When commit is made to main, go to bucket_1"?
Oh, you just need a second yaml under root/.github/workflows/
It would just be the second branch you want to whitelist. Duh.
I am trying to do ci/cd with github actions and aws code deploy to the ec2 instance.
I have one ec2 instance and three github repositories(each repository has their own gitflow as well)
name: Deployment
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
buildAndTest:
name: CI Pipeline
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [ '14.x' ]
steps:
- uses: actions/checkout#v2
# Initialize Node.js
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
# Install project dependencies, test and build
- name: Install dependencies
run: yarn
- name: Run build
run: yarn build
deploy:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: ['14.x']
appname: ['app_name']
deploy-group: ['group_name']
region: ['region']
needs: [buildAndTest]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout#v2
# Initialize Node.js
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
# Step 1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
# Step 2
- name: Create CodeDeploy Deployment
id: deploy
run: |
aws deploy create-deployment \
--application-name ${{ matrix.appname }} \
--deployment-group-name ${{ matrix.deploy-group }} \
--deployment-config-name CodeDeployDefault.OneAtATime \
--github-location repository=${{ github.repository }},commitId=${{ github.sha }}
It works good when I push or do pull request to one repo, but when I push two repo at once which means I am gonna push and deploy concurrently, only one is success and another one is failed.
version: 0.0
os: linux
files:
- source: .
destination: /var/www/source
hooks:
ApplicationStart:
- location: deploy.sh // yarn install and restart server.
timeout: 300
runas: root
What is really curious is that except main location(in ec2), some files excluding build or so in other repos(two) are removed ???
I am using the same application and group id for three repositories and Is it a problem?
Any help would be super helpful :)
AWS CodeDeploy application group can not make two deployments at the same time.
I'm learning CI CD to deploy REST API to VPS using Github Actions.
I am confused about how to make a dotenv file so that it is on the VPS server using Github Actions, because this REST API requires a Jsonwebtoken key and I have to insert it in the .env file. I've tried several ways but nothing works.
If you have the answer, please modify my .yml file below and include your answer so I can understand it clearly.
I really appreciate any answer.
name: Node.js CICD
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14.x]
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: create env file
run: |
touch .env
echo JWT_ACCESS_TOKEN_SECRET=${{ secrets.JWT_ACCESS_TOKEN_SECRET }} >> .env
- name: install and test
run: |
npm i
npm run build --if-present
npm run test
env:
CI: true
deploy:
needs: [test]
runs-on: ubuntu-latest
steps:
- name: deploy with SSH
uses: appleboy/ssh-action#master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.PRIVATE_KEY }}
port: 22
script: |
cd ~/apps/routeros-api
git pull origin master
npm i --production
pm2 restart routeros-api
The workflow in file inrisk.packages.ci.yml generates a tag and a realise of the code when a push is done in the develop branch. The below works as expected.
name: Code Int
on:
push:
paths:
- 'infra/**'
jobs:
ci:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- name: Basic Checks
run: |
whoami
ls -lah
pwd
- uses: actions/setup-node#v1
# Create a new release when on develop which triggers the deployment
- name: Bump version and push tag
if: github.ref == 'refs/heads/develop'
uses: mathieudutour/github-tag-action#v4.5
id: tag_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
if: github.ref == 'refs/heads/develop'
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
draft: false
prerelease: false
The below workflow in file inrisk.packages.cd.yml and is suppose to be triggered when ever a tag/realise is created/published.
name: Code Deploy
on:
push:
tags:
- 'v*'
release:
types:
- published
- created
- released
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
- name: Install Yarn
run: npm install -g yarn
- uses: chrislennon/action-aws-cli#v1.1
- name: Install, Build and Deploy
run: |
whoami
ls -lah
pwd
The second workflow Code Deploy dose not get trigger after Code Int publishes/created a tag/realise
However when I manually create a realise/tag the second workflow Code Deploy get triggered
This seems to be by design as stated here .This is to stop recursive workflow runs.
I used this article to get around the problem