CI/CD with GitHub Actions
Overview
The current setup is leveraging GitHub Actions and Kyma to create a CI/CD pipeline for building, releasing and deploying Docker image with XSK packaged with your application content.
Prerequisites
Create Service Account in Kyma for the CI/CD pipeline, as described bellow:
- Navigate to your Kyma cluster.
- Select your namespace (e.g.
default). - Go to
Configuration→Service Accounts. - Click the
Create Service Accountbutton. - Enter the service account name (e.g.
xsk).
Create Cluster Role in Kyma for the CI/CD pipeline, as described bellow:
- Navigate to your Kyma cluster.
- Go to
Configuration→Cluster Roles. - Click the
Create Cluster Rolebutton. - Enter the cluster role name (e.g.
xsk). - Add the following
API Groups:- (core)
- apps
- servicecatalog.k8s.io
- networking.istio.io
- servicecatalog.kyma-project.io
- gateway.kyma-project.io
- Select
*in theResourcesdropdown, to match all resources. - Select
*in theVerbsdropdown, to match all verbs. - Click the
Createbutton.
Create Cluster Role Binding of the Cluster Role to the Service Account:
- Navigate to your Kyma cluster.
- Go to
Cluster Role Bindings→Cluster Roles. - Enter the cluster role binding name (e.g.
xsk-default, note that the name is not namespace specific and should be unique for the whole cluster). - Select the
Cluster Role(e.g.xsk). - Switch the
KindtoServiceAccount. - Select the desired namespace (e.g.
default). - Select the service account (e.g.
xsk).
Copy the Service Account token as later will be needed for the KYMA_TOKEN secret:
- Navigate to your Kyma cluster.
- Go to
Configuration→Service Accounts. - Select the
Service Account(e.g.xsk). - Select the secret for more details (e.g.
xsk-token-wf6jk). - Click the
Decodebutton to decode the secret. - Copy the
tokenvalue (e.g.eyJhbGciOiJS...).
Setup
- Navigate to your GitHub repository.
- Create
.github/workflows/<pipeline-name>.yamlfile with the following content:
Info
The following GitHub Action builds XSK based Docker image for your application and push it to your Docker registry.
Note: Replace the <your-organization>/<your-repository> placeholder with a default organization and repository where the Docker image will be pushed (can be changed when triggering the GitHub Action).
name: Build Application Image
on:
workflow_dispatch:
inputs:
xskRepository:
description: XSK Repository
required: true
type: choice
options:
- 'dirigiblelabs/xsk-kyma'
- 'dirigiblelabs/xsk-kyma-runtime-distro'
- 'dirigiblelabs/xsk-cf'
- 'dirigiblelabs/xsk'
xskVersion:
description: XSK Version
required: true
default: 'latest'
applicationRepository:
description: Application Repository
required: true
default: '<your-organization>/<your-repository>'
applicationReleaseVersion:
description: Application Release Version
required: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Release Input Parameters
run: |
echo "Release Type: ${{ github.event.inputs.releaseType }}"
echo "Application Repository: ${{ github.event.inputs.applicationRepository }}"
echo "Application Release Version: ${{ github.event.inputs.applicationReleaseVersion }}"
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Build Dockerfile
run: |
[ ${{github.event.inputs.xskRepository}} != 'dirigiblelabs/xsk-kyma-runtime-distro' ] &&
PUBLIC=('
RUN mkdir -p "/usr/local/tomcat/target/dirigible/repository/root/registry/public/"
COPY . "/usr/local/tomcat/target/dirigible/repository/root/registry/public/"
RUN rm -rf "/usr/local/tomcat/target/dirigible/repository/root/registry/public/Dockerfile"
RUN rm -rf "/usr/local/tomcat/target/dirigible/repository/root/registry/public/.github/"
') ||
PUBLIC=('COPY . "/usr/local/tomcat/target/dirigible/repository/root/registry/public/"')
DOCKERFILE_CONTENT=$(cat << EOF
FROM ${{ github.event.inputs.xskRepository }}:${{ github.event.inputs.xskVersion }}
$PUBLIC
EOF
)
echo "$DOCKERFILE_CONTENT" >> Dockerfile
echo "$DOCKERFILE_CONTENT"
- name: Docker Login
run: docker login ${{secrets.DOCKER_REGISTRY}} -u ${{secrets.DOCKER_USERNAME}} -p ${{secrets.DOCKER_PASSWORD}}
- name: Build Application Image
run: |
docker build . -t ${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:${{ github.event.inputs.applicationReleaseVersion }}
docker tag ${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:${{ github.event.inputs.applicationReleaseVersion }} ${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:latest
docker push ${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:${{ github.event.inputs.applicationReleaseVersion }}
docker push ${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:latest
Info
The following GitHub Action deploys your XSK based Docker image to your Kyma cluster via Helm.
Note: Replace the <your-organization>/<your-repository> placeholder with a default organization and repository where the Docker image will be pushed (can be changed when triggering the GitHub Action).
name: Deploy Application Image
on:
workflow_dispatch:
inputs:
applicationRepository:
description: Application Repository
required: true
default: '<your-organization>/<your-repository>'
applicationReleaseVersion:
description: Application Release Version
required: true
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Setup Kube Config File
env:
KYMA_CERTIFICATE: ${{ secrets.KYMA_CERTIFICATE }}
KYMA_SERVER: ${{ secrets.KYMA_SERVER }}
KYMA_TOKEN: ${{ secrets.KYMA_TOKEN }}
run: |
mkdir $HOME/.kube
echo "
apiVersion: v1
kind: Config
current-context: xsk
clusters:
- name: xsk
cluster:
certificate-authority-data: $KYMA_CERTIFICATE
server: $KYMA_SERVER
contexts:
- name: xsk
context:
cluster: xsk
user: xsk
users:
- name: xsk
user:
token: $KYMA_TOKEN" > $HOME/.kube/config
- name: Export Kyma Host
run: |
export KYMA_API_SERVER=${{ secrets.KYMA_SERVER }}
echo "KYMA_HOST=${KYMA_API_SERVER:12}" >> $GITHUB_ENV
- name: Helm Upgrade Application Instance
run: |
helm repo add xsk https://www.xsk.io
helm repo update
helm upgrade --install xsk xsk/xsk \
--set kyma.enabled=true \
--set kyma.host=$KYMA_HOST \
--set hana.enabled=true \
--set hana.url='jdbc:sap://${{ secrets.HANA_URL }}/?encrypt=true&validateCertificate=false`' \
--set hana.username=${{ secrets.HANA_USERNAME }} \
--set hana.password='${{ secrets.HANA_PASSWORD }}' \
--set persistentVolumeClaim.enabled=false \
--set deployment.strategyType=RollingUpdate \
--set application.privateDockerRegistry=true \
--set application.dockerServer=${{secrets.DOCKER_REGISTRY}} \
--set application.dockerUsername=${{secrets.DOCKER_USERNAME}} \
--set application.dockerPassword=${{secrets.DOCKER_PASSWORD}} \
--set application.dockerEmail=${{secrets.DOCKER_EMAIL}} \
--set application.image=${{secrets.DOCKER_REGISTRY}}/${{ github.event.inputs.applicationRepository }}:${{ github.event.inputs.applicationReleaseVersion }}
GitHub Secrets
The following GitHub Secrets are required in order to successfully run the previously created GitHub Actions. To create GitHub secret:
- Navigate to your GitHub repository.
- Open the
Settingstab. - Go to
Secrets→Actions. - Click the
New Repository Secretbutton.
| Name | Description | Required for |
|---|---|---|
DOCKER_REGISTRY |
The Docker Registry (e.g. docker.io, ghcr.io, etc.) |
Build |
DOCKER_USERNAME |
The Docker Username (<your-docker-username>) |
Build |
DOCKER_PASSWORD |
The Docker Password (<your-docker-password>) |
Build |
DOCKER_EMAIL |
The Docker Email (<your-docker-email>) |
Deploy |
HANA_URL |
The HANA Cloud URL (e.g. 7512c2q1-...:443) |
Deploy |
HANA_USERNAME |
The HANA Cloud Username (<your-hana-cloud-username>) |
Deploy |
HANA_PASSWORD |
The HANA Cloud Password (<your-hana-cloud-password>) |
Deploy |
KYMA_CERTIFICATE |
The Kyma Certificate (e.g. LS0tLS1CRUdJTiBDRVJUS...) |
Deploy |
KYMA_SERVER |
The Kyma Server (e.g. https://api.c-a7b1c6...ondemand.com) |
Deploy |
KYMA_TOKEN |
The Kyma Token (e.g. eyJhbGciOiJSUzI1NiIsImtpZCI6In...) |
Deploy |