GitHub Actions with “workflow_dispatcher”

Today we all are following agile development mechanism and It’s very important we should use the best practices for deployment of application. The best case may differ a bit for all the use cases but It should be closer to the best.

Recently, while working on serverless application deployment pipeline. I think it will be thoughtful to write a blog post showcase to the requirement can leverage to change you strategy and approach once you started working on deployment of any product.

I had a requirement to setup CICD process for serverless deployment which uses lambda function, API gateway, custom domain and other related services. I started with following strategy

1. Branching strategy:

Should have multiple branches respective to environments say development, staging and

production.

2. Pull requests:

A developer should create a pull request to the development branch and it should test the code and on merge, it should deploy it in a development environment.

Fairly simple steps to perform the CICD process, but here is a catch.

GitHub doesn’t have a feature to get pull requests from a specific branch, and a user can by mistake create pull requests for the default branch let’s say production. If the code reviewer by mistake doesn’t check the pull request correctly by mistake he can land deploying untested code to production.

Here, comes the solution with workflow dispatcher.

Let’s start creating GitHub Environment let’s say development, staging, and production.

Now, let’s setup protection rule on the production and staging environment

So basically, the Idea here is the stuff will be get deployed to the development environment first, and then to push it to staging and production there will be sets of approval from the reviewers.

Sample workflow file:

name: Publish Service

on:
    release:
        types: [ published ]
    workflow_dispatch:
        inputs:
            releaseType:
                description: 'Where to release (dev, staging or prod)?'
                required: true
                default: dev
env:
    AWS_REGION: "us-east-1"
    DEV_STAGE: "development"
    STAGING_STAGE: "staging"
    PROD_STAGE: "production"
permissions:
    id-token: write
    contents: read
jobs:
    development:
        name: Deploy to Development
        runs-on: ubuntu-latest
        environment:
            name: development
            url: https://dev-api.domain.com
        strategy:
            matrix:
                node-version: [16.x]
        steps:
        - name: Checkout repository
          uses: actions/checkout@v3
        - name: Set up Node.js
          uses: actions/setup-node@v3
          with:
            node-version: ${{ matrix.node-version }}
        - name: Install dependencies
          run: npm install ci
        - name: Configure AWS credentials
          uses: aws-actions/configure-aws-credentials@v2
          with:
            role-to-assume: ${{ secrets.ASSUME_ROLE_ARN }}
            role-session-name: ${{ secrets.SESSION_NAME }}
            mask-aws-account-id: false
            aws-region: ${{ env.AWS_REGION}}
        - name: Deploy
          run: | #<block of commands>

    staging:
        if: github.event.inputs.releaseType == 'staging'
        name: Deploy to Staging
        runs-on: ubuntu-latest
        environment:
            name: staging
            url: https://staging-api.domain.com
        needs: [ development ]
        strategy:
            matrix:
                node-version: [16.x]
        steps:
        - name: Checkout repository
          uses: actions/checkout@v3
        - name: Set up Node.js
          uses: actions/setup-node@v3
          with:
            node-version: ${{ matrix.node-version }}
        - name: Install dependencies
          run: npm install ci
        - name: Configure AWS credentials
          uses: aws-actions/configure-aws-credentials@v2
          with:
            role-to-assume: ${{ secrets.ASSUME_ROLE_ARN }}
            role-session-name: ${{ secrets.SESSION_NAME }}
            mask-aws-account-id: false
            aws-region: ${{ env.AWS_REGION}}
        - name: Deploy
          run: | #<block of commands>
    production:
        if: github.event.inputs.releaseType == 'prod'
        name: Deploy to production
        runs-on: ubuntu-latest
        environment:
            name: production
            url: https://api.domain.com
        needs: [ staging ]
        strategy:
            matrix:
                node-version: [16.x]
        steps:
        - name: Checkout repository
          uses: actions/checkout@v3
        - name: Set up Node.js
          uses: actions/setup-node@v3
          with:
            node-version: ${{ matrix.node-version }}
        - name: Install dependencies
          run: npm install ci
        - name: Configure AWS credentials
          uses: aws-actions/configure-aws-credentials@v2
          with:
            role-to-assume: ${{ secrets.ASSUME_ROLE_ARN }}
            role-session-name: ${{ secrets.SESSION_NAME }}
            mask-aws-account-id: false
            aws-region: ${{ env.AWS_REGION}}
        - name: Deploy
          run: | #<block of commands>

Once we have uploaded the workflow to the main branch. We are good to go.

Go to GitHub actions and select workflow Publish Service

You can now Run workflow selecting branch and the environment which you want to deploy.

Conclusion:

We are all set to CICD process using workflow_dispatcher.

Reference: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows

Originally published at https://www.infinitonubo.com on July 13, 2023.