Combine GitHub Actions with FluxCD

I started my hobby project SausLink( a tinyURL like URL shortener ) a while ago, as it was really boring during covid lockdowns. The web app itself isn’t anything cutting-edge but I intended to implement full git-ops for this project.

For the CI pipeline, I chose GitHub Actions because it’s easy and also free for open source projects( for a limited builds per day ). The pipeline will be triggered by pushing to dev branch and will build a docker image and then tag it with a GitHub Actions job number. The last step will update the kustomize patch file to refer to the latest tag.

Here’s the pipeline definition along with my comments

# this is .github/workflows/dev.yaml
name: Build the dev image

on:
  push:
    branches: [ dev ]
  pull_request:
    branches: [ dev ]

jobs:
  build:
    runs-on: [ ubuntu-20.04 ]
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/[email protected]

      # save a tag like dev-123 to environment variable called build_number
      - name: build number
        run: |
          echo "build_number=dev-${GITHUB_RUN_ID}" >> $GITHUB_ENV

      # build the docker image and tag it with build_number
      - name: Docker build saus-gunicorn
        run: |
          docker build -t ghcr.io/raynix/saus:$build_number .

      # login to ghcr.io and push the docker image
      - name: Docker push
        run: |
          echo ${{ secrets.GHCR_PAT }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
          docker push ghcr.io/raynix/saus:$build_number

      # update the kustomize patch to use the latest tag, using sed command and regex capture
      - name: Update deployment version
        run: |
          sed -i -E "s|(image: ghcr.io/raynix/saus:).*|\1$build_number|g" .kustomize/dev.sausl.ink/patch.yaml

      # add an auto commit with the updated patch file, so the FluxCD can pick it up and deploy with the latest tag
      - name: Auto commit & push changes
        run: |
          git config --global user.name 'raynix Bot'
          git config --global user.email '[email protected]'
          git commit -am "Automated commit"
          git push

At the CD pipeline run by FluxCD v2, a Kustomization resource is defined as follow

---
# this is the definition of the git repo where the kustomize templates are located
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: saus-dev
  namespace: flux-system
spec:
  interval: 4m0s # check the repo every 4 minutes, don't be greedy
  ref:
    branch: dev # fixed to dev branch for dev environment
  url: https://github.com/raynix/saus.git

---
# this is the kustomization definition
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: saus-dev
  namespace: flux-system
spec:
  healthChecks:
  - kind: Deployment
    name: saus
    namespace: saus-dev
  interval: 4m0s # reconcile the deployment every 4 minutes
  path: .kustomize/dev.sausl.ink # directory where the main kustomization.yaml resides in
  prune: true
  sourceRef:
    kind: GitRepository
    name: saus-dev
  timeout: 2m0s
  validation: client
  force: true # force to re-deploy objects which have immutable fields such as jobs

For more FluxCD experiments please see my previous post here. The SausLink’s source code is here. Feel free to fork it and host your own URL shortener 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *