- Introduction
- GitHub Actions - Demo 1
- GitHub Actions - CI/CD with AKS and Terraform - Demo 2
- GitHub Actions -- AKS CI/CD with PR and Merge - Demo 3
The aim of this repository is to demonstrate the capabilities of GitHub Actions in facilitating the continuous integration and continuous deployment (CI/CD) of web applications to Azure Kubernetes Service (AKS). GitHub Actions stands out as a robust automation platform that integrates seamlessly with GitHub repositories, enabling the automation of software workflows with relative ease.
Utilizing GitHub Actions, we are empowered to craft complex workflows that are capable of building, testing, and deploying code directly from our GitHub repositories. This versatile platform provides the means to react to various repository events, including push, pull requests, and merges, with automated processes executed in customizable virtual environments.
The sections that follow contain detailed descriptions of assorted labs. These are designed to showcase the practical application of CI/CD pipelines using GitHub Actions, offering a glimpse into how it adeptly manages the entire lifecycle of a web application, from the initial code commit to its eventual deployment.
This demonstration walks through a simple GitHub Actions workflow that is divided into three jobs: lint, test, and deploy. This workflow ensures that any new code pushed or merged into the main branch or any branch matching the sample1/** pattern goes through a Continuous Integration (CI) pipeline before deployment.
To use this workflow, push code changes to the main branch or create a pull request against it. You can also push changes to branches matching the sample1/** pattern. To manually trigger the workflow, use the GitHub UI to dispatch a new workflow run.
Customize this workflow by editing the .github/workflows/sample1-cicd.yaml file. You can modify the environment variables, runner type, and commands as needed for your project.
-
File: .github/workflows/sample1-cicd.yaml
-
Trigger: Push and pull request events to the main branch or the folder matching sample1/**.
-
This workflow can also be triggered manually via the workflow_dispatch event.
This job runs on the ubuntu-latest runner and performs the following steps:
-
Checks out the repository using actions/checkout@v3.
-
Installs dependencies with npm ci.
-
Runs linting with npm run lint.
This job depends on the lint job and also runs on the ubuntu-latest runner. It performs the following steps:
-
Checks out the repository using actions/checkout@v3.
-
Installs dependencies with npm ci.
-
Executes tests with npm run test.
This final job depends on the test job and runs on the ubuntu-latest runner. It performs the following steps:
-
Checks out the repository using actions/checkout@v3.
-
Installs dependencies with npm ci.
-
Builds the project with npm run build.
-
Deploys the code, with an echo command simulating the deployment process.
This demonstration walks through a GitHub Actions workflow designed to provision Azure resources using Terraform and deploy a .NET MVC application to Azure Kubernetes Service (AKS).
To use this workflow,
-
Ensure all the prerequisites secrets are set up in your GitHub repository.
-
Enable workflow .github/workflows/01-actions-ci-cd-aks-tf-backend-jobs.yml from Actions tab in GitHub.
-
Trigger the workflow by pushing changes to the monitored paths (aks_**) or manually via the Actions tab. Monitor the Actions tab for progress and logs.
-
For Pull Requests, push changes to main branch or when changes occur in the paths aks_infra/**, aks_kubernetes/**, or aks_MvcApp/**. Open a PR with changes in the same paths.
-
Manual trigger through workflow_dispatch.
-
Modify the workflow according to your requirements by updating environment variables to match your Azure environment and updating the .NET MVC Dockerfile and Kubernetes manifests as necessary.
This CI/CD pipeline is defined in the .github/workflows/01-actions-ci-cd-aks-tf-backend-jobs.yml file and consists of three main jobs:
-
create-terraform-infra: Sets up the Terraform backend in Azure, creates necessary Azure resources, and configures the Terraform state storage.
-
build-push-container: Builds a Docker container image for the MVC application, scans it for vulnerabilities, and pushes it to Azure Container Registry (ACR).
-
deploy-app-aks: Deploys the application to AKS using Kubernetes manifests.
-
Initializes and configures Terraform backend.
-
Replaces variables in terraform.tfvars.
-
Applies Terraform configuration to provision Azure resources.
-
Builds a Docker image from the .NET MVC application.
-
Scans the Docker image for vulnerabilities.
-
Pushes the Docker image to ACR.
-
Replaces image repository, name, and tag in the Kubernetes YAML deployment file.
-
Sets the AKS context for kubectl commands.
-
Deploys the application to AKS using Kubernetes manifests.
-
Runs kube-bench to check the cluster configuration.
This repository demonstrates a CI/CD pipeline that automates the deployment of a web application to Azure Kubernetes Service (AKS). It leverages GitHub Actions for the orchestration of workflow steps and Terraform for the underlying infrastructure provisioning. The process begins with a pull request, which triggers initial checks. Following a successful review and merge, the pipeline proceeds to construct the infrastructure and deploy the application onto AKS.
To run this workflow:
-
Set up all the prerequisites and required secrets in your GitHub repository.
-
Enable workflow .github/workflows/02-actions-ci-cd-aks-tf-backend-jobs.yml from Actions tab in GitHub.
-
To trigger workflow, make changes to the monitored paths to trigger the workflow or use the GitHub UI to manually dispatch a run.
-
On push: to the main branch, specifically for changes in aks_infra/, aks_kubernetes/, aks_MvcApp/, and the workflow file itself.
-
On pull request: against the main branch for the same paths.
-
Manually: through the workflow_dispatch event.
-
-
Monitor the GitHub Actions tab for execution status.
-
For customization, you may need to adjust the workflow file and associated configurations to fit your project's specifics. This can include:
-
Changing the Azure region and resource names.
-
Modifying the Dockerfile and Kubernetes manifest files.
-
Updating Terraform files for infrastructure provisioning.
-
This workflow is defined in .github/workflows/02-actions-ci-cd-aks-tf-backend-jobs.yml and consists of several jobs to plan and apply infrastructure changes, build and push a Docker container, scan for vulnerabilities, and deploy to AKS.
Plans the Terraform changes without applying them. This job runs on pull requests that haven't been merged.
Applies the Terraform plan to update the backend infrastructure. This job runs when a pull request is merged into the main branch.
Builds the Docker image for the MVC application, pushes it to Azure Container Registry (ACR), and scans it for vulnerabilities.
Deploys the application to AKS and performs a security assessment of the cluster configuration.
-
Azure subscription and appropriate permissions.
-
GitHub repository secrets configured with Azure credentials. This is setup in Settings for the repository. Paste output of this cmd as value of AZURE_CREDENTIALS. The remaining ARM secrets are also derived from the output of this cmd.
# az ad sp create-for-rbac --name "spn-githubactions" --role Owner --scope /subscriptions/<sub-id> --sdk-auth
- Terraform and Docker configurations in place.