Github Actions

Various applications are moving from Travis CI to Github Actions for their CI/CD pipeline. While not a requirement, using Github Actions is preferred for CI/CD.

• It provides seamless integration since it’s part of Github and can stay within the site when reviewing pull requests.
• Staying on the Github site allows us to manage permissions and security settings in the repo instead of navigating to a different site.
• DevOps has worked on providing a smooth Open ID Connect (OIDC) auth integration so Travis keys are not rotated every few months.
• There’s a large community and marketplace with pre-built action templates that can be add to projects.

Resources:

• Github’s quickstart guide.

Deploying to AWS

Applications are moving towards deployment with Docker on AWS Elastic Container Registry (ECR) and Elastic Container Service (ECS). The AWS account that an app deploys to varies per app and per portfolio team. When configuring AWS credentials with DevOps, make sure it’s the appropriate credentials for the desired AWS account for the QA and production actions – typically, the QA and production stacks are on different accounts such as nypl-dev and nypl, for example.

The following are good examples of Github Action scripts that build a Docker image, push it up to the appropriate ECR repository, and then deploy it to the appropriate ECS cluster.

• patron-info-poller
• drb-etl-pipeline
• digital-collections
• shared-ruby

While the above examples can serve as a template, there are a few things to note:

• Make sure to have the following before the jobs step which is needed for OIDC:

permissions:
  id-token: write
  contents: read

• Every AWS account has a different IAM key. Make sure to update the role-to-assume configuration with the proper key obtained from DevOps.

- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v2
  with:
    role-to-assume: arn:aws:iam::[REPLACE-THIS]:role/GithubActionsDeployerRole
    aws-region: us-east-1

• In the build step, make sure to update the ECR_REPOSITORY with the app’s ECR repo name.
• In the aws ecs update-service command step, update the app’s ECS cluster and service name.

Tests and other actions

Github Actions are also great for running unit tests, creating git tags, publishing to npm, or running any other automated tasks.

Examples of Actions that run unit tests:

• patron-info-poller (python)
• circulation (python)
• research-catalog (node)
• digital-collections (node)

Other actions include but are not limited to:

• deploying to Github pages
• creating tags and publishing to npm