The author | | yao jing source alibaba cloud native public number

According to the Survey report on The Status of DevOps in China (2020) issued by China Information And Communication Institute, 63% of enterprises have implemented DevOps, and adopted the continuous delivery pipeline to get through the development, testing, deployment, and operation and maintenance. However, 20% of enterprises still feedback that the practice of DevOps is complicated, self-built Jenkins need self-deployment and plug-in operation and maintenance, and saas-based CI/CD tools are cumbersome to configure, so we hope to have more lightweight and convenient tools to speed up the implementation of their transformation.

At present, Aliyun and GitHub jointly released GitHub Action Workflow for rapid deployment to Aliyun ACK. It is no longer necessary to build CI/CD tools for deployment and maintenance. Based on GitHub Action and Ali Cloud deployment template out of the box, it can realize the process of automatic application packaging and construction, uploading Ali Cloud container image service ACR and rapid deployment to Ali Cloud container service ACK after GitHub code changes. In this article, GitHub Action, Aliyun container service and practical Demo will give you a detailed introduction.

Figure 1-Github Action Support aliyun deployment template

GitHub and Aliyun jointly publish GitHub Action Workflow

1. About GitHub Acticon

Figure 2 – GitHub Action home page

GitHub Action is a built-in continuous integration tool that GitHub launched in October 2018 to simplify the process of automating build, test, and deployment. GitHub Actions encapsulate continuous integration atomic operations into Actions, and then assemble multiple Actions into reusable templates based on Workflow process definitions. GitHub Actions are automatically triggered to execute Actions after GitHub events are updated.

GitHub Action has the following features:

  • Out of the box: GitHub Action is a SaaS hosting service that can be specified to perform tasks within the GitHub VM or container to ensure flexible capacity expansion during peak hours. At the same time, you can also add machines hosted on the cloud or IDC to perform tasks, and customize the environment for task execution.

  • Flexible and convenient: Supports Linux, macOS, and Windows platforms, VMS, and containers. Support node.js, Python, Java, Ruby, PHP, Go, Rust,.net and other languages and frameworks. Support matrix construction, realize multi-platform and multi-environment parallel compatibility testing, improve the integration efficiency of software testing.

  • Quota free: GitHub Action is free for open repository and self-hosted Runner, and for other GitHub specifications, there are free storage and task running time, if the excess amount is charged, specific charging information: t.tb.cn/69r7pJmDOlT… .

  • Open ecology: GitHub actions are written using YAML scripts, which can be edited and reused like snippets of code. GitHub Action Marketplace also provides cloud vendor certification and third-party GitHub Action templates that you can use directly or re-customize.

The core concept of GitHub Action is divided into the following four parts:

  • Workflow: A continuous integration run based on the repository, which can be set to be timed or triggered by GitHub events. The Workflow file is defined in YAML format and stored in the.github/workflows directory of the repository. A repository can have multiple workflows. GitHub identifies a.yaml file in the directory and executes these workflows in parallel.

  • Job: A Workflow consists of multiple jobs. By default, jobs are executed concurrently. You can also set jobs to be executed sequentially to implement Workflow with logical dependencies.

  • Step: A Job consists of multiple steps. Steps of the same Job are executed on the same Runner to ensure environment and data sharing.

  • Action: A Step consists of multiple actions. Actions are a separate set of commands, defined based on YAML code, that developers can edit, reuse, and share as code.

Here is a simple GitHub Action Workflow example that defines a Job consisting of two steps. The first Step reuses the community’s Actions /checkout@v2 template to perform a check-out of the current code base, while the second Step executes the Bash command directly.

name: Greeting on: push jobs: my-job: name: My Job runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Greeting run: | echo 'Welcome to Alibaba Cloud! 'Copy the code

GitHub Action Worflow, jointly released by GitHub and Aliyun, defines multiple steps and supports rapid construction and deployment to Aliyun container service ACK. For details about Workflow definitions, see t.tb.cn/60eKsjLUTOK… .

2. Ali Cloud container service

If GitHub Action is the Swiss Army knife of DevOps practice, then Ali Cloud container service is the best interface of native DevOps of Landing cloud, with rich functions and convenient and easy to use. Alibaba Cloud Container Service for Kubernetes (ACK Cloud Container Service for Kubernetes) is one of the first Service platforms in the world to pass the Kubernetes consistency certification, providing high-performance Container application management services. Support life cycle management of enterprise Kubernetes containerized applications. As a core containerization infrastructure in Alibaba Group, ACK has rich application scenarios and experience accumulation, including e-commerce, real-time audio and video, database, message middleware, artificial intelligence and other scenarios, supporting a wide range of internal and external customers’ Double 11 activities. At the same time, container service integrates ali’s experience and capabilities in various large-scale scenarios into the product, which is open to public cloud customers, enhancing richer functions and more prominent stability. Container service has maintained the no.1 domestic container market share for many consecutive years.

Figure 3 – Ali Cloud Container service product family

In the area of application management, Ali Cloud further enhances reliability, security and offers Kubernetes Cluster-ACK Pro version of compensable SLA, in line with Ali’s large-scale practices and enterprises’ rich production practices. ACK Pro cluster is a cluster type developed on the basis of the original ACK managed cluster, inheriting all the advantages of the original managed cluster, such as Master node hosting, Master node high availability and so on. At the same time, compared with the original managed version, it further improves the reliability, security and scheduling performance of the cluster, and supports the SLA of compensation standard, which is suitable for the enterprise customers with large-scale business in the production environment and high requirements for stability and security.

In the field of application product management, Ali Cloud launched ACR EE, the enterprise version of container image service, for enterprise customers with high security and performance requirements, providing the first enterprise-level service with exclusive instances of public cloud. In addition to supporting multiple architecture container images, ACR EE also supports multiple versions of Helm Chart, Operator and other OCI compliant products hosting. In terms of security governance, ACR EE provides multi-dimensional security guarantees such as network access control, security scanning, image signing, and security audit, helping enterprises upgrade from DevOps to DevSecOps. In global distribution acceleration scenarios, ACR EE optimizes network links and scheduling policies to ensure stable cross-sea synchronization success rates. In large-scale image distribution scenarios, THE ACR EE supports on-demand loading, exempting image data from full download and decompressing online, reducing the average container startup time by 60%. At present, many enterprise production environment models use ACR EE to ensure the secure hosting and efficient distribution of cloud native application products for enterprise customers.

If you have any questions about the use of container image, please click to fill in the questionnaire. We will randomly select 10 participants and give them ACR EE coupons for Ali Cloud Container Image Service (Enterprise version).

Build cloud-native DevOps practices based on GitHub Action + ACK

The following will be based on GitHub Action demonstration, how to package a simple Nginx application into a container image, hosted to Ali Cloud container image service ACR, and then automatically deployed to Ali Cloud container image service ACK, quickly and easily achieve CI/CD process. GitHub Action Demo address: yli16.cn/LAZxC. You can update the corresponding Yaml file to customize service scenarios.

Figure 4 – DevOps process based on GitHub Action

1. Prepare

  • Open ali Cloud container image service ACR, create namespace and image warehouse, refer to the document. If you have strong security and high performance distribution requirements, it is recommended to use the ACR EE Enterprise Edition example, refer to the documentation.

  • Open ali Cloud container service ACK, create a cluster on ACK, refer to the document. If you have strong security and high performance requirements, ACK PRO is recommended, refer to the documentation.

  • Open GitHub and create the repository. There are business codes in the repository and Yaml template for application deployment. Please refer to the code example.

2. Practice

1) Create Workflow

In the GitHub repository, click on the Actions Tab page to see the recommended workflows based on the current GitHub project content, and select the Workflows template to deploy to aliyun ACK.

Figure 5 – Actions built into the GitHub repository

Figure 6 – Select Workflow to deploy to Aliyun ACK

GitHub Action creates the alibabacloud.yml file in the repository. GitHub /workflows directory by default. Define a listening code Release event in a YAML file that automatically triggers the subsequent integration deployment process once the event occurs. You can also search for actions in the market on the right and customize Action steps in the Job.

2) Update variable information in Workflow

Env environment variables are defined in Workflow. You need to update information about the region, container image service, and container service cluster based on the actual situation. ACCESS_KEY_ID and ACCESS_KEY_SECRET define ali Cloud account AK information, which needs to be set in ciphertext in the corresponding Secrets of the warehouse.

Figure 7 – Update the corresponding environment variable in Worflow

Figure 8 – Update Secrets information

3) Automatic deployment

By default, GitHub Action is automatically triggered when a Release is released after the configuration is complete. Click the Actions button to see the corresponding task execution history and details. The entire workflow is executed sequentially, terminating if one of the tasks fails. After the container image is pushed to the ACR, if a high-risk security vulnerability is found, the subsequent container deployment to THE ACK process is cancelled immediately. When the build, security scan, and deployment processes are complete, an Nginx service is generated on ACK based on the new container image. Security risk identification and decision making are built into the whole link to practice a safe and efficient DevSecOps process.

Figure 9 – Workflow Execution history

4)

You can find the Action task template you need to implement your custom Workflow on GitHub Action Marketplace. At present, GitHub Action has rich Action templates, covering multiple language code dependency, code integration, code quality and many other scenarios. You can quickly build a Workflow matrix based on the template that supports multiple operating systems and multi-language frameworks, and test multiple versions of a project in parallel.

Figure 10 – GitHub Action Marketplace

Guide the new path of landing DevOps in cloud native era

Compared to traditional Jenkins tools, GitHub Action is a SaaS hosted service that requires no deployment or plug-in operation. Simply define or reuse the official Workflow for a convenient CI/CD scenario. GitHub Action is a GitHub native tool with better integration and flexibility than Travis CI /Circle CI, and has a richer Action Marketplace ecosystem. Workflow is easy to reuse and customize.

Now GitHub Action also has built-in support for automatic construction push Ali cloud container image service ACR, automatic deployment Of Ali Cloud container service ACK Workflow, guiding the new path of DevOps in the cloud native era. We hope to help more enterprises enjoy the bonus of cloud native technology and accelerate the completion of enterprise digital transformation and architecture upgrade.

Click to participate in the questionnaire, it is possible to get Aliyun Container image service (enterprise version) ACR EE coupon!