GitHub Action + ACK: cloud-native DevOps-Alibaba Cloud Developer Community

from: Alibaba Cloud Native 2021-03-15 963

introduction: according to the survey report on current situation of DevOps in China (2020) issued by the Institute of Information and Communications, 63% of enterprises have implemented DevOps and adopted continuous delivery pipeline to connect development, testing, deployment and operation. However, 20% of enterprises still reported that DevOps is complex in practice. Self-built Jenkins require self-deployment and plug-in O & M, while SaaS-based CI/CD tools are complex in configuration, we hope to have more lightweight and convenient tools to accelerate its transformation.
+ Follow to continue viewing

author | Yao Jing Source | Alibaba Cloud Native public account

according to the survey report on current situation of DevOps in China (2020) issued by the Institute of Information and Communications, 63% of enterprises have implemented DevOps and adopted continuous delivery pipeline to connect development, testing, deployment and operation. However, 20% of enterprises still reported that DevOps is complex in practice. Self-built Jenkins require self-deployment and plug-in O & M, while SaaS-based CI/CD tools are complex in configuration, we hope to have more lightweight and convenient tools to accelerate its transformation.

Currently, Alibaba Cloud and GitHub jointly released a GitHub Action Workflow for quick deployment to Alibaba Cloud ACK. You do not need to deploy and maintain CI/CD tools by yourself. Based on the out-of-the-box GitHub Action and Alibaba Cloud deployment templates, you can automatically package applications, build and upload Alibaba Cloud Container Registry (ACR), quickly Deploy to Alibaba Cloud container service ACK. This topic describes the GitHub Action, Alibaba Cloud container service, and practice Demo.

Figure 1 - GitHub Action supports Alibaba Cloud deployment templates

1. About GitHub Acticon

figure 2-GitHub Action homepage

GitHub Action is a built-in continuous integration tool launched by GitHub in October 2018. It simplifies the process of automated construction, testing, and deployment. GitHub Action encapsulates continuously integrated atomic operations into Actions, and then assembles multiple Actions into reusable templates based on Workflow process definitions. This automatically triggers the Action execution process after GitHub events are updated.

GitHub Action has the following features:

  • out of the box : GitHub Action is a SaaS-based hosting service that allows you to perform tasks in GitHub VM or containers to ensure elastic scaling during peak hours. In addition, you can add machines hosted on the cloud or on the on-premises data center to run tasks and customize the task execution environment.
  • Flexible and convenient : supports Linux, macOS, Windows, virtual machines, and container runtime environments. Supports multiple languages and frameworks such as Node.js, Python, Java, Ruby, PHP, Go, Rust, and. NET. Supports matrix construction to implement parallel compatibility testing for multiple platforms and environments, and improves the integration efficiency of software testing.
  • Free quota : The GitHub Action is free for public repositories and self-hosted runners, and free storage and task running hours for other GitHub specifications. If the amount exceeds the limit, the fee is charged on a pay-as-you-go basis. For more information, see 。.
  • Open ecosystem : GitHub Action are written in YAML scripts. They can be edited and reused like code snippets. GitHub Action Marketplace also provides cloud vendor certification and GitHub Action templates provided by the third party. You can directly use or customize these templates.

The core concepts of GitHub Action are divided into the following four parts:

  • Workflow : a continuous integration running process based on the code repository, which can be set to timing or triggered by GitHub events. Workflow files are defined in YAML format and stored in the. github/workflows Directory of the code repository. A code repository can have multiple Workflow files. GitHub recognizes the. yaml files in the directory and executes these Workflow in parallel.
  • Job : a Workflow consists of multiple jobs. By default, jobs are executed concurrently. You can also set the order of Job execution to implement Workflow that have logical dependencies.
  • Step : A Job consists of multiple steps. The Step of the same Job is executed on the same Runner to ensure that the environment and data are shared.
  • Action : A Step consists of multiple actions. Action is an independent command set and is also defined based on YAML code. Developers can edit, reuse, and share it like code.

name: Greeting
on: push

    name: My Job
    runs-on: ubuntu-latest
    - name: Checkout
      uses: actions/checkout@v2
    - name: Greeting
      run: |
        echo 'Welcome to Alibaba Cloud!'

The GitHub Action Worflow jointly released by GitHub and Alibaba Cloud defines multiple steps to quickly build and deploy it to Alibaba Cloud container service ACK. For more information about the definition of Workflow, see 。.

2. About Alibaba Cloud Container Service

if GitHub Action is using the Swiss army knife of DevOps, Alibaba Cloud container service is the best interface for implementing cloud-native DevOps, with rich functions and easy to use. Alibaba Cloud Container Service ACK(Alibaba Cloud Container Service for Kubernetes) is the first Service platform that has passed Kubernetes consistency certification in the world. It provides high-performance Container application management services and supports lifecycle management of enterprise-level Kubernetes containerized applications. As the core containerized infrastructure within Alibaba Group, ACK has a wide range of application scenarios and experience, including e-commerce, real-time audio and video, databases, message middleware, and artificial intelligence, support a wide range of internal and external customers during the Double 11 shopping festival. At the same time, container service integrates the experience and capabilities of various large-scale scenarios within Alibaba into products and is open to public cloud customers, improving richer functions and more outstanding stability, container Service has ranked first in the domestic container market for many years.

Figure 3-Alibaba Cloud Container Service product family

in Application Management in response to Alibaba's large-scale practices and extensive enterprise production practices, Alibaba Cloud has further enhanced reliability and security, and provided Kubernetes clusters with indemnificatory SLA-ACK Pro. ACK Pro cluster is a cluster type developed from the original ACK managed cluster. It inherits all the advantages of the original managed cluster, such as Master node hosting and Master node high availability. In addition, compared with the original managed version, it further improves the reliability, security, and scheduling performance of the cluster, and supports standard SLA compensation, which is suitable for large-scale business in the production environment, enterprise customers with high requirements for stability and safety.

In the field of application product management for enterprise customers with high security and performance requirements, Alibaba Cloud has launched the Container Registry Enterprise Edition ACR EE, providing enterprise-level services for the first dedicated instance in the public cloud. In addition to multi-architecture container images, ACR EE also supports hosting multi-version Helm Chart, Operator, and other OCI-compliant products. In the Security Governance section, ACR EE provides multi-dimensional security guarantees such as network access control, security scanning, Image signing, and security audit to help enterprises upgrade from DevOps to DevSecOps. In the global distribution acceleration scenario, ACR EE optimizes network links and scheduling policies to ensure a stable success rate of cross-sea synchronization. In large-scale image distribution scenarios, ACR EE supports loading on demand, enabling image data download-free and online decompression, reducing the average container startup time by 60%. Currently, many enterprise production environment models have been used ACR EE to ensure the secure hosting and efficient distribution of cloud-native application products for enterprise customers in multiple scenarios.

If you have any problems with the use of container images, welcome click to fill in the questionnaire , we will randomly select 10 participants and give them ACR EE coupons. .

the following demonstrates how to package a simple Nginx application into a container image, host it to Alibaba Cloud Container Registry (ACR), and automatically deploy it to Alibaba Cloud Container Service (ACK) based on GitHub Action, implement CI/CD process quickly and conveniently. For more information about GitHub Action Demo addresses, see,您可以更新对应Yaml文件,实现自定义业务场景 。.

Figure 4: DevOps process based on GitHub Action

1. Preliminary preparation

2. Practice process

1) create Workflow

in the code repository of GitHub, click the Tab page of the Actions. A Workflow that is recommended based on the content of the current GitHub project appears. Select the Workflow template to deploy to Alibaba Cloud ACK.

Figure 5-GitHub repository built-in Actions

figure 6-select the Workflow to deploy to Alibaba Cloud ACK

GitHub Action creates the alibabacloud.yml file in the code repository. github/workflows directory by default. Define the events that listen to Code Publishing Release in The YAML file. Once an event occurs, the subsequent integration deployment process is automatically triggered. You can also search for actions in the right-side market to customize the Action steps in the Job.

2) update the variable information in the Workflow

env environment variables are defined in the Workflow. You need to update the region, Container Registry, container service cluster, and other information as needed. ACCESS_KEY_ID and ACCESS_KEY_SECRET define the accesskey information of the Alibaba Cloud account, which must be set in ciphertext in the corresponding Secrets of the repository.

Figure 7-update the corresponding environment variables in the Worflow

Figure 8-update Secrets information

3) automatic deployment

after the configuration is completed, a Release is automatically triggered when a GitHub Action is published by default. Click Actions to view the task execution history and details. The entire workflow is executed sequentially. Once one of the tasks fails, the entire workflow is terminated. After a container image is pushed to ACR, it detects high-risk security vulnerabilities and immediately cancels the subsequent container deployment process to ACK. When the build, security scan, and deployment processes are successfully completed, an nginx service is generated on ACK based on the new container image. Security risk identification and decision-making are built into the entire link to implement a secure and efficient DevSecOps process.

Figure 9-workflow execution history

4) extension

you can find the required Action Task template on the GitHub Action Marketplace to customize the Workflow process. Currently, GitHub Action has a wide range of Action templates, covering code dependency, code integration, code quality, and other scenarios in multiple languages. You can quickly build a Workflow matrix that supports multi-operating systems and multi-language frameworks based on templates and test multiple versions of the project in parallel.

Figure 10-GitHub Action Marketplace

compared with traditional Jenkins tools, GitHub Action is a SaaS-based hosting service that does not require deployment and plug-in O & M. You only need to define or reuse official Workflow to implement convenient CI/CD scenarios. Compared with Travis CI and Circle CI,GitHub Action is a native tool launched by GitHub. It has better integration experience and flexibility, and provides more Action Marketplace ecosystem support, allowing users to reuse and customize Workflow more conveniently.

Now GitHub Action also supports the automatic build and push of Alibaba Cloud Container Registry ACR and the automatic deployment of Alibaba Cloud container service ACK Workflow to guide the new path of DevOps in the cloud native era. We hope to help more enterprises achieve digital transformation and architecture upgrade at the enterprise level while enjoying the benefits of cloud native technology.

Click to participate in the questionnaire survey , you may obtain a coupon for ACR EE Alibaba Cloud Container Registry Enterprise Edition!

Operations Kubernetes safety Cloud Native Devops jenkins application service middleware continuous Delivery scheduling container
github static web page idbcloud field github security github fork code use web on github
developer Community> alibaba Cloud Native
Selected, One-Stop Store for Enterprise Applications
Support various scenarios to meet companies' needs at different stages of development

Start Building Today with a Free Trial to 50+ Products

Learn and experience the power of Alibaba Cloud.

Sign Up Now