wiki/notebook/cloud.github-actions.org

:PROPERTIES:
:ID:       319b52f8-5e60-4bbf-b649-73d864ed186f
:END:
#+title: GitHub Actions
#+date: "2021-06-20 18:58:48 +08:00"
#+date_modified: "2021-09-24 22:19:21 +08:00"
#+language: en


#+ATTR_ORG: :width 550
[[file:assets/fds-visual-github-actions-description.png]]

- a CI/CD tool integrated into GitHub
- it is free for public repos but limited time per month for private repos
- focused into creating workflows which can be separate and applied in different contexts
  + a workflow is activated from an event
  + stored in ~.github/workflows~ in the remote repo
- each workflow can run a job which are composed of steps
- each step make uses an action which is basically a script;
  it can interact with the repo or do something else entirely without ever touching it
- you can use already defined actions or with your own
- if you want to explore other options, the [[https://github.com/marketplace][GitHub marketplace]] allows searching for various third-party actions


* Ecosystem

- the workflow allows you to create build artifacts;
  you have fine-grained control such as letting you [[https://github.com/marketplace/actions/upload-a-build-artifact][upload certain files to be artifacts]] and [[https://github.com/marketplace/actions/download-a-build-artifact][downloading them]] after a workflow run;
  it also enables sharing of data between jobs
- it can make automated releases


* Examples

With GitHub Actions being a massive ecosystem of integrations as of 2021-07-05, we have to find some examples in the worldwide community repos from there.


** Python version of an installation

The following block is a minimal example checking the Python version in the installation.

#+begin_src yaml  :tangle (my/concat-assets-folder "minimal-python-version.yaml")
name: Python version
on: [push]
jobs:
  check-python-version:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
      - run: python --version
#+end_src


** Docker container integration

In this case, we'll push an image to docker.io registry.

#+begin_src yaml  :tangle (my/concat-assets-folder "docker-image.yaml")
name: Docker build image
on: [push]
jobs:
    docker:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v2
            - name: Set up QEMU
              uses: docker/setup-qemu-action@v1
            - name: Setup Docker Buildx
              uses: docker/setup-buildx-action@v1
            - name: Login to DockerHub
              uses: docker/login-action@v1
              with:
                  username: ${{ secrets.DOCKERHUB_USERNAME }}
                  password: ${{ secrets.DOCKERHUB_TOKEN }}
            - name: Build and push
              id: docker_build
              uses: docker/build-push-action@v2
              with:
                  push: true
                  tags: ${{ secrets.DOCKERHUB_USERNAME }}/python-helloworld:latest
                  platforms: linux/amd64,linux/arm64
            - name: Image digest
              run: echo ${{ steps.docker_build.outputs.digest }}
#+end_src


** Building a Nix binary cache

We'll use [[id:366aeb8f-5a84-40c8-bf16-a919639790ab][Cachix]] as our binary cache service.
This makes it easier to setup and distribute your own project built with [[id:3b3fdcbf-eb40-4c89-81f3-9d937a0be53c][Nix package manager]].

#+begin_src yaml  :tangle (my/concat-assets-folder "cachix-build.yaml")
name: "Push packages into Cachix cache"
on:
  pull_request:
  push:
jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2.3.4
    - uses: cachix/install-nix-action@v13
      with:
        nix_path: nixpkgs=channel:nixos-unstable
    - uses: cachix/cachix-action@v10
      with:
        name: mycache
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
    - run: nix-build
    - run: nix-shell --run "echo OK"
#+end_src


** Multiple jobs with matrix

We'll use the GitHub Actions workflow file from the NUR template.
It is somewhat complex and it is doing a fine job showcasing some of GitHub Actions features.

#+begin_src yaml  :tangle (my/concat-assets-folder "nur-build.yaml")
name: "Build and populate cache"
on:
  pull_request:
  push:
  schedule:
    # rebuild everyday at 2:51
    # TIP: Choose a random time here so not all repositories are build at once:
    # https://www.random.org/clock-times/?num=1&earliest=01%3A00&latest=08%3A00&interval=5&format=html&rnd=new
    - cron:  '27 4 * * *'
jobs:
  tests:
    strategy:
      matrix:
        # Set this to notify the global nur package registry that changes are
        # available.
        #
        # The repo name as used in
        # https://github.com/nix-community/NUR/blob/master/repos.json
        nurRepo:
          - '<YOUR_NUR_REPO>'
        # Set this to cache your build results in cachix for faster builds
        # in CI and for everyone who uses your cache.
        #
        # Format: Your cachix cache host name without the ".cachix.org" suffix.
        # Example: mycache (for mycache.cachix.org)
        #
        # For this to work, you also need to set the CACHIX_SIGNING_KEY secret
        # in your repository settings in Github found at https://github.com/<your_githubname>/nur-packages/settings/secrets
        cachixName:
          - '<YOUR_CACHIX_NAME>'
        nixPath:
          - nixpkgs=channel:nixos-unstable
          - nixpkgs=channel:nixpkgs-unstable
          - nixpkgs=channel:nixos-21.05
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2.3.4
    - name: Install nix
      uses: cachix/install-nix-action@v13
      with:
        nix_path: "${{ matrix.nixPath }}"
    - name: Show nixpkgs version
      run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
    - name: Setup cachix
      uses: cachix/cachix-action@v10
      if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' }}
      with:
        name: ${{ matrix.cachixName }}
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
    - name: Check evaluation
      run: |
        nix-env -f . -qa \* --meta --xml \
          --allowed-uris https://static.rust-lang.org \
          --option restrict-eval true \
          --option allow-import-from-derivation true \
          --drv-path --show-trace \
          -I nixpkgs=$(nix-instantiate --find-file nixpkgs) \
          -I $PWD
    - name: Build nix packages
      # TODO switch to default nixpkgs channel once nix-build-uncached 1.0.0 is in stable
      run: nix run -I 'nixpkgs=channel:nixos-unstable' nixpkgs.nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs
    - name: Trigger NUR update
      if: ${{ matrix.nurRepo != <YOUR_NUR_REPO>' }}
      run: curl -XPOST "https://nur-update.herokuapp.com/update?repo=${{ matrix.nurRepo }}"
#+end_src
Add examples on GitHub Actions note Also added Cachix as a reminder for myself. I think I'll be using it more often at this point so. I didn't really used it previously. 2021-07-05 05:49:00 +00:00			`:PROPERTIES:`
			`:ID: 319b52f8-5e60-4bbf-b649-73d864ed186f`
			`:END:`
Update notes on the Cloud native computing course 2021-06-21 02:56:10 +00:00			`#+title: GitHub Actions`
			`#+date: "2021-06-20 18:58:48 +08:00"`
Update notebook as of 2021-10-09 Welp, I rarely take notes nowadays due to more specialized work and stuff. Though, I should have more incentives for writing. In other words, I'm just lazy. ;p More free-thinking morning sessions should be done soon. 2021-10-09 10:14:46 +00:00			`#+date_modified: "2021-09-24 22:19:21 +08:00"`
Update notes on the Cloud native computing course 2021-06-21 02:56:10 +00:00			`#+language: en`


			`#+ATTR_ORG: :width 550`
Update wiki on various topics This update is too large, I made too many notes on stuff. Nonetheless, it is very nice to see progress. I've made note revisions on the following topics: - Learning - Writing - Various Linux-related stuff I've yet to start learning illustration but I'll be starting tomorrow for an update how do I keep in mind with those writings. There are still a lot of things to be processed from the backlog with yet more notes on learning but I keep having those perspectives whenever I practice so ehhh... Better have those than nothing? Furthermore, I've also updated the timestamp format. It is pretty simple to update all of the notes with a couple of `sed` calls. Aaaand, I've also changed the way how the assets stored with the folders only leaving it up for the generated files instead of enforcing it on every note. I create more visual aids and managing them is a pain for each note. This restructuring frees me of that burden. 2021-07-20 11:52:43 +00:00			`[[file:assets/fds-visual-github-actions-description.png]]`
Update notes on the Cloud native computing course 2021-06-21 02:56:10 +00:00
			`- a CI/CD tool integrated into GitHub`
			`- it is free for public repos but limited time per month for private repos`
			`- focused into creating workflows which can be separate and applied in different contexts`
			`+ a workflow is activated from an event`
			`+ stored in ~.github/workflows~ in the remote repo`
			`- each workflow can run a job which are composed of steps`
			`- each step make uses an action which is basically a script;`
			`it can interact with the repo or do something else entirely without ever touching it`
Add examples on GitHub Actions note Also added Cachix as a reminder for myself. I think I'll be using it more often at this point so. I didn't really used it previously. 2021-07-05 05:49:00 +00:00			`- you can use already defined actions or with your own`
Update formatting on the command line notes Along with some extra updates for a note about GitHub Actions. 2021-07-10 14:20:08 +00:00			`- if you want to explore other options, the [[https://github.com/marketplace][GitHub marketplace]] allows searching for various third-party actions`
Add examples on GitHub Actions note Also added Cachix as a reminder for myself. I think I'll be using it more often at this point so. I didn't really used it previously. 2021-07-05 05:49:00 +00:00



Update notebook as of 2021-10-09 Welp, I rarely take notes nowadays due to more specialized work and stuff. Though, I should have more incentives for writing. In other words, I'm just lazy. ;p More free-thinking morning sessions should be done soon. 2021-10-09 10:14:46 +00:00			`* Ecosystem`

			`- the workflow allows you to create build artifacts;`
			`you have fine-grained control such as letting you [[https://github.com/marketplace/actions/upload-a-build-artifact][upload certain files to be artifacts]] and [[https://github.com/marketplace/actions/download-a-build-artifact][downloading them]] after a workflow run;`
			`it also enables sharing of data between jobs`
			`- it can make automated releases`




Add examples on GitHub Actions note Also added Cachix as a reminder for myself. I think I'll be using it more often at this point so. I didn't really used it previously. 2021-07-05 05:49:00 +00:00			`* Examples`

			`With GitHub Actions being a massive ecosystem of integrations as of 2021-07-05, we have to find some examples in the worldwide community repos from there.`


			`** Python version of an installation`

			`The following block is a minimal example checking the Python version in the installation.`

			`#+begin_src yaml :tangle (my/concat-assets-folder "minimal-python-version.yaml")`
			`name: Python version`
			`on: [push]`
			`jobs:`
			`check-python-version:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- uses: actions/checkout@v2`
			`- uses: actions/setup-python@v2`
			`- run: python --version`
			`#+end_src`


			`** Docker container integration`

			`In this case, we'll push an image to docker.io registry.`

			`#+begin_src yaml :tangle (my/concat-assets-folder "docker-image.yaml")`
			`name: Docker build image`
			`on: [push]`
			`jobs:`
			`docker:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v2`
			`- name: Set up QEMU`
			`uses: docker/setup-qemu-action@v1`
			`- name: Setup Docker Buildx`
			`uses: docker/setup-buildx-action@v1`
			`- name: Login to DockerHub`
			`uses: docker/login-action@v1`
			`with:`
			`username: ${{ secrets.DOCKERHUB_USERNAME }}`
			`password: ${{ secrets.DOCKERHUB_TOKEN }}`
			`- name: Build and push`
			`id: docker_build`
			`uses: docker/build-push-action@v2`
			`with:`
			`push: true`
			`tags: ${{ secrets.DOCKERHUB_USERNAME }}/python-helloworld:latest`
			`platforms: linux/amd64,linux/arm64`
			`- name: Image digest`
			`run: echo ${{ steps.docker_build.outputs.digest }}`
			`#+end_src`


			`** Building a Nix binary cache`

			`We'll use [[id:366aeb8f-5a84-40c8-bf16-a919639790ab][Cachix]] as our binary cache service.`
			`This makes it easier to setup and distribute your own project built with [[id:3b3fdcbf-eb40-4c89-81f3-9d937a0be53c][Nix package manager]].`

			`#+begin_src yaml :tangle (my/concat-assets-folder "cachix-build.yaml")`
			`name: "Push packages into Cachix cache"`
			`on:`
			`pull_request:`
			`push:`
			`jobs:`
			`tests:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- uses: actions/checkout@v2.3.4`
			`- uses: cachix/install-nix-action@v13`
			`with:`
			`nix_path: nixpkgs=channel:nixos-unstable`
			`- uses: cachix/cachix-action@v10`
			`with:`
			`name: mycache`
			`signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'`
			`- run: nix-build`
			`- run: nix-shell --run "echo OK"`
			`#+end_src`


			`** Multiple jobs with matrix`

			`We'll use the GitHub Actions workflow file from the NUR template.`
			`It is somewhat complex and it is doing a fine job showcasing some of GitHub Actions features.`

			`#+begin_src yaml :tangle (my/concat-assets-folder "nur-build.yaml")`
			`name: "Build and populate cache"`
			`on:`
			`pull_request:`
			`push:`
			`schedule:`
			`# rebuild everyday at 2:51`
			`# TIP: Choose a random time here so not all repositories are build at once:`
			`# https://www.random.org/clock-times/?num=1&earliest=01%3A00&latest=08%3A00&interval=5&format=html&rnd=new`
			`- cron: '27 4 * * *'`
			`jobs:`
			`tests:`
			`strategy:`
			`matrix:`
			`# Set this to notify the global nur package registry that changes are`
			`# available.`
			`#`
			`# The repo name as used in`
			`# https://github.com/nix-community/NUR/blob/master/repos.json`
			`nurRepo:`
			`- '<YOUR_NUR_REPO>'`
			`# Set this to cache your build results in cachix for faster builds`
			`# in CI and for everyone who uses your cache.`
			`#`
			`# Format: Your cachix cache host name without the ".cachix.org" suffix.`
			`# Example: mycache (for mycache.cachix.org)`
			`#`
			`# For this to work, you also need to set the CACHIX_SIGNING_KEY secret`
			`# in your repository settings in Github found at https://github.com/<your_githubname>/nur-packages/settings/secrets`
			`cachixName:`
			`- '<YOUR_CACHIX_NAME>'`
			`nixPath:`
			`- nixpkgs=channel:nixos-unstable`
			`- nixpkgs=channel:nixpkgs-unstable`
			`- nixpkgs=channel:nixos-21.05`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Checkout repository`
			`uses: actions/checkout@v2.3.4`
			`- name: Install nix`
			`uses: cachix/install-nix-action@v13`
			`with:`
			`nix_path: "${{ matrix.nixPath }}"`
			`- name: Show nixpkgs version`
			`run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'`
			`- name: Setup cachix`
			`uses: cachix/cachix-action@v10`
			`if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' }}`
			`with:`
			`name: ${{ matrix.cachixName }}`
			`signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'`
			`- name: Check evaluation`
			`run: \|`
			`nix-env -f . -qa \* --meta --xml \`
			`--allowed-uris https://static.rust-lang.org \`
			`--option restrict-eval true \`
			`--option allow-import-from-derivation true \`
			`--drv-path --show-trace \`
			`-I nixpkgs=$(nix-instantiate --find-file nixpkgs) \`
			`-I $PWD`
			`- name: Build nix packages`
			`# TODO switch to default nixpkgs channel once nix-build-uncached 1.0.0 is in stable`
			`run: nix run -I 'nixpkgs=channel:nixos-unstable' nixpkgs.nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs`
			`- name: Trigger NUR update`
			`if: ${{ matrix.nurRepo != <YOUR_NUR_REPO>' }}`
			`run: curl -XPOST "https://nur-update.herokuapp.com/update?repo=${{ matrix.nurRepo }}"`
			`#+end_src`