Know about GitHub Actions

What are GitHub Actions?

We always wanted to shift left our DevOps integration, build, and if possible deployments too. The simple reason is to get rid of multiple CI/CD tools, dashboards, logs, etc. Here is the good news, you can do build, test and deploy from GitHub, that’s too without having a shell, Ansible, or other custom scripts.

GitHub Actions enables you to build, test and deploy your code from GitHub itself. These are packaged scripts to automate tasks in a software development workflow in GitHub. It can be configured to trigger workflows, similar to the pipeline. You can mention steps and use actions in the workflow which will get triggered based on conditions e.g. on the pull request, commit. You can trigger it manually as well or schedule it.

Why GitHub Actions?

  1. There are multiple actions in GitHub Marketplace which you can use, or customize as per your need. There is no need to write longer groovy, shell, ansible, terraform, etc for each step in build and deployment.
  2. It’s all starts with the developer, and the developer has complete control over Actions.
  3. It’s easier to write as it’s declarative and completely in YAML format.
  4. There is no need of maintaining multiple tools like Jenkins for CI/CD, GitOps tools(ArgoCD), etc.
  5. The complete logs and details are visible in GitHub itself, and the pull request can be managed using Actions, if any workflow step fails, the PR can’t be merged.
  6. Several Actions create issues once the step fails, so we can automate creating issues based on build, test, security scan, or deployment failures.
  7. GitHub Actions uses GitHub Action secrets which can be created as shown below, this secret can be used in action as ${{secrets.YOUR_SECRET_NAME }}

8. We can use self-hosted runners or GitHub hosted runners to execute Actions.

How can we enable GitHub Actions?

Now, it’s time to do some implementation, let’s start with a small example.

Firstly, Where can I find actions? You can find a tab as shown below in screenshots in GitHub.

As shown in the screenshot, you can create your own workflow or use the marketplace for suggested GitHub Actions.

Here I am using an example for build a python code, do a static code scan with Sonarqube, build an image, deploy it to AWS ECS and scan ALB with Zap.

This yaml will get created at: <repo_location>/.github/workflows/<workflow_file_name>.yaml

The above workflow jobs are as below:

  1. Build job test the python code with pytest and flake8 and fails if there are errors.
  2. After the build is successful, static code test and code coverage run using Sonarqube.
  3. The last deploy job contains:

a. Configure AWS creds from Git secrets.

b. Build, tag, and push the image to AWS ECR.

c. Fill in the new image ID in the Amazon ECS task definition

d. Download task definition

e. Fill in the new image ID in the Amazon ECS task definition

f. Deploy Amazon ECS task definition

3. After deployment run ZapProxy to scan the ALB URL for OWASP.

There are multiple steps/jobs you can add as per requirement, it’s very easy to write and implement.

You can find below links to learn more about GitHub Actions:

Also, to find multiple actions you can browse through the below link:

Please tune in if you want to know more about Actions, and please comment if you are facing any issues while implementation, I will try my best to help, and will be very happy to do that.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store