GitHub Actions CI/CD
Deze pagina beschrijft de implementatie en best practices van GitHub Actions binnen het HappyHorizon DevOps platform. Je vindt hier uitleg over workflows, secrets, deployment en troubleshooting.
Overzicht Pipeline
| Stap |
Doel |
| Code commit & push |
Automatische workflow trigger |
| CI |
Tests, linting, build |
| Container build |
Docker images, multi-stage builds |
| Registry |
Publicatie naar GHCR, image signing |
| ArgoCD deployment |
Manifest synchronisatie, health checks |
Workflow Configuratie
Basisstructuur
Workflows worden gedefinieerd in YAML in .github/workflows:
name: CI/CD Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build
run: make build
Environment Configuratie
name: Deploy
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- name: Configure credentials
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS }}
Secrets Management
| Type |
Voorbeelden |
| Deployment |
Registry, cluster, ArgoCD tokens |
| Build |
NPM tokens, code signing |
| Runtime |
Database credentials, API keys |
- Gebruik
${{ secrets.SECRET_NAME }}
- Scopes: repository, environment, organization
ArgoCD Integratie
- ArgoCD monitort Git repositories
- Manifests in Git definiƫren gewenste staat
- Automatische synchronisatie bij wijzigingen
Deployment Strategie
- Blue/Green deployment
- Zero-downtime switches
- Rollbacks via ArgoCD of Git
Best Practices
- Gebruik secrets voor gevoelige data
- Implementeer minimale permissies
- Scan dependencies op kwetsbaarheden
- Optimaliseer build caching
- Parallelliseer jobs
- Documenteer workflow dependencies
- Monitor workflow executietijden
Workflow Templates
Container Build & Push
name: Container Build
on:
push:
branches: [ development ]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- name: Login to Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
Kubernetes Deployment
name: Deploy to Kubernetes
on:
workflow_run:
workflows: ["Container Build"]
types:
- completed
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure Kubernetes
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: production
location: europe-west4
- name: Deploy
run: kubectl apply -f k8s/
Monitoring & Observability
| Metric |
Beschrijving |
| Success Rate |
Percentage succesvolle runs |
| Duration |
Gemiddelde executietijd |
| Resource Usage |
CPU/Memory verbruik |
| Cost |
Workflow kosten |
Troubleshooting
| Issue |
Oplossing |
| Build Failure |
Controleer dependencies/logs |
| Deployment Error |
Verifieer credentials/permissions |
| Timeout |
Optimaliseer workflow stappen |
Debug Logging
env:
ACTIONS_RUNNER_DEBUG: true
ACTIONS_STEP_DEBUG: true
Gerelateerde Documentatie
Externe Bronnen