GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)

November 2021
IMPLEMENTING GITHUB
ACTION HANDLERS ON OCI
Phil Wilkins
Tech Evangelist & Ace Director
Phil.Wilkins@capgemini.com
uk.linkedin.com/in/philWilkins
@MP3Monster
blog.mp3monster.org / phil-wilkins.uk
Oracle-integration.cloud /

Presentation Title | Author | Date 2
© Capgemini . 2021. All rights reserved |
THE ABOUT ME …
https://blog.mp3monster.org/
publication-contributions/
Me in 5:
• Husband, Father, Blogger & Author
• Technical Architect, Tech Evangelist
• Work for Capgemini UK as part of a multi
award winning team
• Work with primarily open source + Oracle
middleware
• Know more – mp3monster.org
https://bit.ly/FluentdBook
https://bit.ly/ImplementingAPI
https://oracle-integration.cloud

CAPGEMINI IS ONE OF THE WORLD'S LARGEST CONSULTING, TECHNOLOGY, AND
OUTSOURCING FIRMS & A GLOBAL “FULL SERVICE” BUSINESS TRANSFORMATION PROVIDER
Group Workforce: 200,000+ Globally
Asia Pacific
Latin America
Canada
United States
Mexico
Brazil
Argentina
Europe
Morocco
Australia
People’s Republic of China
India
Chile
Guatemala
Russia
Singapore
Hong Kong
North
America
UK & Ireland
Nordics
Benelux
“It is the quality of our people, and their
capacity to deliver fitting solutions, with you
and for you, that drive real business results.”
Across 40+ countries, 100 nationalities
5Businesses
Revenue
12,8
Billion EUR (2017)
Central Europe
Morocco
Net Profit
€1,18B
 Targeting Value
 Mitigating Risk
 Optimising
Capabilities
 Aligning the
Organisation
Elements to
successful
collaboration
Application Services
Infrastructure
Services
Business Process
Outsourcing
Consulting
(Capgemini Consulting)
Local Professional
4

Flow of
GitHub Actions
Like Jenkins but different …
• Jenkins has slaves
• Jenkins slave most likely run the entire
pipeline
• Here more likely to break pipeline up
• Ability to make highly parallelized

Workers for
Github Actions
1
GitHub can provide runners (with a cost)
• Runs on Azure
• Some limitations in runner options
• More secure as GitHub  Azure hidden
from the internet

On-Prem
Workers for
Github Actions
2
Can deploy to different runners in different
locations.
• Possibilities for Bandwidth burst for
example
• GitHub Enterprise enables on-prem repos

Workers for
Github Actions
3
Runner setups are provided for major cloud
providers, but other clouds possible

Workers for
Github Actions
4
• Oracle provides a prebuilt runner
• Lots of resources on using GitHub Actions
through Oracle Developer community
channels

?
Network security
Workers for Github Actions
This is HTTP traffic over NET
going to the worker node –
need to consider security
BAU for the
developer.
Managing traffic
into GitHub will
need good control –
avoid unwanted
content as it can
cascade to our
workers.
New job work flow,
retuning results
HTTPS Flow
Key

How it changes a pipeline
PIPELINE IN GITHUB
ACTIONS

Java
Pipeline
Promote to
Next stage
Fail build
Code
prepository
Branching
/
Release
strategy
e.g.
GitFlow
Static
security
scan
e.g.
password/token
search
Dependency Mgmt & 3rd
Party Sourcing
Ensuring dependencies ok,
source from accepted source
Checked for malicious
content
Compile
Create
JAR
Sign
artefact
Static
Code
Analysis
Coding
errors,
coding
style
Unit
Testing
Unit
test,
capture
code
coverage
API
Testing
Test
as
an
API
provider
and
/or
as
a
consumer
User
Experience
&
Performance
Test
for
user
workflow
&
performance
Dynamic
Security
Testing
Test
code
for
classic
errors
Package
for
containers
Check
packaging
for
quality
&
security
Sign
artefacts
Add
to
trusted
registry
Store
in
registry
to
use
at
next
level
Generate
documentation
Build
/
update
documentation
directly
from
the
source
coide
In the ideal world a Java development pipeline might look like …

We might want multiple pipelines for different technologies…
We could get GitHub to trigger a monolithic
pipeline – but the communicating back
outcomes – not so easy
Our pipelines will be staged…

Promote to
Next stage
Fail build
Granular Pipeline for GitHub?
We could make the tasks very granular –
each step of the pipeline …
Best is probably a middle ground…

1. Get a GitHub runner resources …
1. registration token from the repo
2. Setup SSH key to be used by both ends – keygen or website like https://8gwifi.org/sshfunctions.jsp#
2. Create a configuration for our worker node(s)
• Options
– Terraform + Ansible to create environment
– Preconfigured cloud stack from Oracle (Arm Runner )-
https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oci-github-actions-
runner/releases/download/orm-deploy/orm.zip
3. Ensure all the necessary additional components are installed on the worker node
– Benefit of the Terraform + Ansible route is that will be incorporated into the process
– Using steps in a Action
4. Configure the GitHub Action
5. Trigger
6. Review runner response information
To get our pipeline working …
IMPLEMENTING A GITHUB ACTION …

Step
1.1

Step
1.2

Step
2.1
Follow the link
to jump into the
Stack tool with
the correct
image

Step
2.2

Step
2.3

Step
2.4

Step
2.5

Step
2.6

Step
2.7

Step
2.8

CONFIGURING
ACTIONS

Repo Events Scheduled Manual Triggers
- Event on a repository
- push or pull
- Fork
- Comments
- Deployment events
- Actions can be linked to head or
branch(es)
- Schedule can be defined using
the POSIX cron syntax
- https://crontab.guru/ - website
to formulate cron schedules
- Last editor of the schedule will
be notified
- Uses the API event
workflow_dispatch – needs to
be added to triggers
OR
- To make easy consider a gist to
prepopulate values
- Execute using a tool e.g. SoapUI
GITHUB FLOW TRIGGERS
on:
push:
branches:
- main
pull_request:
branches:
- main
on:
schedule:
# * is a special character in YAML so
you have to quote this string
- cron: '30 5,17 * * *'
on:
workflow_dispatch :
branches [main]
Step
4.0

PREBUILT TEMPLATES FOR COMMON NEEDS
Step
4.0

Step
4.1

# This workflow will install Python dependencies, run tests and lint
with a variety of Python versions
name: Python package
on:
push:
branches: [ main ]
workflow_dispatch:
branches: [ main ]
# pull_request:
# branches: [ main ]
jobs:
build:
runs-on: oci
strategy:
fail-fast: false
matrix:
# python-version: [3.6, 3.7, 3.8, 3.9]
python-version: [3.6]
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
python -m flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
python -m flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with pytest
run: |
python -m pytest
GITHUB ACTION
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Condition on which we
will trigger the job and
which parts of the
code base
We can set up the build to verify multiple
versions of Python (does require all to be
set up on the runner. The default runner
used only has 1 version of Python
Stops on the 1st error if set
Step
4.1
Make sure the necessary
tools are in place
Provide a name for the next
actions. Outputs split up using
named steps
We can link actions
to operations on
specific branches
Command-line instruction
for the Python lint tool
(flake8)
Command-line instruction
for flake8 to perform
complexity checks on the
code
Execute the pytest
configuration in the repo
Notation is YAML
Execute local shell
scripts

Step
6.1
Denotes successful
execution i.e. no steps
have been failed
Links to key operations
such as run, and displays
the associated name
Content is a capture of
stdout
Console output from
pytest
When things
fail in the CI
process

LOOKING
BEYOND THE
BASICS

GitHub YAML also allows:
• Retrieve files as artefacts to allow data sharing between jobs in the
same workflow
• Define dependencies between each job in a workflow
• Define environment variables e.g. setting values for the app being
tested such as port numbers
• Store secrets and reference them using GitHub secrets feature e.g.
passing passwords etc
• Define services such as launching containers e.g. hosting a DB in a start
state then dropping it for the next run
• Develop reusable workflows – e.g. common workflow for a Java app and
reuse across multiple Java applications
Other features:
• Allows the use of Bash Automated Testing System (BATS) and validation
of BATS version (https://github.com/bats-core/bats-core)
• Labelling to group runners to support certain Actions (e.g. link to the
necessary hardware, or deployment location)
• Extended security controls for Enterprise repositories
OTHER MORE ADVANCED FEATURES

1. How do we provide a good developer experience – in
terms of seeing test coverage and other analysis in a
consumable visual manner?
2. What if someone commits malicious code into my
repository?
3. Network security – access into our network from
GitHub?
4. One monolithic development pipeline or more discrete
jobs and orchestration in GitHub?
5. Runner clean-up – add IaC to teardown and replace
runners?
6. Use GitLab CI/CD or GitHub Actions – similar, but not
the same
THINGS TO CONSIDER IN BUILDING A GITHUB ACTIONS PIPELINE

The following are useful resources for working more with GitHub Actions
• Git Hub Actions documentation - https://docs.github.com/en/actions/learn-github-actions
• GitHub repository - https://github.com/actions
• Blog - https://blog.mp3monster.org/2021/07/05/oracle-cloud-github-actions/
• Oracle Originated posts:
• https://blog.kube-mesh.io/ci-cd-on-oracle-kubernetes-engine-using-github-action/
• https://blogs.oracle.com/cloud-infrastructure/post/announcing-github-actions-arm-runners-for-the-arm-
compute-platform-on-oracle-cloud-infrastructure
• https://blogs.oracle.com/developers/post/adventures-in-cicd-1-intro-getting-started-with-github-actions
• Docker with GitHub Actions https://docs.docker.com/ci-cd/github-actions/
• Terraform with GitHub Actions https://learn.hashicorp.com/tutorials/terraform/github-actions
USEFUL RESOURCES

This presentation contains information that may be privileged or confidential and
is the property of the Capgemini Group.
Copyright © 2021 Capgemini. All rights reserved.
Capgemini is a global leader in partnering with companies to transform and manage their
business by harnessing the power of technology. The Group is guided everyday by its
purpose of unleashing human energy through technology for an inclusive and sustainable
future. It is a responsible and diverse organization of 270,000 team members in nearly 50
countries. With its strong 50 year heritage and deep industry expertise, Capgemini is
trusted by its clients to address the entire breadth of their business needs, from strategy
and design to operations, fuelled by the fast evolving and innovative world of cloud, data,
AI, connectivity, software, digital engineering and platforms. The Group reported in 2020
global revenues of €16 billion.
About Capgemini
Get the Future You Want | www.capgemini.com

GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)

Similar to GitHub Actions - using Free Oracle Cloud Infrastructure (OCI) (20)

More from Phil Wilkins

More from Phil Wilkins (20)

Recently uploaded

Recently uploaded (20)

GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)

Editor's Notes