The following is an example workflow YAML that includes a build job and a deploy job:
An example workflow YAML file
apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: build-n-deploy
# This repository event triggers the workflow.
on:
push:
branches:
- 'main'
jobs:
# Defines a job named `build`.
build:
steps:
- uses: cloudbees-io/checkout@v1
- name: build code
uses: docker://golang:1.20.3-alpine3.17
shell: sh
run: |
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
go version
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o build/app-main .
- uses: cloudbees-io/configure-aws-credentials@v0
id: aws-login
with:
aws-region: us-east-1
# A non-secret property defined in your CloudBees platform configuration, and visible to this component.
aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
# A secret property defined in your CloudBees platform configuration, and visible to this component.
aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
role-to-assume: service-ecr-role
role-duration-seconds: "3600"
- uses: cloudbees-io/configure-ecr-credentials@v0
- uses: cloudbees-io/kaniko@implicit-dockerconfig
with:
# Refers to the AWS account ID, output by the previous step (and using the step ID of `aws-login`).
destination: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image:latest
- uses: docker://mikefarah/yq:4-githubaction
env:
CHART_REPO: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image
CHART_TAG: latest
run: |
yq -i '.image.repository = strenv(CHART_REPO) | .image.tag = strenv(CHART_TAG)' charts/app/values.yaml
- id: helmpkg
name: Package Helm chart
uses: cloudbees-io/helm-package
with:
chart: ./charts/app
destination: ./packaged-charts
version: "0.0.1"
- name: Publish Helm chart
uses: cloudbees-io/helm-push
with:
chart: ${{ steps.helmpkg.outputs.chart }}
remote: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com
outputs:
chart-location: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app
chart-version: "0.0.1"
# Defines a job named `deploy`.
deploy:
needs:
- build
steps:
- uses: cloudbees-io/configure-aws-credentials@v0
with:
aws-region: us-east-1
aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
role-to-assume: service-eks-role
role-duration-seconds: "3600"
- uses: cloudbees-io/configure-eks-credentials@v0
with:
name: arch-saas
- uses: cloudbees-io/configure-ecr-credentials@v0
- uses: docker://alpine/helm:latest
# The `version` command parameter value refers to the chart version that is output by the `build` job, using `${{ needs.build.outputs.chart-version }}`.
run: |
helm upgrade \
--namespace dry-run-1702-2 \
--create-namespace \
--install \
--version ${{ needs.build.outputs.chart-version }} \
app-chart ${{ needs.build.outputs.chart-location }}
The workflow trigger
The example workflow starts with a push command to the main
repository branch, using the keyword on
.
apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: build-n-deploy
# This repository event triggers the workflow.
on:
push:
branches:
- 'main'
Steps in the build
job
A job named build
is defined in the example workflow, and contains the following steps:
-
CloudBees action: Check out a Git repository is invoked to check out the repository code.
-
A shell script to build a standard Go app is run in the specified container.
-
CloudBees action: Configure AWS credentials is invoked to fetch credentials from AWS for use in subsequent steps.
-
CloudBees action: Configure Amazon ECR credentials is invoked to sign in to an ECR private registry.
-
CloudBees action: Build and publish Docker images with Kaniko is invoked to build container images from a Dockerfile.
-
A GHA YAML processor is invoked.
-
CloudBees action: Package a Helm chart is invoked to package the referenced image as a Helm chart.
-
CloudBees action: Push a Helm chart is invoked to publish the Helm chart.
build
job containing the above stepsjobs:
# Defines a job named `build`.
build:
steps:
- uses: cloudbees-io/checkout@v1(1)
- name: build code(2)
uses: docker://golang:1.20.3-alpine3.17
shell: sh
run: |
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
go version
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o build/app-main .
- uses: cloudbees-io/configure-aws-credentials@v0(3)
id: aws-login
with:
aws-region: us-east-1
# A non-secret property defined in your CloudBees platform configuration, and visible to this component.
aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
# A secret property defined in your CloudBees platform configuration, and visible to this component.
aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
role-to-assume: service-ecr-role
role-duration-seconds: "3600"
- uses: cloudbees-io/configure-ecr-credentials@v0(4)
- uses: cloudbees-io/kaniko@implicit-dockerconfig(5)
with:
# Refers to the AWS account ID, output by the previous step (and using the step ID of `aws-login`).
destination: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image:latest
- uses: docker://mikefarah/yq:4-githubaction(6)
env:
CHART_REPO: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image
CHART_TAG: latest
run: |
yq -i '.image.repository = strenv(CHART_REPO) | .image.tag = strenv(CHART_TAG)' charts/app/values.yaml
- id: helmpkg(7)
name: Package Helm chart
uses: cloudbees-io/helm-package
with:
chart: ./charts/app
destination: ./packaged-charts
version: "0.0.1"
- name: Publish Helm chart(8)
uses: cloudbees-io/helm-push
with:
chart: ${{ steps.helmpkg.outputs.chart }}
remote: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com
outputs:
chart-location: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app
chart-version: "0.0.1"
Steps in the deploy
job
A job named deploy
is defined in the example workflow, and contains the following steps:
-
CloudBees action: Configure AWS credentials is invoked to fetch credentials from AWS for use in subsequent steps.
-
CloudBees action: Configure EKS credentials is invoked to connect to an EKS cluster.
-
CloudBees action: Configure Amazon ECR credentials is invoked to sign in to an ECR private registry.
-
A Helm version is updated.
deploy
job containing the above steps# Defines a job named `deploy`.
deploy:
needs:
- build
steps:
- uses: cloudbees-io/configure-aws-credentials@v0(1)
with:
aws-region: us-east-1
aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
role-to-assume: service-eks-role
role-duration-seconds: "3600"
- uses: cloudbees-io/configure-eks-credentials@v0(2)
with:
name: arch-saas
- uses: cloudbees-io/configure-ecr-credentials@v0(3)
- uses: docker://alpine/helm:latest(4)
# The `version` command parameter value refers to the chart version that is output by the `build` job, using `${{ needs.build.outputs.chart-version }}`.
run: |
helm upgrade \
--namespace dry-run-1702-2 \
--create-namespace \
--install \
--version ${{ needs.build.outputs.chart-version }} \
app-chart ${{ needs.build.outputs.chart-location }}