I'm currently trying to do an automated deployment through github actions. Below is my current workflow yaml file:
name: Deploy AWS
on: [workflow_dispatch]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'Git: Checkout source code'
uses: actions/checkout#v1
- name: '.NET Core: Setup'
uses: actions/setup-dotnet#v1
with:
dotnet-version: '3.0.*'
- name: '.NET Core: Get dependencies'
run: dotnet restore
- name: '.NET Core: Build'
run: dotnet build --configuration Debug --no-restore
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: 'AWS: Generate build archive'
run: (cd ./project.Api/bin/Debug/netcoreapp3.0 && zip -r "../../../../${{ steps.format-time.outputs.replaced }}.zip" . -x '*.git*')
- name: 'AWS: Deploying build'
uses: einaregilsson/beanstalk-deploy#v14
with:
aws_access_key: { my_access_key }
aws_secret_key: { my_secret_key }
application_name: api_test
environment_name: my-api-test
version_label: "v${{ steps.format-time.outputs.replaced }}"
region: ap-southeast-2
deployment_package: "${{ steps.format-time.outputs.replaced }}.zip"
- name: 'AWS: Deployment complete'
run: echo Should be on EB now
The current elastic beanstalk environment is setup with a load balancer - which I think is the main issue being caused with the deployment failing. I haven't been able to find a solution on how to deploy to aws elastic beanstalk when the environment contains a load balancer.
I know you had already done this, but it will help needy one :-)
I'm new here so not able to write correctly in box, but yaml code starts from "name:dotnet.." till end ,indent yaml accordingly
name: dotnet -> s3 -> Elastic Beanstalk
on:
workflow_dispatch
#Setting up some environment variables
env:
EB_PACKAGE_S3_BUCKET_NAME : "php-bucket"
EB_APPLICATION_NAME : "dotnet-app"
EB_ENVIRONMENT_NAME : "Dotnetapp-env"
DEPLOY_PACKAGE_NAME : "dotnet-app-${{ github.sha }}.zip"
AWS_REGION_NAME : "af-south-1"
jobs:
build_and_create_Artifact:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout#v3
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 6.0.*
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: Publish
run: dotnet publish -c Release -o '${{ github.workspace }}/out'
- name: Zip Package
run: |
cd ${{ github.workspace }}/out
zip -r ${{ env.DEPLOY_PACKAGE_NAME }} *
- name: Upload a Build Artifact
uses: actions/upload-artifact#v3.1.0
with:
name: .Net-artifact
path: ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }}
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: "Copy artifact to S3"
run: aws s3 cp ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }} s3://${{ env.EB_PACKAGE_S3_BUCKET_NAME }}/
- name: "Build Successful"
run: echo "CD part completed successfully"
Deploy_Artifact:
needs: build_and_create_Artifact
runs-on: ubuntu-latest
steps:
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: "Create Elastic Beanstalk Application Version"
run : aws elasticbeanstalk create-application-version --application-name ${{ env.EB_APPLICATION_NAME }} --version-label version#${{ github.sha }} --source-bundle S3Bucket=${{ env.EB_PACKAGE_S3_BUCKET_NAME }},S3Key=${{ env.DEPLOY_PACKAGE_NAME }} --description SHA_of_app_is_${{ github.sha }}__Created_at__${{ steps.format-time.outputs.replaced }}
- name: "Deploy Application Version"
run: aws elasticbeanstalk update-environment --environment-name ${{ env.EB_ENVIRONMENT_NAME }} --version-label "version#${{ github.sha }}"
- name: "Successfully run CD pipeline"
run: echo "CD part completed successfully"
Related
I have followed this question How can I connect GitHub actions with AWS deployments without using a secret key?.
however i am trying to go one step further by dpeloying a lambda function using serverless.
what i have tried so far.
name: For Production
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
strategy:
matrix:
node-version: [16.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v2
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: ./backend-operations/package-lock.json
- name: Create env file
run: |
touch ./backend-operations/.env
echo JWKS_URI=${{secrets.JWKS_URI}} >> ./backend-operations/.env
echo AUDIENCE=${{ secrets.AUDIENCE }} >> ./backend-operations/.env
echo TOKEN_ISSUER=${{ secrets.TOKEN_ISSUER }} >> ./backend-operations/.env
- run: npm ci
working-directory: ./backend-operations
- run: npm run build --if-present
working-directory: ./backend-operations
- run: npm test
working-directory: ./backend-operations
- name: Install Serverless Framework
run: npm install -g serverless
- name: Configure AWS
run: |
sleep 5 # Need to have a delay to acquire this
export AWS_ROLE_ARN=arn:aws:iam::xxxxxxx:role/my-role
export AWS_WEB_IDENTITY_TOKEN_FILE=/tmp/awscreds
export AWS_DEFAULT_REGION=ap-southeast-1
echo AWS_WEB_IDENTITY_TOKEN_FILE=$AWS_WEB_IDENTITY_TOKEN_FILE >> $GITHUB_ENV
echo AWS_ROLE_ARN=$AWS_ROLE_ARN >> $GITHUB_ENV
echo AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION >> $GITHUB_ENV
curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=githubactions" \
| jq -r '.value' > $AWS_WEB_IDENTITY_TOKEN_FILE
sls deploy --stage prod --verbose
working-directory: './backend-operations'
# - name: Deploy to AWS
# run: serverless deploy --stage prod --verbose
# working-directory: './backend-operations'
- name: Upload coverage to Codecov
uses: codecov/codecov-action#v1
with:
token: ${{secrets.CODECOV_SECRET_TOKEN}}
I solved it using this using aws-actions/configure-aws-credentials github actions, as it sets temporary access key and id to environment.
Hence no need of creating aws programmticv keys from here on.
Note:- latest update of github OIDC has changed its domain name -> https://token.actions.githubusercontent.com
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Production-Deployment
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
strategy:
matrix:
node-version: [16.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v2
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: ./backend-operations/package-lock.json
- name: Create env file
run: |
touch ./backend-operations/.env
echo JWKS_URI=${{secrets.JWKS_URI}} >> ./backend-operations/.env
echo AUDIENCE=${{ secrets.AUDIENCE }} >> ./backend-operations/.env
echo TOKEN_ISSUER=${{ secrets.TOKEN_ISSUER }} >> ./backend-operations/.env
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#master
with:
aws-region: ap-southeast-1
role-to-assume: ${{secrets.ROLE_ARN}}
- run: npm ci
working-directory: ./backend-operations
- run: npm run build --if-present
working-directory: ./backend-operations
- run: npm test
working-directory: ./backend-operations
- name: Install Serverless Framework
run: npm install -g serverless
- name: Serverless Authentication
run: sls config credentials --provider aws --key ${{ env.AWS_ACCESS_KEY_ID }} --secret ${{ env.AWS_SECRET_ACCESS_KEY }}
- name: Deploy to AWS
run: serverless deploy --stage prod --verbose
working-directory: './backend-operations'
- name: Upload coverage to Codecov
uses: codecov/codecov-action#v1
with:
token: ${{secrets.CODECOV_SECRET_TOKEN}}
I am using GitHub Actions with CodeBuild but whenever I run the workflow I am getting error message:
STARTING CODEBUILD
[24](https://github.com/jude![Error|563x470](upload://3wIYvCwrkHB6AnfkeJqtWd1cSWI.png)
0143143/CodeBuild/runs/3692850080?check_suite_focus=true#step:4:24)Error: The security token included in the request is invalid
name: 'GitHub Actions For CodeBuild'
on:
pull_request:
branches:
- test
env:
tf_version: 'latest'
tg_version: 'latest'
jobs:
deploy:
name: 'Build and Deploy'
runs-on: ubuntu-latest
steps:
- name: 'checkout'
uses: actions/checkout#v2
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 3600
- name: Run CodeBuild
uses: aws-actions/aws-codebuild-run-build#v1
with:
project-name: CodeBuild
buildspec-override: stage/dev-env/buildspec.yml
env-vars-for-codebuild: |
TF_INPUT,
AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY,
AWS_REGION,
ROLE_TO_ASSUME,
ROLE_DURATION_SECONDS,
env:
TF_INPUT: false
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: us-east-1
ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}
ROLE_DURATION_SECONDS: 3600[![enter image description here][1]][1]
The error message indicates that the given role or keys are not valid to execute the action.
You set access key and secret key in both the 'configure AWS credentials' and 'Run CodeBuild' steps. Looking into the Repository for 'aws-actions/aws-codebuild-run-build#v1' it seems that it only needs to be configured in the first step. Not sure how many environments you are expecting to deploy to but if there is only one, then env is redundant.
https://github.com/aws-actions/aws-codebuild-run-build
Somethink like this I expect:
steps:
- name: 'checkout'
uses: actions/checkout#v2
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 3600
- name: Run CodeBuild
uses: aws-actions/aws-codebuild-run-build#v1
with:
project-name: CodeBuild
buildspec-override: stage/dev-env/buildspec.yml
My CI/CD pipeline that is using github workflows is failing giving the following error:
Error: Unable to process command '##[add-path]/opt/hostedtoolcache/aws/0.0.0/x64' successfully.
Error: The add-path command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the ACTIONS_ALLOW_UNSECURE_COMMANDS environment variable to true. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
This is my container.yml file
name: deploy-container
on:
push:
branches:
- master
- develop
paths:
- "packages/container/**"
defaults:
run:
working-directory: packages/container
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: npm install
- run: npm run build
- uses: chrislennon/action-aws-cli#v1.1
- run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_NAME }}/container/latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Any idea why this might be happening. Thanks in advance
I know the Tutorial which this is from, use
- name: ACTIONS_ALLOW_UNSECURE_COMMANDS
run: echo 'ACTIONS_ALLOW_UNSECURE_COMMANDS=true' >> $GITHUB_ENV
before
- uses: chrislennon/action-aws-cli#v1.1
and it should work.
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: npm install
- run: npm run build
- uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_NAME }}/container/latest
I'm trying to deploy my Django API on to Google App Engine using GitHub CI/CD, but I'm getting a strange error that doesn't provide any stack trace in my deploy job. My build job with unit tests and code coverage passes.
main.yaml:
name: Python application
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
defaults:
run:
working-directory: src
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:10.8
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: github_actions
ports:
- 5433:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout#v2
- name: Set up Python 3.9
uses: actions/setup-python#v2
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Test with Unittest
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_USER: ${{ secrets.DB_USER }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_HOST: ${{ secrets.DB_HOST }}
DB_PORT: ${{ secrets.DB_PORT }}
DB_ENGINE: ${{ secrets.DB_ENGINE }}
run: |
coverage run manage.py test && coverage report --fail-under=75 && coverage xml
mv coverage.xml ../
- name: Report coverage to Codecov
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_USER: ${{ secrets.DB_USER }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_HOST: ${{ secrets.DB_HOST }}
DB_PORT: ${{ secrets.DB_PORT }}
DB_ENGINE: ${{ secrets.DB_ENGINE }}
uses: codecov/codecov-action#v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
directory: ./coverage/reports/
fail_ci_if_error: true
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Deploy to App Engine
id: deploy
uses: google-github-actions/deploy-appengine#v0.2.0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
deliverables: app.yaml
credentials: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
version: v1
- name: Test
run: curl "${{ steps.deploy.outputs.url }}
app.yaml:
runtime: python39
instance_class: B1
service: deploy
basic_scaling:
max_instances: 1
idle_timeout: 10m
Here are the two errors I'm getting:
I also get another strange error in app.yaml, which causes the workflow to not run. I thought from the Google App Engine documentation for this file that we didn't need to include an on trigger. I'm not sure if it's caused by the error in main.yaml.
Is there an easy way to fix this error?
UPDATE: After trying v0.4.0 of the GitHub Action, I get the same error, but I found out that my GOOGLE_APPLICATION_CREDENTIALS are causing the error.
{
"type": "service_account",
"project_id": "***",
"private_key_id": "***",
"private_key": "-----BEGIN PRIVATE KEY-----***=\n-----END PRIVATE KEY-----\n",
"client_email": "***#appspot.gserviceaccount.com",
"client_id": "***",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/***%40appspot.gserviceaccount.com"
}
I replaced all private information with ***, but the JSON is definitely still valid.
Github has two kind of pages:
User
Projects
I have a User page. So I want to publish from the master branch. I want to use NuxtJS. NuxtJS generates a CI file when you install it. Following https://nuxtjs.org/docs/2.x/deployment/github-pages I also set up a CD file whereas I went for npm instead of yarn.
So I have
ci.yml
name: ci
on:
push:
branches:
- main
- master
pull_request:
branches:
- main
- master
jobs:
ci:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node: [14]
steps:
- name: Checkout 🛎
uses: actions/checkout#master
- name: Setup node env 🏗
uses: actions/setup-node#v2.1.2
with:
node-version: ${{ matrix.node }}
check-latest: true
- name: Cache node_modules 📦
uses: actions/cache#v2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies 👨🏻💻
run: npm ci
- name: Run linter 👀
run: npm run lint
cd.yml
name: cd
on: [push, pull_request]
jobs:
cd:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node: [14]
steps:
- name: Checkout
uses: actions/checkout#master
- name: Setup node env
uses: actions/setup-node#v2.1.2
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: npm ci
- name: Generate
run: npm run generate
- name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
Now if I understood it correctly: Those actions will generate and create the static sites i.e. the dist directory. In the cd.yml file we then set:
name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
So everything seems okay but we did use peaceiris/actions-gh-pages#v3 which seems to create a gh_pages branch, so it seems my cd.yml file might be wrong?
If I go to my user github page I just see the readme.md displayed. What do I do wrong?
Specify the publish_branch parameter for the actions-gh-pages action (see docs):
- name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
# new
publish_branch: master