How We Use Centralized GitHub Actions Repository for Multiple Repositories
tl;dr Centralized Repository for Actions:
We created a designated repository named “actions” that contains all the actions used by our organization, ensuring easy maintenance and consistency across workflows and reducing duplications and overhead.
Why do we need a centralized GitHub Actions repository?
If you are using GitHub Actions in multiple repositories, you may have noticed that it can be challenging to maintain consistency across workflows. Each repository may have its own set of actions, making it difficult to enforce standards and best practices uniformly. Additionally, managing updates and changes across multiple repositories can be time-consuming and error-prone.
Brief Overview of GitHub Actions
GitHub Actions is a powerful CI/CD tool integrated directly into GitHub, allowing developers to automate workflows for building, testing, and deploying code. By streamlining the development process, GitHub Actions helps teams deliver software faster and more reliably. One of the key advantages of GitHub Actions is its proximity to our codebase. Since developers are already using GitHub for version control, having CI/CD capabilities within the same platform provides a seamless and efficient experience.
Why we Chose GitHub Actions
As DevOps experts, we requested to migrate our CI/CD pipelines to another tool. We previously used an old CI/CD tool that was difficult to maintain, especially when it came to managing the pipeline code. After evaluating our options, we found that GitHub Actions provided a much-needed improvement. The extensive community support and widespread usage made it easy to find resources and examples for our needs. For example, I can assume roles in AWS, control the runner environment, and more. Additionally, since we were already paying for GitHub enterprise plan, we benefited from the free resources included in our plan, making it a cost-effective solution. Most importantly, GitHub Actions offered a way to maintain pipeline code efficiently and robustly.
Implementation of a centralized GitHub Actions repository
Centralized Repository for Actions:
To streamline our implementation of GitHub Actions, we created a designated repository
named “actions” that contains all the actions used by our organization. This repository is accessible to all teams, ensuring everyone can leverage the same actions for consistency and efficiency.
Developing Composite Actions:
We focused on developing a variety of composite actions. We split it into two main groups, which I’ll elaborate on later. These composite actions encapsulate common tasks and processes, making it easy to reuse and adapt them across different projects.
Repository Structure:
Our actions repository is organized into two main directories:
Actions Directory:
This directory contains the tree of actions.yaml files. Each YAML file defines a specific action, outlining the steps and parameters required for execution. Within this directory, we have two main groups of actions: “workflow actions” and “component actions”. Teams in our organization are encouraged to use “workflow actions,” which are designed to be user-friendly and encapsulate common tasks. These “workflow actions” often include one or more “component actions,” which handle more granular tasks.
Scripts Directory:
The advantage of our scripts directory is its adherence to best practices in programming. By centralizing our Python and Bash scripts within one structured repository, we ensure high quality and maintainability. This approach allows us to write code once and reuse it across various actions and processes within our organization. Having everything in one place promotes consistency, simplifies maintenance, and enhances the overall efficiency of our CI/CD processes.
Integration Approach for GitHub Actions To effectively integrate and leverage GitHub Actions within our organization, we’ve adopted the streamlined approach detailed below:
– Integrating Workflow YAML Files: In each of our microservices repositories requiring CI/CD, we’ve incorporated workflow YAML files. These files adhere to our established convention for GitHub Actions setup. – Workflow File Structure Convention: Our convention mandates that each workflow file includes: – Essential configurations (on, env, name, permissions). A single job with one step.
Minimalist Workflow Example:
name: CI Workflow
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Run Workflow Action
uses: organization/actions/workflow-action@v1
Implementation Strategy
Our strategy focuses on simplicity and efficiency: – Lean Workflows: Each workflow is kept minimal, triggered by specific events like pushes to the main branch. – Centralized Actions: Remember the “workflow actions” we discussed earlier? This “workflow action” is the single step within the job. It pulls from our centralized actions repository. – Comprehensive Automation: This “workflow action” consolidates all necessary actions and scripts for the pipeline, ensuring comprehensive automation without unnecessary complexity.
Benefits:
– Clarity and Consistency:
Standardizing workflows promotes clarity and ensures consistent practices across projects.
– Resource Efficiency:
Centralized management of actions and scripts enhances reuse and simplifies maintenance.
– Scalability:
Easily scale workflows across multiple repositories while maintaining a uniform approach.
Limitations and Cons
– Splitted CI/CD Domain:
GitHub Actions decentralizes CI/CD workflows, with each repository managing its own workflows. This autonomy can lead to a fragmented setup, making it challenging to maintain consistency across numerous repositories. As the number of repositories grows, coordinating changes and updates across workflows becomes increasingly complex and time-consuming.
– Limited Control Over Workflow Files:
Workflow YAML files in GitHub Actions must reside within the repository they operate on, restricting centralized control and updates. This decentralized placement complicates enforcing global changes or updates uniformly across multiple repositories. To manage this, maintaining lean workflows with minimal configurations is necessary to mitigate complexity and ensure consistency.
– Challenges in Debugging and Logs Observability:
Debugging CI/CD pipelines and observing logs can be challenging in GitHub Actions, particularly when workflows span multiple repositories. The decentralized nature of workflows distributed across repositories complicates the ability to trace and diagnose issues comprehensively. Furthermore, the user interface for viewing logs and debugging individual actions within workflows can be less intuitive compared to other CI/CD tools.
– Difficulty in Managing Permissions and Security:
Ensuring robust security and managing permissions effectively across a decentralized CI/CD environment can be demanding. With workflows distributed across numerous repositories, enforcing consistent security practices and access controls becomes complex. DevOps engineers may encounter challenges in implementing standardized security measures and role-based access controls (RBAC) uniformly across all repositories.
Conclusion
In adopting GitHub Actions for our CI/CD workflows, we’ve embraced a transformative approach to software delivery that aligns seamlessly with our development practices. By leveraging GitHub’s platform, we’ve streamlined our processes, enhanced collaboration across teams, and ensured the reliability and efficiency of our software deployments. Key to our implementation has been the creation of a centralized repository for actions, housing meticulously crafted composite actions that encapsulate common tasks and processes. This centralized approach not only promotes consistency but also facilitates maintenance and scalability across our diverse project portfolio. Our journey with GitHub Actions began with the recognition of its community-driven support and integration capabilities, making it a natural choice for our CI/CD needs. Transitioning from legacy CI/CD tools to GitHub Actions has not only reduced complexity but also optimized resource utilization, leveraging our existing GitHub infrastructure to its fullest potential. Our experience with GitHub Actions underscores its pivotal role in modern software development. It empowers our teams to innovate rapidly, deliver reliably, and adapt confidently to evolving business requirements. As we continue to innovate and grow, GitHub Actions remains our trusted ally in achieving excellence in software delivery.