1. Introduction to GitHub Actions
GitHub is the most widely embraced repository platform for software developers and open source communities. Large enterprises and individual developers use the GitHub platform to keep versioned source code. GitHub can be integrated with Azure Pipelines and other CI/CD (continuous integration and continuous deployment) tools to provide software delivery automation. Instead of using third-party integrations for GitHub repositories, you can now use GitHub Actions as workflows to implement CI/CD pipelines.
This chapter briefly explores CI/CD to help you understand why software delivery automation is vital for software development teams to succeed and be competitive. It also introduces GitHub Actions’ basic concepts to prepare you for the upcoming chapters in the book. In software development, multiple team members develop code and contribute to creating the software’s functionality. When multiple people contribute to a code base, it is important to maintain its integrity and ensure that any team member can retrieve the latest version and build and run it locally. Two important aspects should be maintained to assure the code base's stability. The first aspect is to ensure that the code is compiling without errors. The second aspect is to ensure that all unit tests validating code behavior pass, including the latest code changes, at a very high percentage. Continuous integration Checking for code security vulnerabilities can be integrated into the build pipeline to improve a project/product’s security. The quality of the code can be validated in a build pipeline. Early detection of security vulnerabilities and code quality issues with a shift-left approach reduces costs in the long run because a vulnerability detected during production is costly to fix.
Development teams produce software in short cycles in modern, agile software development approaches. One of the biggest challenges is ensuring a software release’s reliability in target environments. A straightforward and reusable deployment process is essential in reducing the cost, time, and risks of delivering software changes, including incremental updates to an application in production. In a nutshell, continuous delivery ensures that software changes are delivered more frequently and reliably. DevOps has evolved as a product of continuous delivery. Continuous delivery vs. deployment
Software delivery automation involves a few processes. Code compilation validation, code stability, quality, and security are covered in continuous integration. Integration and functional test automation verify that business needs are being met in software systems. Release or deployment automation delivers and manages deployment configurations automatically. Using infrastructure as code (IaC) and deploying infrastructure with automated pipelines offers a dynamic provisioning environment to a software team, essentially facilitating the agile process and enhancing the DevOps team’s capabilities. Cost of bugs Automated testing vs. manual testing Automating deployment and testing processes while identifying security and other software vulnerabilities with a shift-left approach is vital. Detecting vulnerabilities as early as possible (on the left side of process flow if possible) costs less money than to fix them. GitHub Actions are a set of actions in a GitHub repository workflow. These actions allow you to customize and execute software development workflows. You can create actions or utilize existing actions and create and customize workflows to perform any job or automate software development life cycle processes, including CI/CD. Actions are individual tasks that can be combined to create a workflow. A workflow is one or more automated jobs with actions configured in a YAML file that can be stored in your GitHub repo. Let’s discuss each key concept in more detail. The smallest building block of a workflow is an action, which can be identified as an individual task. These tasks or steps can be combined to create a job that can be executed in a workflow. Existing actions from the marketplace can create jobs and workflows, and you can customize or create your own actions. An action must be used as a step in a job to be used in a workflow. You need to combine actions into a job to make up a workflow that can check out a repository, and build and publish artifacts. The files generated when you build your software project or test your software project are artifacts. Artifacts may contain the binary packages required to deploy your software and any support files, such as configurations or infra-scripts required for deployment activities. Artifacts can be created in one job and used in another job for deployment actions in a workflow. An event triggers a workflow in GitHub Actions. Once a code change is pushed, or a pull request is made, an event can be set up in GitHub Actions to trigger the workflow. You can configure external triggers using a repository dispatch webhook. You can also use many other webhooks, such as deployment, workflow dispatch, and check runs. Hosted runners are machines similar to hosted agents in Azure DevOps pipelines. They are supported in Windows, Linux, and macOS. These machines are preinstalled with commonly used software. You cannot customize a hosted runner’s hardware configuration. A GitHub-hosted runner virtual environment contains hardware configuration, operating system, and installed software information. You can find installed software and OS information at https://github.com/actions/virtual-environments/tree/main/images. A job is a set of steps set up to run in a single runner. A job can comprise one or more actions. Jobs can run in parallel in a single workflow, and you can set up dependencies to run jobs sequentially. A dependent job will not run if the dependencies fail. Each job in a workflow runs in a fresh instance of a runner. A job should specify the runner’s OS and the version. You can set up a self-hosted runner on a virtual or physical machine and connect it to a GitHub repo to run your jobs. Self-hosted runners are useful when you have special hardware configurations or software requirements for building your applications or running your jobs. Self-hosted runners are discussed more in Chapter 6. A task that is an action or a command is identified as a step. All steps in a job run in the same runner. The file system’s information is shared with multiple steps (actions and commands) in a single job. In a GitHub repo, the process set up in a YAML file defining the build, test, package, or deployment jobs is called a workflow. A workflow is scheduled to run based on triggers/events, similar to Azure DevOps builds and releases. A workflow may contain one or more jobs set up to run sequentially or in parallel, depending on the requirements. The YAML file stored in the github/workflows/ folder in your GitHub repository is a workflow file. The workflow file is defined with the workflow, which runs based on the events. A workflow executes based on the preconfigured triggers/events. A workflow run is similar to a build or release pipeline run in Azure DevOps. Logs tell you about failed jobs or successful job activities. Each workflow runs logs for the jobs and actions or commands executed. This chapter looked at CI/CD concepts and the importance of automation in the software delivery process. It explored a few important key concepts in GitHub Actions to set the stage for the rest of the chapters in this book. The next chapter starts using GitHub Actions by looking at preconfigured workflow templates and marketplace actions. You create a GitHub Actions workflow to build a .NET Core application. You learned about the structure of a workflow in this chapter and set up continuous integration with GitHub Actions in the next chapter.Continuous Integration and Continuous Delivery
Importance of Software Delivery Automation
Introduction to GitHub Actions
Action
Artifacts
Event
GitHub-Hosted Runners
Job
Self-Hosted Runner
Step
Workflow
Workflow File
Workflow Run
Summary