Java and docker compose example with a reusable workflow
Reusable test execution workflow
Key points:
– reusable workflow
– specify expression
– set specific permissions for the job
– specify input parameter for actions
– Upload an artifact
– specify condition for a job
– use a third party action
# it is a callable workflow on: workflow_call: jobs: maven-test: # Permissions required for EnricoMi/publish-unit-test-result-action@v2 permissions: contents: read issues: read checks: write pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 # action step - name: Set up JDK 11 uses: actions/setup-java@v3 # We specify the input parameter of the setup-java action with: java-version: '11' distribution: 'temurin' cache: maven # shell script step - name: Build with Maven run: mvn --batch-mode clean test # action step - uses: actions/upload-artifact@v3 # we upload the compose.yml file located at the root of the repository as 'compose.yml'. # next jobs can download it with: name: compose.yml path: compose.yml # action step - name: Publish Test Results uses: EnricoMi/publish-unit-test-result-action@v2 # This condition allows to process the test results whatever the result of the previous steps if: always() with: # multiple line syntax files: | target/surefire-reports/**/*.xml test-results/**/*.trx |
Master branch workflow
Key points:
– use another workflow
– specify expression
– set specific permissions for the job
– specify input parameter for actions
– Download an artifact
– use 3 docker actions to build (with buildx), log and push a docker image
name: workflow-on-master run-name: ${{ github.actor }} - workflow on master # the workflow is triggered when a push is detected on master on: push: branches: - master jobs: maven-test: # we use another workflow uses: ./.github/workflows/ga-run-test.yml # You need to specify same permission or bigger as the callable workflow/job permissions: contents: read issues: read checks: write pull-requests: write docker-build: name: Docker build and push image in docker hub # dependent job needs: maven-test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build Docker image uses: docker/build-push-action@v3 with: file: ./docker/Dockerfile context: . push: true tags: "ebundy/spring-boot-redis-repository-example:latest" cache-from: type=gha cache-to: type=gha,mode=max docker-compose-run: # dependent job needs: docker-build runs-on: ubuntu-latest steps: - uses: actions/download-artifact@v3 # we download the 'compose.yml' artifact uploaded in the maven-test job with: name: compose.yml - name: Docker Compose run # multiple line syntax run: | docker compose version docker compose ps docker compose down --remove-orphans || true docker compose up --force-recreate -d |
Feature branch workflow
Key points:
– specify on push events by exclusion
– use another workflow
– specify expression
– set specific permissions for the job
– specify input parameter for actions
name: workflow-on-feature-branch run-name: ${{ github.actor }} - workflow on feature-branch on: push: branches-ignore: - master - aws-ec2-ecr jobs: maven-test: uses: ./.github/workflows/ga-run-test.yml # You need to specify same permission or bigger as the callable job permissions: contents: read issues: read checks: write pull-requests: write |
Same java application but by pushing the image in aws ecr and by deploying the docker application in aws ec2 with CloudFormation
Key points:
– use another workflow
– specify expression
– set specific permissions for the workflow and the job
– specify input parameter for actions
– use an action for aws credentials configuration (OIDC and AssumeRoleWithWebIdentity way)
– use an action for aws login to public ecr
– setup node and install cdk
– configure finely the cache for maven dependencies with actions/cache
name: workflow-on-master run-name: ${{ github.actor }} - workflow on aws ec2 on: push: branches: - aws-ec2-ecr permissions: id-token: write contents: read jobs: maven-test: # if: false uses: ./.github/workflows/ga-run-test.yml # You need to specify same permission or bigger as the callable job permissions: contents: read issues: read checks: write pull-requests: write docker-build: name: Docker build and push image in public ecr # if: false needs: maven-test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Configure aws credentials uses: aws-actions/configure-aws-credentials@v1-node16 with: role-to-assume: arn:aws:iam::xxxxxxxx:role/github-action-role role-session-name: MySessionName aws-region: us-east-1 - name: Login to Public ECR uses: aws-actions/amazon-ecr-login@v1 with: registry-type: public - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build Docker image uses: docker/build-push-action@v3 with: file: ./docker/Dockerfile context: . push: true tags: "public.ecr.aws/myalias/spring-boot-redis-repository-example:latest" cache-from: type=gha cache-to: type=gha,mode=max docker-compose-deploy-and-run: permissions: id-token: write contents: read runs-on: ubuntu-latest # environment: aws-dev needs: "docker-build" steps: - uses: actions/checkout@v3 - name: Set up Node uses: actions/setup-node@v3 with: node-version: "18.12.1" - name: Install CDK run: | npm install -g aws-cdk - name: Configure aws credentials uses: aws-actions/configure-aws-credentials@v1-node16 with: role-to-assume: arn:aws:iam::xxxxxxxx:role/github-action-role role-session-name: MySessionName aws-region: "eu-west-3" - uses: actions/setup-java@v3 with: java-version: '11' distribution: 'corretto' - name: Cache local Maven repository uses: actions/cache@v3 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} #An ordered list of prefix-matched keys to use for restoring stale cache restore-keys: | ${{ runner.os }}-maven- - name: deploy to aws run: | cd src_cdk mvn clean install cdk deploy --require-approval=never |
Python and docker compose example
Key points:
– specify expression
– set specific permissions for the job
– specify input parameter for actions
name: workflow-on-master run-name: ${{ github.actor }} - workflow on master on: [ push ] jobs: python-test: permissions: contents: read issues: read checks: write pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: python-version: '3.10' cache: 'pip' # unique identifier for the step. You can use the id to reference the step in contexts. id: execute_test # A name for your step to display on GitHub.continue-on-error. # by default, it is the command in the run attribute or the action name - name: install dependencies and run tests run: | python -m pip install -r requirements.txt is_test_execution_success=0 python -m pytest tests --junitxml=report.xml || { is_test_execution_success=-1 && true; } echo "is_test_execution_success=${is_test_execution_success}" ls -lah pwd cat report.xml if [[ "${is_test_execution_success}" = "0" ]]; then echo "Test are successful"; else echo "Test are not successful"; exit 1; fi - name: Publish Test Results uses: EnricoMi/publish-unit-test-result-action@v2 # These conditions allows to process the test results whatever the result of the previous steps if: always() with: files: | report.xml build-image: needs: python-test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build Docker image uses: docker/build-push-action@v3 with: file: ./docker/Dockerfile context: . tags: "python_docker_build:1.0" cache-from: type=gha cache-to: type=gha,mode=max load: true |