I want to deploy my app by using secrets in a "Production" environment.
I create a GitHub Action workflow for deployment. The workflow is triggered by push, and pull_request events on main branch. The workflow has a check_deploy job that uses Production environment secrets for check the eligibility for deployment.
When I create a pull request to main branch, the workflow is triggered and run. The job check_deploy should run successfully.
Because the job check_deploy uses Production, it is added to the deployment history, and I do not expect this behavior.
GitHub repository is the demo.
And this is my question "How to use secrets in the Github Environment without adding to the deployment history of this environment?"
Related
We are currently running a linter for each of our CI builds within GitHub PRs. This linter, though, requires a dbt manifest.json which we can only build when the full dbt schemas are available in the PR schema.
We currently need to manually re-trigger the action workflow after dbt Cloud Slim CI is finished, since we have the on trigger as follows:
on:
pull_request:
branches:
- main
types: [opened, reopened, ready_for_review, synchronize]
And, as mentioned, the manifest.json is not yet built at the moment when the PR is e.g. opened.
Is there any way that we can trigger the workflow only once the Slim CI job (that is triggered by dbt Cloud) is actually completed, and therefore the manifest.json already built?
I've come across on.check_run and on.status for Events that trigger workflows (see GH docs), but not sure whether these can be used since, as specified in the docs: "Note: This event will only trigger a workflow run if the workflow file is on the default branch."
Question Summary
Is it possible to have "Wait for CI to pass before deploy" enabled on Heroku and have it wait for CircleCI only, not any Github Actions?
Details
WE have a heroku setup linked to a github repository (not using the heroku git repo) which is set to automatically deploy from the default branch when CI (CircleCI) passes. On the github repo we have a job that runs SonarQube over the repository.
The CI job itself takes ~7 minutes, but the SonarQube job is longer, taking upwards of 15 minutes to run.
Our issue is that Heroku appears to be waiting for the GHA job to finish before running the automatic deployment, which is not what I want. Analysis is separate to tests passing.
Tried
Originally, the GHA job was set to autorun on pushes to master. We thought that might be the issue, so changed the setup so that the GHA job only runs on a repository action, which we then triggered from a job on CircleCI on pushes to master. So the CCI job runs to completion in seconds, leaving the GHA to run. Heroku is still waiting.
Ideas
It seems sensible to trigger the deploys from CircleCI jobs after the tests have all passed, but the APIs for heroku seem more focused on deploying by pushing to heroku repos, rather than triggering a build from a github repo.
Move completely to containerised builds rather than building on Heroku (longer term that's the plan, but we'd like to claw back the dead build time before that)
I have a Golang app running on Google Cloud App Engine that I can update manually with "gcloud app deploy" but I cannot figure out how to schedule automatic redeployments. I'm assuming I have to use cron.yaml, but then I'm confused about what url to use. Basically it's just a web app with one main index.html page with changing content, and I would like to schedule automatic redeployments... how do I have to go about that?
If you want to automatically re-deploy your app when the code changes, you need what's called CI/CD (Continuous integration/deployment). What a CI does is, for each new commit to your repository, check out the new code and run a test script. If all the tests pass (or if you don't have any tests at all), the CI server can then deploy your code to App Engine, all automatically.
One free (for open-source projects) CI provider is Travis CI. To configure it, you need to make an account with Travis, and a file called .travis.yml in the root of your repository. To set up App Engine deploys, you can follow this guide to set up a service account and add the encrypted file to your repo. It will run a gcloud app deploy from a container on their servers, whenever you push code to a certain branch (master by default) in your repo.
Another option, which avoids setting up CI at all, is to simply change your app to generate the dynamic parts of the page when it gets requested. Reading the documentation for html/template would point you in the right direction.
Background: I have a project deployed to heroku. The heroku app is connected with github so I can press the "deploy" button from heroku's web api to manually deploy a branch on github to heroku.
What I'm trying to do is build a slack bot that will let me accomplish that via a slack command. Ideally, there'd be some function on heroku's platform api like .deploy('my_app', 'some_branch_on_github), but I can't seem to find it.
The platform api's build feature is close. That function lets you provide the public url of a tarball that heroku will then deploy. However, my github repo isn't public, so that doesn't work. A private repo shouldn't be a problem, though, since heroku's already connected to my github repo.
TLDR: How can I programmatically tell Heroku to deploy my app from a private github it's connected to?
I got a response from Heroku's support team asking pretty much the same question. Their answer was that what I'm trying to do is not possible, but will be at some point (although not in the next few months, anyway).
They suggested that I could just use the undocumented web api used by heroku's own web console (a POST to an endpoint on kolkrabbi.heroku.com). They did warn that, as a private api, that's likely to change without warning.
As of April 2020, Heroku has integrated GitHub natively without recourse to any janky undocumented Icelandic endpoints.
When configured, Heroku can automatically build and release (if the build is successful) pushes to the specified GitHub repo.
Enabling GitHub integration
You can configure GitHub integration in the Deploy tab of apps in
the Heroku Dashboard.
To configure GitHub integration, you have to authenticate with GitHub.
You only have to do this once per Heroku account.
GitHub repo admin access is required for you to configure automatic
GitHub deploys. This is because Heroku has to register a service hook on
the GitHub repo, and this action requires admin access. For GitHub
organizations, your GitHub account will also need to be a member of the
organization and not an outside collaborator.
If your repo is in a GitHub organization that has third-party
application restrictions
enabled,
an organization admin needs to approve Heroku for use with the
organization. More details are available on
GitHub.
After you link your Heroku app to a GitHub repo, you can selectively
deploy from branches or configure auto-deploys.
Manual deploys
With manual deploys, you can create an immediate deployment of any
branch from the GitHub repo that’s connected to your app. Use manual
deploys if you want to control when changes are deployed to Heroku.
You can also use manual deploys to temporarily deploy a branch other
than the one that’s configured for automatic deployment. For example,
you might have a development app synced to the development GitHub
branch, but you temporarily want to test a feature branch. Simply
trigger a manual deploy of the feature branch to test it on the Heroku
app. Note that release of the feature branch is overwritten on the next
successful GitHub push to the development branch.
Automatic deploys
When you enable automatic deploys for a GitHub branch, Heroku builds and
deploys all pushes to that branch. If, for example, you have a
development app on Heroku, you can configure pushes to your GitHub
development branch to be automatically built and deployed to that app.
If you’ve configured your GitHub repo to use automated Continuous
Integration (with Travis CI, for example), you can check the “Wait for
CI to pass before deploy” checkbox. When enabled, Heroku will only
auto-deploy after all the commit statuses of the relevant commit show
success.
This commit won’t auto-deploy because one of the checks shows a
pending status:
This commit will auto-deploy because all of the checks show a status of
success:
Review apps
With review apps enabled for a Heroku app, Heroku will create temporary
test apps for each pull request that’s opened on the GitHub repo that’s
connected to the parent app. Review apps are great if you’re using
GitHub Flow to propose,
discuss, and merge changes to your code base. Because pull request
branches are deployed to new apps on Heroku, it’s very simple for you
and your collaborators to test and debug code branches. You can also run
automated integration tests on the Heroku app representing a GitHub
branch.
See the Review apps
article
for details.
Heroku CI
Once you’ve connected your GitHub repo to your Pipeline, you can turn on
Heroku CI, our
visual, low-configuration test runner that integrates easily with Heroku
Pipelines (and so complements Review apps, existing Heroku apps, and our
GitHub integrations). Any Heroku Pipeline is already Heroku CI ready –
just turn it on in the Pipeline’s Settings tab.
Links to diffs
For apps that are linked to GitHub repos, releases in the Dashboard
Activity tab will include a “View Diff” link. Following the link
will take you to the GitHub comparison view, showing the changes made
since the last release.
Disconnecting from GitHub
Terminate an obsolete GitHub connection, if necessary.
Disconnecting individual apps
Individual apps can be disconnected in the GitHub pane of the
Deploy tab for the app.
Disconnecting account
You can disconnect your Heroku and GitHub accounts in the Applications
pane on your Dashboard account
page.
My team and I were setting everything up so that Forge was in charge of deployment exclusively, while a CI cloud service would run unit/integration tests on each push to develop or master (staging or production, respectively).
Given the fact that Forge will trigger a deployment on each push to master (or any other branch), where does the CI server takes place in this model? Can I get a quick explanation of the workflow (and if possible an example CI cloud that would work with it)
Next to the auto deploy trigger Forge provides you a deploy-hook-url that can be called to trigger the deployment script. Usually the ci cloud service provides a way to customize the test/deployment process with some sort of bash scripts (curl) or gives an option to call an url after a successful run.
For example I used to use codeship for ci and they have an option in the settings called deployment where i could insert a custom script which calls the trigger url like curl -X GET https://forge.laravel.com/servers/xxx/sites/xxx/deploy/http?token=xxx
deactivate the aug-deploy trigger
customize the ci settings and call the forge-hook after successful run