DeployNow
Advanced Deployment Options

CI/CD with GitHub Actions

What are GitHub Actions?

GitHub Actions allow you to automate workflows directly within your GitHub repository. It enables you to build, test, and deploy your code right from your repository, all in response to various events such as pushes, pull requests, issues, and more. GitHub Actions simplifies and streamlines the process of automating software development workflows, enabling teams to deliver high-quality code more efficiently.

Role of GitHub Actions in CI/CD use cases

Continuous Integration (CI) and Continuous Deployment (CD) have become essential practices in modern software development, offering numerous benefits such as improved code quality, faster release cycles, and greater team collaboration. Here are some common CI/CD use cases:

  1. Code quality and Security scanning: CI pipelines can enforce code quality standards by running static code analysis tools, linters, and code style checkers. This helps maintain consistent coding practices across the codebase and identifies potential issues early in the development process. Similarly, CI/CD pipelines can integrate with security scanning tools to identify vulnerabilities in the codebase and dependencies. Automated security checks help identify and remediate security issues early in the development process. Sonarqube is one of such tools that offers static code analysis and security scanning.
  2. Automated testing with policy-based Quality gates: CI systems automatically trigger tests whenever new code is pushed to the repository. This ensures that any changes made by developers do not introduce bugs or regressions. Tests can include unit tests, integration tests, end-to-end tests, and more. The result of the test cases can be passed to policy-based quality gates to validate whether the results match the policy thresholds set by the organization. One of the tools to achieve this is Open Policy Agent (OPA)
    1. The Open Policy Agent (OPA) server, an open-source engine that unifies policy enforcement across your entire stack, is now a part of DeployNow. That means DeployNow now allows you to build workflows that require validations using OPA policies.
    2. Additionally, DeployNow enables prebuilt GitHub Actions tailored for GitOps-based deployments. This provides a convenient way for teams to adopt and implement GitOps practices by offering ready-to-use automation workflows for infrastructure provisioning, application deployment, policy enforcement, monitoring, and more.
  3. Build Automation: CI tools automate the process of compiling code, packaging artifacts, and generating build artifacts such as binaries, Docker images, or deployment packages. This ensures that builds are reproducible and consistent across different environments.
  4. Deployment Automation: CD pipelines automate the deployment of code to various environments, such as development, staging, and production. Automated deployments reduce the risk of human error and speed up the release process.

DeployNow can be integrated with GitHub actions to achieve a full-fledged CI/CD pipeline. Here is how a CI/CD pipeline can be put in place using OpsVerse DeployNow and GitHub actions:

Pipeline flow

When a PR is merged to main / master branch, the CI/CD pipeline will be triggered. Following steps in the pipeline:

  1. Static code analysis and security scanning: Connects to a Sonarqube (SonarCloud or Self-hosted) instance via a GitHub action that is created and maintained by OpsVerse to trigger a static code analysis and vulnerability scan in the configured SonarQube instance.
  2. Policy-based quality gates: Once the scan on the codebase is completed, key metrics like cyclomatic complexity security rating, reliability rating, etc are fetched from SonarQube and are passed to the quality gates created using Open Policy Agent (OPA) using a GitHub action that is created and maintained by OpsVerse. The quality gates are as follows:
    1. Reliability gate: Evaluate the bug(s) in the code. The gate fails if the reliability rating increases beyond the maximum allowed rating threshold.
    2. Security gate: Evaluate the number of vulnerability issues in the code. The gate fails if the security rating increases beyond the maximum allowed rating threshold.
    3. Unit test gate: Evaluate the success rate of the unit cases, The gate fails if code coverage, etc. The gate fails if success rate is less than the mimum allowed threshold.
    4. Code coverage gate: Evaluate the code coverage report from the unit test report. The gate fails if code coverage is less than the minimum allowed threshold.
  3. Build a docker image and push the image to ECR/Harbor: Build the docker image of the application and push it to a repository like Harbor, ECR, etc.
  4. Update the image tag in the manifest repo: Once the Docker image is built and pushed to a repository, the image tag can be updated in the manifests repo automatically using a GitHub action that is created and maintained by OpsVerse.
  5. Deploy to lower environments like DEV/ STAGE: Once the image tag is updated in the manifests repo, deployment can be done automatically without any manual intervention in the DeployNow instance using a GitHub action that is created and maintained by OpsVerse.
  6. Run the integration test suite: A suite of integration test cases can be run on top of the newly deployed image in DEV/ STAGE environment. The result can be passed to a Policy-based quality gate that evaluates the success rate of test cases and fails if the success rate is less than the minimum allowed threshold.
  7. Deploy to PRODUCTION environment: Once the image tag is updated in the manifests repo, deployment can be done automatically without any manual intervention in the DeployNow instance using a GitHub action that is created and maintained by OpsVerse.
    
A full-fledged CI/CD pipeline
A full-fledged CI/CD pipeline




Did this page help you?
PREVIOUS
Argo CD Notifications
NEXT
SonarQube Action
Docs powered by Archbee