Speeding Up Time to Market with Custom Ansible GitHub Actions

adriens - Feb 2 '22 - - Dev Community

Intro

Recently, we started to migrate our onPremise Jenkins/Gitlab based Continuous Integration platform to Github.com.

After having migrated our code and build tool from gradle to maven, implemented all the classic CI, including Continuous Delivery,

we wanted to go one step further : achieve Continuous Deployment.

This post is about how we achieved that, while relying on hybrid onPremise and Cloud services, and the software we developed to achieve that, with an industrial approach.

📘 Our mantra : getting platform oriented

Our core mantra that would drive all of our DevOPS decisions was to

perform a weak couplage... and avoid self hosted runners.

OPS would deliver us a ready to use platform (servers and deployment pipeline) while programmers (Dev and Ops) should integrate the OPS pipeline to implement the Continuous Deployment Pipeline.

⚡ The pipeline

Finally, we should get a whole pipeline as follows :

  1. Cloud : Code and deliver assets/artefacts or Docker images on Github.com
  2. onPremise: Delegate deploy tasks by calling dedicated & ready-to-use Ansible Tower Job

Below see the same version deployed to both environments :

Image description

On each deployment you can see the reference to the GH Action :

Image description

🚀 Deployment cases

We finally achieved the following deployment pipeline :

  • When a PR is merged into the develop branch : trigger a deployment on integration environment
  • When a released is triggered : a deployment in Qualification is triggered, but waiting for a reviewer to accept it
  • For production environment : same approach as previous item, eventually with different reviewers

📦 Package and deliver the Tower Action

To deliver the deployment, we naturally have chosen to implement a dedicated Github Action so other developers could use it too to implement deployment workflows.

Finally we managed to release this as a public action on Github Action Marketplace :

Image description

👉 Notice that we did put a lot of care to be able to produce public code, be able to manage secrets and not being too specific to our needs. This is an important part of our philosophy.

You can get a closer look as the action sourcecode below :

GitHub logo opt-nc / tower-deploy-action

Github action pour le deploiement d'application via Tower

DEV.to Test, Release

tower-deploy-action

This Github action aims to interact with Tower servers.

It connects to a Tower server and launches a job based on a template id, if needed an extra_vars file can be send.

Usage

See action.yml

If you need extra_vars data, you have to first checkout the repository you aim to deploy and that contains the extra_vars yaml file template The templated yaml file have to be put in the src/main/resource folder Default filename is tower_extra_vars_template.yml, if you want to use another filename, please use extravars_template_filename input.

Deploy an application from main branch

  integration-deploy
    name: Call deploy action
    runs-on: ubuntu-latest
    environment: integration
    steps:
      - name: Checkout my repo
        uses: actions/checkout@v2
      - name: Invoke deploy action
        uses: opt-nc/tower-deploy-action@v1.3.2
        with:
          vars: ${{ tojson(secrets) }}
          asset_url:  https://github.com/my_org/my_repo/releases/download/integration/my_app.jar
          tower_template_id : 45
          tower_url: ${{ secrets.TOWER_URL }}
          tower_password: ${{ secrets.TOWER_PASSWORD }}
Enter fullscreen mode Exit fullscreen mode
View on GitHub

⚙️ Maintaining the pipeline

As any kind of dependency, a Github Action needs to be maintained, and as an end user, you need to monitor that (I mean... you really have to).

Fortunately, since 2022/01/31 this can now be achieved through the standard dependency graph (the same way you monitor through any package managers like npm, NuGet, Maven, or RubyGems).

From any repository which uses Actions, you can now see your Actions workflows listed alongside any other dependencies in the Insights/Dependency Graph experience:

Image description

The dependency graph is the foundation of GitHub’s supply chain security capabilities because understanding what you depend on is a crucial first step toward securing software.

We can configure Dependabot version updates to keep your Actions dependencies up to date automatically... I mean as part of your development workflow through automated Pull requests.

See official Github Blog Post about this topic.

Benefits

During this first Github Action development we had the following benefits :

  • Even better code-related collaboration with OPS Teams for code around Tower calls and security concerns
  • Better questions and responsibility around deployment and the deployment reviews and roles
  • Generate DevOps metrics to get data driven around on this area
  • Optimize workflow to save money (switch from Docker image to js under investigation) : the faster your pipeline runs, the less money you spend
  • This discipline behind the mantra opens the door for a very wide range of deployments, making us very productive at no additional development cost
  • As on Github.com CPU time and storage come at a cost, cost and performance do now are investigated since the very beginning and are data-driven : we have started to shift left on these aspects too

Resources

  • Keeping an eye on GH public roadmap for more information about upcoming supply chain improvements in this area.

🎦 Intro to Gh Actions

🙏 Acknowledgements

I really want to thank all the people that made this first success possible : Dev, OPS, financial services, RSSI and CIO for their confidence. Without all this engagement this pipeline would have never been come true.

Image
Entenda como o golpe do boleto falso via e-mail ocorre e como se proteger
Image
Transforming Client Relations with AI-Enhanced CRM Solutions

crm, ai, machinelearning, productivity
Image
What is Staff Augmentation? Benefits and Best Practices

management, tutorial, softwareengineering
Image
Discover the Hayati Pro Ultra: A Premium Vaping Experience

hayati, hayatiproultra
Image
What does CORS really do? 🤔

webdev, beginners, programming, security
Image
Using the Open Policy Agent with Backstage!

opensource, opa, backstage, openpolicyagent
Image
Kreowanie Przestrzeni: Sztuka Aranżacji Wnętrz, Która Zmienia Wszystko
Image
How I can run elasticsearch locally for development using docker?

docker, elasticsearch, tutorial
Image
Keuntungan Pilih Situs Judi Online Menurut Ulasan
Image
Trik Simpel Mendapati Keuntungan Dari Bandar Judi Online Sah
Image
What’s the Best and Easiest Way to Embed Data Reporting into My Application? Learn More

embeddedreporting, reportingtools, reporting, dotnet
Image
Bi Fold Door Repairs: What No One Is Talking About
Image
The Ultimate Guide to eWallet App Development Costs in 2024

softwareengineering, softwaredevelopment, programming, development
Image
Ok then let’s find my community 😇
Image
Best VPN Service: 5 VPN Providers That Actually Deliver Results

vpn, bestvpn, topvpn, vpnprovider
Image
FREE Ebook: A Quick Guide to Expert .NET Reporting Tools
Image
Magia mebli: Jak stworzyć przestrzeń, która inspiruje
Image
daya magnet perjudian slots online
Image
My Beginner Journey with Goose: A New Tool for My DevOps Learning Path

goose, beginners, devops, ai
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .