GitHub Actions + ACK: A Powerful Combination for Cloud-Native DevOps Implementation
By Luo Jing (Yaojing)
According to the China Academy of Information and Communications Technology (CAICT), “The Investigation Report on the DevOps status quo in China (2020)”, 63% of the enterprises have put DevOps into practice and adopted a continuous delivery pipeline to enable links, such as development, testing, deployment, and O&M. However, 20% of the enterprises reported the DevOps practice was too complex to implement. Self-built Jenkins requires self-deployment and plug-in O&M, and the CI/CD tool of the SaaS model was complicated to configure. Therefore, more convenient and lightweight tools are necessary to accelerate implementation.
Alibaba Cloud and GitHub released GitHub Actions Workflow, a service that can be deployed quickly to Alibaba Cloud Container Service for Kubernetes (ACK). There is no need for self-deployment and CI/CD tool maintenance. Based on the out-of-the-box GitHub Actions and Alibaba Cloud deployment template, the process of packaging and uploading applications to the Alibaba Cloud Container Registry (ACR) and deploying applications to Alibaba Cloud Container Service for Kubernetes (ACK) can be implemented automatically and quickly after the GitHub code is changed. This article provides detailed descriptions from GitHub Actions and Alibaba Cloud Container Service and demos.
GitHub Actions Workflow Released Jointly by GitHub and Alibaba Cloud
1. About GitHub Action
GitHub Action is a built-in continuous integration tool launched by GitHub in October 2018 to simplify automated build, test, and deployment processes. GitHub Actions encapsulates continuously integrated atomic operations into Actions and then assembles multiple Actions into reusable templates based on the Workflow process definition to trigger the Actions execution automatically after GitHub events are updated.
GitHub Actions has the following features:
- Out of the Box: GitHub Actions is a SaaS-based hosting service. Users can specify tasks to be executed within a GitHub VM or container through a declaration to ensure elastic extensibility during peak hours. Also, the task execution environment can be customized by adding machines hosted on the cloud or on the IDC to execute tasks.
- Flexible and Convenient: It supports Linux, Windows, macOS, virtual machines, and containers. It also supports Node.js, Python, Java, Ruby, PHP, Go, Rust, .NET, and other languages and frameworks. Matrix construction is supported for parallel compatibility tests on multiple platforms and environments to improve the efficiency of software testing and integration.
- Quota-Free: GitHub Actions is free-of-charge for public repositories and self-hosted runners. There are free storage and task running period for other GitHub specifications. A charge-based-on-quantity method is adopted after it exceeds the amount. For more information, please see this link.
- Open Ecosystem: GitHub Actions is written in YAML scripts and can be edited and reused like code snippets. The GitHub Actions Marketplace provides GitHub Actions templates certificated by cloud vendors and third parties. You can use the templates directly or customize them.
The core concept of GitHub Actions is divided into the following four parts:
- Workflow: It is a continuous integration and operation process based on the code repository. It can be triggered at a fixed time or by GitHub events. Workflow files are defined in YAML format and stored in the
.github/workflowsdirectory of the code repository. A code repository can have multiple Workflow files. GitHub runs this Workflow in parallel once it identifies the .yaml file in the directory.
- Job: A Workflow consists of multiple Jobs. The Jobs will be executed concurrently by default. The Jobs can also be set to run in sequence to implement Workflow with logical dependencies.
- Step: A Job consists of multiple Steps. Steps under the same Job are executed on the same Runner to ensure environment and data sharing.
- Action: A Step consists of multiple Actions. Actions is an independent command set that is also defined based on YAML code. Actions can be edited, reused, and shared by developers like code.
The following is a simple GitHub Actions Workflow example. A Job consisting of two Steps is defined below. The first Step reuses the community template
actions/checkout@v2 to check out the current code repository. The second Step executes the Bash command directly.
name: My Job
- name: Checkout
- name: Greeting
echo 'Welcome to Alibaba Cloud!'
The GitHub Actions Workflow released jointly by GitHub and Alibaba Cloud defines multiple Steps, supporting quick building and deployment to Alibaba Cloud Container Service for Kubernetes (ACK). For the detailed definition of a Workflow, please see this link.
2. Alibaba Cloud Container Service
If GitHub Actions is a powerful tool for DevOps practice, then Alibaba Cloud Container Service is the best interface for cloud-native DevOps implementation with various features and convenience. Alibaba Cloud Container Service for Kubernetes (ACK) is one of the first service platforms to pass the Kubernetes conformance certification worldwide. It provides a high-performance container application management service that supports lifecycle management for enterprise-level containerized applications. As the core containerization infrastructure in Alibaba Group, ACK has diverse application scenarios and experiences in e-commerce, real-time audio and video, database, message-oriented middleware (MOM), and AI. It supports a wide range of internal and external Double 11 activities. The container service is integrated with Alibaba’s experience and capabilities in various large-scale scenarios and is open to public cloud customers. It provides more functions and improved stability and has won the top market share in the Chinese container market for many years.
In terms of application management, with large-scale Alibaba practices and various enterprise production practices, Alibaba Cloud has further enhanced the reliability and safety and provided Kubernetes clusters with reimbursable SLA — ACK Pro. As an extension of the original ACK-hosted Kubernetes clusters, ACK Pro has all the benefits of the original hosted Kubernetes clusters. For example, Master node hosting and Master node high availability. In addition, ACK Pro improves the reliability, security, and schedulability with reimbursable SLA supported. Therefore, ACK Pro is suitable for enterprise users with large-scale businesses in production environments that require higher stability and security.
In terms of application product management, Alibaba Cloud launched Container Registry Enterprise Edition (ACR EE) for enterprises with high security and performance requirements. ACR EE provides the first enterprise-level service with a separate instance in a public cloud. In addition to multi-architecture container images, ACR EE supports the hosting of multi-version Helm Charts, Operators, and other OCI-compliant products.
In terms of security governance, ACR EE provides security protection in multiple dimensions, such as network access control, security scanning, image signing, and security audit, helping enterprises upgrade from DevOps to DevSecOps. In the global distribution acceleration scenario, ACR EE optimizes the network links and scheduling policies to ensure a stable rate of successful cross-sea synchronization. In the large-scale big image distribution scenario, ACR EE supports on-demand loading. Image data can be downloaded without fully downloading the content and decompressed online, reducing the average container startup time by 60%. ACR EE has been put into production environments by many enterprises to ensure the secure hosting of cloud-native application products and the efficient distribution of multiple scenarios.
Cloud-Native DevOps Practices Based on GitHub Actions + ACK
The following GitHub Actions demonstrates how to package a simple NGINX application into a container image, host it to ACR, and then deploy it automatically to ACK. It helps implement the CI/CD process quickly and easily. For the GitHub Actions Demo, please see this link. Users can update the corresponding YAML file to customize business scenarios.
- Activate ACR, create a namespace and an image repository and refer to the document for help. If high security and high-performance distribution are required, we recommend using ACR EE instances. Please refer to the document for help.
- Activate ACK and create a cluster on the ACK and refer to the document for help. We recommend using ACK Pro for high security and performance requirements. Please refer to the document for help.
- Activate GitHub and create a repository. The code repository contains the business code and the application deployment template YAML. For reference, please see the sample code.
1) Create a Workflow
In the GitHub repository, click the Tab under Actions, and there will be Workflows recommended based on the current GitHub project. Select the Workflow template to be deployed on ACK.
GitHub Actions creates an
alibabacloud.yml file in the
github/workflows directory of the code repository by default. Listening code is defined to publish the Release event in the YAML file. Once the event occurs, the subsequent integration deployment process is automatically triggered. Users can also search for related Actions on the right-side of the marketplace to customize the Actions steps of the Job.
2) Update Variable Information in Workflow
Env environment variables are defined in Workflow. The corresponding information, such as the region, container image service, and container service cluster, should be updated as the practical conditions.
ACCESS_KEY_SECRET define the access key information of an Alibaba Cloud account, which must be set in ciphertext in the corresponding Secrets of the repository.
3) Automatic Deployment
After the configuration, when a Release event is published, the GitHub Actions is automatically triggered to execute the task by default. Click the Actions button to view the history and details of the corresponding tasks. The entire workflow is executed sequentially. Once one of the tasks fails, the entire workflow will be terminated. If high-risk security loopholes are detected after container images are pushed to ACR, the subsequent deployment of containers to ACK can be canceled immediately. After the construction, security scanning, and deployment are successfully completed, an NGINX service will be generated on the ACK server based on the new container image. The security risk identification and decision-making features are built during the whole procedure to implement the secure and efficient DevSecOps process.
Users can look for the required Actions task template on GitHub Actions Marketplace to customize the Workflow process. GitHub Actions has a variety of Actions templates, covering code dependency, code integration, code quality, and other scenarios in multiple languages. A Workflow matrix that supports a multi-operation system under multi-language frameworks can be built quickly based on the templates to test multiple versions of the project in parallel.
A New Way for DevOps Implementation in the Cloud-Native Era
Compared to traditional Jenkins, GitHub Actions is a SaaS-based hosting service that does not require deployment or plug-in O&M. Convenient CI/CD scenarios can be implemented by defining or reusing the official Workflow. In contrast to Travis CI and Circle CI, GitHub Actions is a native tool by GitHub. With better integration experience and flexibility and more ecological support for the Actions Marketplace, it allows users to reuse and customize Workflows more conveniently.
GitHub Actions also provides built-in Workflows that support automatic building and pushing to ACR and automatically deploy ACK. It guides the way for DevOps implementation in the cloud-native era. Alibaba Cloud hopes to help more enterprises complete their digital transformation and architecture upgrades with cloud-native technology.