Community Blog GitHub Actions + ACK: A Powerful Combination for Cloud-Native DevOps Implementation

GitHub Actions + ACK: A Powerful Combination for Cloud-Native DevOps Implementation

This article shares the combination and implementation of GitHub Actions Workflow with Alibaba Cloud Container Service for Kubernetes, along with several demos.

By Luo Jing (Yaojing)


According to the China Academy of Information and Communications Technology (CAICT), "The Investigation Report on the DevOps status quo in China (2020)", 63% of the enterprises have put DevOps into practice and adopted a continuous delivery pipeline to enable links, such as development, testing, deployment, and O&M. However, 20% of the enterprises reported the DevOps practice was too complex to implement. Self-built Jenkins requires self-deployment and plug-in O&M, and the CI/CD tool of the SaaS model was complicated to configure. Therefore, more convenient and lightweight tools are necessary to accelerate implementation.

Alibaba Cloud and GitHub released GitHub Actions Workflow, a service that can be deployed quickly to Alibaba Cloud Container Service for Kubernetes (ACK). There is no need for self-deployment and CI/CD tool maintenance. Based on the out-of-the-box GitHub Actions and Alibaba Cloud deployment template, the process of packaging and uploading applications to the Alibaba Cloud Container Registry (ACR) and deploying applications to Alibaba Cloud Container Service for Kubernetes (ACK) can be implemented automatically and quickly after the GitHub code is changed. This article provides detailed descriptions from GitHub Actions and Alibaba Cloud Container Service and demos.

Figure 1 – GitHub Actions supports the Alibaba Cloud deployment template

GitHub Actions Workflow Released Jointly by GitHub and Alibaba Cloud

1. About GitHub Action

Figure 2 – GitHub Actions Homepage

GitHub Action is a built-in continuous integration tool launched by GitHub in October 2018 to simplify automated build, test, and deployment processes. GitHub Actions encapsulates continuously integrated atomic operations into Actions and then assembles multiple Actions into reusable templates based on the Workflow process definition to trigger the Actions execution automatically after GitHub events are updated.

GitHub Actions has the following features:

  • Out of the Box: GitHub Actions is a SaaS-based hosting service. Users can specify tasks to be executed within a GitHub VM or container through a declaration to ensure elastic extensibility during peak hours. Also, the task execution environment can be customized by adding machines hosted on the cloud or on the IDC to execute tasks.
  • Flexible and Convenient: It supports Linux, Windows, macOS, virtual machines, and containers. It also supports Node.js, Python, Java, Ruby, PHP, Go, Rust, .NET, and other languages and frameworks. Matrix construction is supported for parallel compatibility tests on multiple platforms and environments to improve the efficiency of software testing and integration.
  • Quota-Free: GitHub Actions is free-of-charge for public repositories and self-hosted runners. There are free storage and task running period for other GitHub specifications. A charge-based-on-quantity method is adopted after it exceeds the amount. For more information, please see this link.
  • Open Ecosystem: GitHub Actions is written in YAML scripts and can be edited and reused like code snippets. The GitHub Actions Marketplace provides GitHub Actions templates certificated by cloud vendors and third parties. You can use the templates directly or customize them.

The core concept of GitHub Actions is divided into the following four parts:

  1. Workflow: It is a continuous integration and operation process based on the code repository. It can be triggered at a fixed time or by GitHub events. Workflow files are defined in YAML format and stored in the .github/workflows directory of the code repository. A code repository can have multiple Workflow files. GitHub runs this Workflow in parallel once it identifies the .yaml file in the directory.
  2. Job: A Workflow consists of multiple Jobs. The Jobs will be executed concurrently by default. The Jobs can also be set to run in sequence to implement Workflow with logical dependencies.
  3. Step: A Job consists of multiple Steps. Steps under the same Job are executed on the same Runner to ensure environment and data sharing.
  4. Action: A Step consists of multiple Actions. Actions is an independent command set that is also defined based on YAML code. Actions can be edited, reused, and shared by developers like code.

The following is a simple GitHub Actions Workflow example. A Job consisting of two Steps is defined below. The first Step reuses the community template actions/checkout@v2 to check out the current code repository. The second Step executes the Bash command directly.

name: Greeting
on: push

    name: My Job
    runs-on: ubuntu-latest
    - name: Checkout
      uses: actions/checkout@v2
    - name: Greeting
      run: |
        echo 'Welcome to Alibaba Cloud!'

The GitHub Actions Workflow released jointly by GitHub and Alibaba Cloud defines multiple Steps, supporting quick building and deployment to Alibaba Cloud Container Service for Kubernetes (ACK). For the detailed definition of a Workflow, please see this link.

2. Alibaba Cloud Container Service

If GitHub Actions is a powerful tool for DevOps practice, then Alibaba Cloud Container Service is the best interface for cloud-native DevOps implementation with various features and convenience. Alibaba Cloud Container Service for Kubernetes (ACK) is one of the first service platforms to pass the Kubernetes conformance certification worldwide. It provides a high-performance container application management service that supports lifecycle management for enterprise-level containerized applications. As the core containerization infrastructure in Alibaba Group, ACK has diverse application scenarios and experiences in e-commerce, real-time audio and video, database, message-oriented middleware (MOM), and AI. It supports a wide range of internal and external Double 11 activities. The container service is integrated with Alibaba's experience and capabilities in various large-scale scenarios and is open to public cloud customers. It provides more functions and improved stability and has won the top market share in the Chinese container market for many years.

Figure 3 – The Alibaba Cloud Container Service Family

In terms of application management, with large-scale Alibaba practices and various enterprise production practices, Alibaba Cloud has further enhanced the reliability and safety and provided Kubernetes clusters with reimbursable SLA – ACK Pro. As an extension of the original ACK-hosted Kubernetes clusters, ACK Pro has all the benefits of the original hosted Kubernetes clusters. For example, Master node hosting and Master node high availability. In addition, ACK Pro improves the reliability, security, and schedulability with reimbursable SLA supported. Therefore, ACK Pro is suitable for enterprise users with large-scale businesses in production environments that require higher stability and security.

In terms of application product management, Alibaba Cloud launched Container Registry Enterprise Edition (ACR EE) for enterprises with high security and performance requirements. ACR EE provides the first enterprise-level service with a separate instance in a public cloud. In addition to multi-architecture container images, ACR EE supports the hosting of multi-version Helm Charts, Operators, and other OCI-compliant products.

In terms of security governance, ACR EE provides security protection in multiple dimensions, such as network access control, security scanning, image signing, and security audit, helping enterprises upgrade from DevOps to DevSecOps. In the global distribution acceleration scenario, ACR EE optimizes the network links and scheduling policies to ensure a stable rate of successful cross-sea synchronization. In the large-scale big image distribution scenario, ACR EE supports on-demand loading. Image data can be downloaded without fully downloading the content and decompressed online, reducing the average container startup time by 60%. ACR EE has been put into production environments by many enterprises to ensure the secure hosting of cloud-native application products and the efficient distribution of multiple scenarios.

Cloud-Native DevOps Practices Based on GitHub Actions + ACK

The following GitHub Actions demonstrates how to package a simple NGINX application into a container image, host it to ACR, and then deploy it automatically to ACK. It helps implement the CI/CD process quickly and easily. For the GitHub Actions Demo, please see this link. Users can update the corresponding YAML file to customize business scenarios.

Figure 4 – The DevOps process based on GitHub Action

1. Preparations

2. Process

1) Create a Workflow

In the GitHub repository, click the Tab under Actions, and there will be Workflows recommended based on the current GitHub project. Select the Workflow template to be deployed on ACK.

Figure 5 – Actions built in the GitHub repository

Figure 6 – Select the Workflow to be deployed on Alibaba Cloud ACK

GitHub Actions creates an alibabacloud.yml file in the github/workflows directory of the code repository by default. Listening code is defined to publish the Release event in the YAML file. Once the event occurs, the subsequent integration deployment process is automatically triggered. Users can also search for related Actions on the right-side of the marketplace to customize the Actions steps of the Job.

2) Update Variable Information in Workflow

Env environment variables are defined in Workflow. The corresponding information, such as the region, container image service, and container service cluster, should be updated as the practical conditions. ACCESS_KEY_ID and ACCESS_KEY_SECRET define the access key information of an Alibaba Cloud account, which must be set in ciphertext in the corresponding Secrets of the repository.

Figure 7 – Update the corresponding environment variables in Workflow

Figure 8 – Update secret information

3) Automatic Deployment

After the configuration, when a Release event is published, the GitHub Actions is automatically triggered to execute the task by default. Click the Actions button to view the history and details of the corresponding tasks. The entire workflow is executed sequentially. Once one of the tasks fails, the entire workflow will be terminated. If high-risk security loopholes are detected after container images are pushed to ACR, the subsequent deployment of containers to ACK can be canceled immediately. After the construction, security scanning, and deployment are successfully completed, an NGINX service will be generated on the ACK server based on the new container image. The security risk identification and decision-making features are built during the whole procedure to implement the secure and efficient DevSecOps process.

Figure 9 – Workflow execution history

4) Extension

Users can look for the required Actions task template on GitHub Actions Marketplace to customize the Workflow process. GitHub Actions has a variety of Actions templates, covering code dependency, code integration, code quality, and other scenarios in multiple languages. A Workflow matrix that supports a multi-operation system under multi-language frameworks can be built quickly based on the templates to test multiple versions of the project in parallel.

Figure 10 – GitHub Actions Marketplace

A New Way for DevOps Implementation in the Cloud-Native Era

Compared to traditional Jenkins, GitHub Actions is a SaaS-based hosting service that does not require deployment or plug-in O&M. Convenient CI/CD scenarios can be implemented by defining or reusing the official Workflow. In contrast to Travis CI and Circle CI, GitHub Actions is a native tool by GitHub. With better integration experience and flexibility and more ecological support for the Actions Marketplace, it allows users to reuse and customize Workflows more conveniently.

GitHub Actions also provides built-in Workflows that support automatic building and pushing to ACR and automatically deploy ACK. It guides the way for DevOps implementation in the cloud-native era. Alibaba Cloud hopes to help more enterprises complete their digital transformation and architecture upgrades with cloud-native technology.

0 0 0
Share on

Alibaba Container Service

121 posts | 26 followers

You may also like


Alibaba Container Service

121 posts | 26 followers

Related Products