|
| 1 | +--- |
| 2 | +title: Azure Spring Cloud CI/CD with GitHub Actions |
| 3 | +description: How to build up CI/CD workflow for Azure Spring Cloud with GitHub Actions |
| 4 | +author: MikeDodaro |
| 5 | +ms.author: barbkess |
| 6 | +ms.service: spring-cloud |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 01/15/2019 |
| 9 | +--- |
| 10 | +# Azure Spring Cloud CI/CD with GitHub Actions |
| 11 | + |
| 12 | +GitHub Actions support an automated software development lifecycle workflow. With GitHub Actions for Azure Spring Cloud you can create workflows in your repository to build, test, package, release, and deploy to Azure. |
| 13 | + |
| 14 | +## Prerequisites |
| 15 | +This example requires the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest). |
| 16 | + |
| 17 | +## Set up GitHub repository and authenticate |
| 18 | +You need an Azure service principle credential to authorize Azure login action. To get an Azure credential, execute the following commands on your local machine: |
| 19 | +``` |
| 20 | +az login |
| 21 | +az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID> --sdk-auth |
| 22 | +``` |
| 23 | +To access to a specific resource group, you can reduce the scope: |
| 24 | +``` |
| 25 | +az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP> --sdk-auth |
| 26 | +``` |
| 27 | +The command should output a JSON object: |
| 28 | +```JSON |
| 29 | +{ |
| 30 | + "clientId": "<GUID>", |
| 31 | + "clientSecret": "<GUID>", |
| 32 | + "subscriptionId": "<GUID>", |
| 33 | + "tenantId": "<GUID>", |
| 34 | + ... |
| 35 | +} |
| 36 | +``` |
| 37 | + |
| 38 | +This example uses the [Piggy Metrics](https://github.com/Azure-Samples/piggymetrics) sample on GitHub. Fork the sample, open GitHub repository page, and click **Settings** tab. Open **Secrets** menu, and click **Add a new secret**: |
| 39 | + |
| 40 | +  |
| 41 | + |
| 42 | +Set the secret name to `AZURE_CREDENTIALS` and its value to the JSON string that you found under the heading *Set up your GitHub repository and authenticate*. |
| 43 | + |
| 44 | +  |
| 45 | + |
| 46 | +You can also get the Azure login credential from Key Vault in GitHub actions as explained in [Authenticate Azure Spring with Key Vault in GitHub Actions](./spring-cloud-github-actions-key-vault.md). |
| 47 | + |
| 48 | +## Provision service instance |
| 49 | +To provision your Azure Spring Cloud service instance, run the following commands using the Azure CLI. |
| 50 | +``` |
| 51 | +az extension add --name spring-cloud |
| 52 | +az group create --location eastus --name <resource group name> |
| 53 | +az spring-cloud create -n <service instance name> -g <resource group name> |
| 54 | +az spring-cloud config-server git set -n <service instance name> --uri https://github.com/xxx/piggymetrics --label config |
| 55 | +``` |
| 56 | +## Build the workflow |
| 57 | +The workflow is defined using the following options. |
| 58 | + |
| 59 | +### Prepare for deployment with Azure CLI |
| 60 | +The command `az spring-cloud app create` is currently not idempotent. We recommend this workflow on existing Azure Spring Cloud apps and instances. |
| 61 | + |
| 62 | +Use the following Azure CLI commands for preparation: |
| 63 | +``` |
| 64 | +az configure --defaults group=<service group name> |
| 65 | +az configure --defaults spring-cloud=<service instance name> |
| 66 | +az spring-cloud app create --name gateway |
| 67 | +az spring-cloud app create --name auth-service |
| 68 | +az spring-cloud app create --name account-service |
| 69 | +``` |
| 70 | + |
| 71 | +### Deploy with Azure CLI directly |
| 72 | +Create the `.github/workflow/main.yml` file in the repository: |
| 73 | + |
| 74 | +``` |
| 75 | +name: AzureSpringCloud |
| 76 | +
|
| 77 | +env: |
| 78 | + GROUP: <resource group name> |
| 79 | + SERVICE_NAME: <service instance name> |
| 80 | +
|
| 81 | +jobs: |
| 82 | + build-and-deploy: |
| 83 | + runs-on: ubuntu-latest |
| 84 | + steps: |
| 85 | + |
| 86 | + - uses: actions/checkout@master |
| 87 | + |
| 88 | + - name: Set up JDK 1.8 |
| 89 | + uses: actions/setup-java@v1 |
| 90 | + with: |
| 91 | + java-version: 1.8 |
| 92 | + |
| 93 | + - name: maven build, clean |
| 94 | + run: | |
| 95 | + mvn clean package -D skipTests |
| 96 | + |
| 97 | + - name: Azure Login |
| 98 | + uses: azure/login@v1 |
| 99 | + with: |
| 100 | + creds: ${{ secrets.AZURE_CREDENTIALS }} |
| 101 | + |
| 102 | + - name: Install ASC AZ extension |
| 103 | + run: az extension add --name spring-cloud |
| 104 | + |
| 105 | + - name: Deploy with AZ CLI commands |
| 106 | + run: | |
| 107 | + az configure --defaults group=$GROUP |
| 108 | + az configure --defaults spring-cloud=$SERVICE_NAME |
| 109 | + az spring-cloud app deploy -n gateway --jar-path ${{ github.workspace }}/gateway/target/gateway.jar |
| 110 | + az spring-cloud app deploy -n account-service --jar-path ${{ github.workspace }}/account-service/target/account-service.jar |
| 111 | + az spring-cloud app deploy -n auth-service --jar-path ${{ github.workspace }}/auth-service/target/auth-service.jar |
| 112 | +``` |
| 113 | +### Deploy with Azure CLI action |
| 114 | +The az `run` command will use the latest version of Azure CLI. If there are breaking changes, you can also use a specific version of Azure CLI with azure/CLI `action`. |
| 115 | + |
| 116 | +> [!Note] |
| 117 | +> This command will run in a new container, so `env` will not work, and cross action file access may have extra restrictions. |
| 118 | +
|
| 119 | +Create the .github/workflow/main.yml file in the repository: |
| 120 | +``` |
| 121 | +name: AzureSpringCloud |
| 122 | +
|
| 123 | +jobs: |
| 124 | + build-and-deploy: |
| 125 | + runs-on: ubuntu-latest |
| 126 | + steps: |
| 127 | + |
| 128 | + - uses: actions/checkout@master |
| 129 | + |
| 130 | + - name: Set up JDK 1.8 |
| 131 | + uses: actions/setup-java@v1 |
| 132 | + with: |
| 133 | + java-version: 1.8 |
| 134 | + |
| 135 | + - name: maven build, clean |
| 136 | + run: | |
| 137 | + mvn clean package -D skipTests |
| 138 | + |
| 139 | + - name: Azure Login |
| 140 | + uses: azure/login@v1 |
| 141 | + with: |
| 142 | + creds: ${{ secrets.AZURE_CREDENTIALS }} |
| 143 | + |
| 144 | + - name: Azure CLI script |
| 145 | + uses: azure/CLI@v1 |
| 146 | + with: |
| 147 | + azcliversion: 2.0.75 |
| 148 | + inlineScript: | |
| 149 | + az extension add --name spring-cloud |
| 150 | + az configure --defaults group=<service group name> |
| 151 | + az configure --defaults spring-cloud=<service instance name> |
| 152 | + az spring-cloud app deploy -n gateway --jar-path $GITHUB_WORKSPACE/gateway/target/gateway.jar |
| 153 | + az spring-cloud app deploy -n account-service --jar-path $GITHUB_WORKSPACE/account-service/target/account-service.jar |
| 154 | + az spring-cloud app deploy -n auth-service --jar-path $GITHUB_WORKSPACE/auth-service/target/auth-service.jar |
| 155 | +``` |
| 156 | + |
| 157 | +## Deploy with Maven Plugin |
| 158 | +Another option is to use the [Maven Plugin](https://docs.microsoft.com/azure/spring-cloud/spring-cloud-quickstart-launch-app-maven) for deploying the Jar and updating App settings. The command `mvn azure-spring-cloud:deploy` is idempotent and will automatically create Apps if needed. You don't need to create corresponding apps in advance. |
| 159 | + |
| 160 | +``` |
| 161 | +name: AzureSpringCloud |
| 162 | +
|
| 163 | +jobs: |
| 164 | + build-and-deploy: |
| 165 | + runs-on: ubuntu-latest |
| 166 | + steps: |
| 167 | + |
| 168 | + - uses: actions/checkout@master |
| 169 | + |
| 170 | + - name: Set up JDK 1.8 |
| 171 | + uses: actions/setup-java@v1 |
| 172 | + with: |
| 173 | + java-version: 1.8 |
| 174 | + |
| 175 | + - name: maven build, clean |
| 176 | + run: | |
| 177 | + mvn clean package -D skipTests |
| 178 | + |
| 179 | + # Maven plugin can cosume this authentication method automatically |
| 180 | + - name: Azure Login |
| 181 | + uses: azure/login@v1 |
| 182 | + with: |
| 183 | + creds: ${{ secrets.AZURE_CREDENTIALS }} |
| 184 | + |
| 185 | + # Maven deploy, make sure you have correct configurations in your pom.xml |
| 186 | + - name: deploy to Azure Spring Cloud using Maven |
| 187 | + run: | |
| 188 | + mvn azure-spring-cloud:deploy |
| 189 | +``` |
| 190 | + |
| 191 | +## Run the workflow |
| 192 | +GitHub **Actions** should be enabled automatically after you push `.github/workflow/main.yml` to GitHub. The action will be triggered when you push a new commit. If you create this file in the browser, your action should have already run. |
| 193 | + |
| 194 | +To verify that the action has been enabled, click **Actions** tab on the GitHub repository page: |
| 195 | + |
| 196 | +  |
| 197 | + |
| 198 | +If your action runs in error, for example, if you haven't set the Azure credential, you can rerun checks after fixing the error. On the GitHub repository page, click **Actions**, select the specific workflow task, and then click the **Rerun checks** button to rerun checks: |
| 199 | + |
| 200 | +  |
| 201 | + |
| 202 | +## Next steps |
| 203 | +* [Key Vault for Spring Cloud GitHub actions](./spring-cloud-github-actions-key-vault.md) |
| 204 | +* [Azure Active Directory service principals](https://docs.microsoft.com/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac) |
| 205 | +* [GitHub Actions for Azure](https://github.com/Azure/actions/) |
0 commit comments