From 3ade34d4261331c3dc6856331c7c11830a2e63ba Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Thu, 31 Oct 2019 16:12:59 +0100 Subject: [PATCH 01/31] small change --- config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/config.yml b/config.yml index c5b1e36..4f41775 100644 --- a/config.yml +++ b/config.yml @@ -266,7 +266,6 @@ steps: body: 12_merge.md event: APPROVE - # event: merge - title: Merge this pull request From 23b2ff1b679efcbc35af3bdd374efc661fbe8326 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 09:41:21 +0100 Subject: [PATCH 02/31] improve first instruction 01 --- responses/01_label-trigger.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/responses/01_label-trigger.md b/responses/01_label-trigger.md index f7510af..852e941 100644 --- a/responses/01_label-trigger.md +++ b/responses/01_label-trigger.md @@ -6,13 +6,33 @@ We will be working with Continuous Delivery. We will... - Use AWS configuration Before you start, you should... -- Introduction to GitHub -- Continuous Integration with GitHub Actions +- [Introduction to GitHub](https://lab.github.com/githubtraining/introduction-to-github) +- [Continuous Integration with GitHub Actions](https://lab.github.com/githubtraining/set-up-continuous-integration-with-github-actions) ### What is Continuous Delivery? -I'll tell ya! +According to [continuousdelivery.com](https://continuousdelivery.com/), + +> Continuous Delivery is the ability to get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way. + +A lot of things go into delivering "continuously". These things can range from culture and behavior to specific automation. In this course, we're going to focus on deployment automation. ## Step 1: Configure a trigger based on labels +During the `on` step, we define what should cause this workflow to run. In this case, we want the workflow to run whenever a label is applied to the pull request. + ### :keyboard: Activity: Configure the workflow trigger based on an a label being added + +1. Edit this file +2. Change the name of the directory `CHANGETHIS` to `workflows`, so the title of this file with the path is `.github/workflows/staging-workflow.yml` +3. Edit the contents of this file to trigger on a label + +Your result should look like this: + +```yml +name: Staging deployment + +on: + pull_request: + types: [labeled] +``` \ No newline at end of file From 278052b3f1efe67c0ed320260c75d77de86cb1bb Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 09:43:18 +0100 Subject: [PATCH 03/31] give the solution for step 2 --- responses/01_label-trigger.md | 5 +++++ responses/02_environment.md | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/responses/01_label-trigger.md b/responses/01_label-trigger.md index 852e941..4148fe6 100644 --- a/responses/01_label-trigger.md +++ b/responses/01_label-trigger.md @@ -35,4 +35,9 @@ name: Staging deployment on: pull_request: types: [labeled] + +jobs: + build: + if: contains(github.event.pull_request.labels.*.name, 'stage') + ``` \ No newline at end of file diff --git a/responses/02_environment.md b/responses/02_environment.md index 63faca3..3460654 100644 --- a/responses/02_environment.md +++ b/responses/02_environment.md @@ -4,4 +4,18 @@ We will be working with AWS for the deployment environment. AWS will do the work ## Step 2: Choose the environment for AWS -### :keyboard: Activity: Choose the Ubuntu environment for our app \ No newline at end of file +### :keyboard: Activity: Choose the Ubuntu environment for our app + +```yml +name: Staging deployment + +on: + pull_request: + types: [labeled] + +jobs: + build: + if: contains(github.event.pull_request.labels.*.name, 'stage') + + runs-on: ubuntu-latest +``` \ No newline at end of file From 5eba9090184b0d929a7840be4ed4295d4d1dc4d7 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 09:44:58 +0100 Subject: [PATCH 04/31] improve context for 02 --- responses/02_environment.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/responses/02_environment.md b/responses/02_environment.md index 3460654..fb068ad 100644 --- a/responses/02_environment.md +++ b/responses/02_environment.md @@ -1,9 +1,15 @@ # Choosing deployment environments -We will be working with AWS for the deployment environment. AWS will do the work of creating the environment, but first, we need to tell it what we need. That happens in the `environment` section of the workflow file. You have many options here, but for our purpose, we will be using a basic Ubuntu environment for our Node.js application. +We will be working with AWS for the deployment environment. AWS will do the work of creating the environment, but first, we need to tell it what we need. That happens in the `environment` section of the workflow file. + +### What are the options? + +You may want to choose a different environment based on your application. For example, if you are building an application to run on an Android phone, the environment may be X. If the app will be for a Mac, you may choose X. Options of environments may be.... ## Step 2: Choose the environment for AWS +For our `Node.js` application, we will be using a basic Ubuntu environment. + ### :keyboard: Activity: Choose the Ubuntu environment for our app ```yml From da96c6a0ecb4f4783e708e66fb1ae22bae186f7a Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 09:58:06 +0100 Subject: [PATCH 05/31] add template of correct answer for 3 --- responses/03_workflow-steps.md | 47 +++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/responses/03_workflow-steps.md b/responses/03_workflow-steps.md index 3c67edd..10910ca 100644 --- a/responses/03_workflow-steps.md +++ b/responses/03_workflow-steps.md @@ -4,4 +4,49 @@ So far, the workflow knows what the trigger is and what environment to run in. B ## Step 3: Write the steps for the staging workflow -### :keyboard: Activity: Write the steps for the staging deployment workflow \ No newline at end of file +### :keyboard: Activity: Write the steps for the staging deployment workflow + +```yml +name: Staging deployment + +on: + pull_request: + types: [labeled] + +jobs: + build: + if: contains(github.event.pull_request.labels.*.name, 'stage') + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + - name: npm install and build webpack + run: | + npm install + npm run build + - uses: actions/upload-artifact@master + with: + name: webpack artifacts + path: public/ + + deploy: + name: Deploy Node.js app to AWS + needs: build + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + + - name: Download built artifact + uses: actions/download-artifact@master + with: + name: webpack artifacts + path: public + + - name: Deploy to AWS + uses: docker://admiralawkbar/aws-nodejs:latest + env: + AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} +``` \ No newline at end of file From 7c5c32a360ba49333974761d33111e9ffb56f78a Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 09:59:03 +0100 Subject: [PATCH 06/31] we cant approve, we remove protections --- config.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/config.yml b/config.yml index 4f41775..8d1a1fd 100644 --- a/config.yml +++ b/config.yml @@ -75,12 +75,13 @@ steps: # We validate #- type: gate - # We approve - - type: createReview - event: APPROVE + # We remove branch protections + - type: removeBranchProtection + # Step 4: Merge the staging workflow # We tell the user to merge - body: 04_merge.md + - type: respond + with: 04_merge.md # event: merge - title: Merge the staging workflow From 02d48fa5aa3cd77fc39556e0a064ac4762a07c17 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:09:24 +0100 Subject: [PATCH 07/31] add base instructions for step 5 aws token confirmation --- responses/05_confirm-aws.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index 0c371a4..be3a1bc 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -3,3 +3,8 @@ ## Step 5: Confirm AWS configuration ### :keyboard: Activity: Create an AWS account by the following specifications, and confirm here. + +1. Go to AWS +2. Create a deploy token there +3. Add the tokens to this repository with the token name `AWS_SECRET_KEY` +4. Once you are done, confirm here by commenting anything in this pull request \ No newline at end of file From e6a224e293db63a8f5b2573d31256e03354f6a77 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:10:32 +0100 Subject: [PATCH 08/31] readd branch protections --- config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config.yml b/config.yml index 8d1a1fd..b565866 100644 --- a/config.yml +++ b/config.yml @@ -99,7 +99,9 @@ steps: right: closed - left: '%payload.pull_request.merged%' - + # we reprotect master for the next PR + - type: updateBranchProtection + # PART 2: AWS CONFIGURATION # Step 5: Confirm AWS configuration From 73b20260b353aade4ec84a8aa4cd6a36061bed59 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:11:52 +0100 Subject: [PATCH 09/31] put proper aws instructions into steps 5 and 6 --- responses/05_confirm-aws.md | 3 +-- responses/06_env-variables.md | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index be3a1bc..6f143a2 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -6,5 +6,4 @@ 1. Go to AWS 2. Create a deploy token there -3. Add the tokens to this repository with the token name `AWS_SECRET_KEY` -4. Once you are done, confirm here by commenting anything in this pull request \ No newline at end of file +3. Once you are done, confirm here by commenting anything in this pull request \ No newline at end of file diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index 30b15c0..f75f0a5 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -4,4 +4,5 @@ ### :keyboard: Activity: Enter your AWS environment variables in this repository -Then confirm you've done that by commenting. \ No newline at end of file +1. Add the tokens to this repository with the token name `AWS_SECRET_KEY` +2. Once you are done, confirm here by commenting anything in this pull request From 89aaf9b505f47ea91541193454090610411b979e Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:13:28 +0100 Subject: [PATCH 10/31] formally request the learner review --- config.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config.yml b/config.yml index b565866..eed53a9 100644 --- a/config.yml +++ b/config.yml @@ -101,7 +101,7 @@ steps: # we reprotect master for the next PR - type: updateBranchProtection - + # PART 2: AWS CONFIGURATION # Step 5: Confirm AWS configuration @@ -150,6 +150,10 @@ steps: - type: respond with: 07_approve.md + # we formally request their approval + - type: requestReviewFromRegistrant + pullRequest: Configure AWS + # event: approval - title: Approve pull request From 7505bfc322e6d6d6452d62fc688a575ef95acbee Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:16:27 +0100 Subject: [PATCH 11/31] add step so label already exists --- config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config.yml b/config.yml index eed53a9..90da68c 100644 --- a/config.yml +++ b/config.yml @@ -20,6 +20,12 @@ before: # production-deployment-workflow: with the workflow file stub for production deploy from merge # staging-test: with a small change to the app that can be seen in staging + # we create a staging label that will be used later to test + +- type: createLabel + name: stage + color: f87000 + # PART 1: STAGING WORKFLOW # Step 1: Configure a trigger based on labels From 85150e9b6f0eb3ad78116efb513c6ee3810ddea4 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:17:29 +0100 Subject: [PATCH 12/31] talk to the same subject of the sentence --- responses/08_deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/responses/08_deployment.md b/responses/08_deployment.md index 6793ac5..da6cba7 100644 --- a/responses/08_deployment.md +++ b/responses/08_deployment.md @@ -1,3 +1,3 @@ The deployment may take a few moments but you've done the right thing. Once the deployment is successful, you can move on to the next steps in the [next pull request]({{ url }}). -If you'd like to come back and merge this once their other workflow is done, they can. \ No newline at end of file +If you'd like to come back and merge this once their other workflow is done, you can. :tada: \ No newline at end of file From 5429bc0242e57ef3558a69da5ec8c26f6ceec57f Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:18:38 +0100 Subject: [PATCH 13/31] put answers into steps for prod workflow --- responses/09_merge-trigger.md | 11 +++++- responses/10_environment.md | 15 +++++++- responses/11_workflow-steps.md | 66 +++++++++++++++++++++++++++++++++- 3 files changed, 89 insertions(+), 3 deletions(-) diff --git a/responses/09_merge-trigger.md b/responses/09_merge-trigger.md index f5f99ff..1960fd6 100644 --- a/responses/09_merge-trigger.md +++ b/responses/09_merge-trigger.md @@ -4,4 +4,13 @@ For the deployment to production, the trigger will be a merge to master. ## Step 9: Write the production deployment trigger -### :keyboard: Activity: Write the production deployment trigger on merge to master \ No newline at end of file +### :keyboard: Activity: Write the production deployment trigger on merge to master + +```yml +name: Production deployment + +on: + push: + branches: + - master +``` \ No newline at end of file diff --git a/responses/10_environment.md b/responses/10_environment.md index 3956cfd..c8befda 100644 --- a/responses/10_environment.md +++ b/responses/10_environment.md @@ -4,4 +4,17 @@ Just like with the other workflow, we will need to specify an environment for AW ## Step 10: Choose the environment for AWS -### :keyboard: Choose an Ubuntu environment for the production deployment \ No newline at end of file +### :keyboard: Choose an Ubuntu environment for the production deployment + +```yml +name: Production deployment + +on: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest +``` \ No newline at end of file diff --git a/responses/11_workflow-steps.md b/responses/11_workflow-steps.md index 9c27462..0c4bddf 100644 --- a/responses/11_workflow-steps.md +++ b/responses/11_workflow-steps.md @@ -4,4 +4,68 @@ So far, the workflow knows what the trigger is and what environment to run in. B ## Step 11: Write the steps for the production workflow -### :keyboard: Activity: Write the steps for the production deployment workflow \ No newline at end of file +### :keyboard: Activity: Write the steps for the production deployment workflow + +```yml +name: Production deployment + +on: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + - name: npm install and build webpack + run: | + npm install + npm run build + - uses: actions/upload-artifact@master + with: + name: webpack artifacts + path: public/ + + deploy: + name: Deploy Node.js app to AWS + needs: build + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + + - name: Download built artifact + uses: actions/download-artifact@master + with: + name: webpack artifacts + path: public + + - name: Deploy to AWS + uses: docker://admiralawkbar/aws-nodejs:latest + env: + AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} + + Build-and-Push-Docker-Image: + runs-on: ubuntu-latest + needs: build + name: Docker Build, Tag, Push + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Download built artifact + uses: actions/download-artifact@master + with: + name: webpack artifacts + path: public + + - name: Build, Tag, Push + uses: mattdavis0351/actions/docker-gpr@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + image-name: tic-tac-toe +``` \ No newline at end of file From 3a8a730d7a8cb753a4b63ba9d4955f7d7df50596 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:19:48 +0100 Subject: [PATCH 14/31] in step 9 tell user to change directory name --- responses/09_merge-trigger.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/responses/09_merge-trigger.md b/responses/09_merge-trigger.md index 1960fd6..b8c75c2 100644 --- a/responses/09_merge-trigger.md +++ b/responses/09_merge-trigger.md @@ -6,6 +6,9 @@ For the deployment to production, the trigger will be a merge to master. ### :keyboard: Activity: Write the production deployment trigger on merge to master +1. First, change the `CHANGETHIS` directory to `workflows` +2. Make the file look like this + ```yml name: Production deployment From f90b1a8b6dfa8fa5d6fcb239bb838135b286c2b9 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:23:26 +0100 Subject: [PATCH 15/31] we cant approve our own prs --- config.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/config.yml b/config.yml index 90da68c..d17488a 100644 --- a/config.yml +++ b/config.yml @@ -25,7 +25,7 @@ before: - type: createLabel name: stage color: f87000 - + # PART 1: STAGING WORKFLOW # Step 1: Configure a trigger based on labels @@ -274,10 +274,12 @@ steps: # Step 12: Merge this pull request and test the production deployment workflow +# We remove branch protections + - type: removeBranchProtection + # We tell the user to merge, and that their merge will bring the action into `master`, and will also create a deployment into production - - type: createReview - body: 12_merge.md - event: APPROVE + - type: respond + with: 12_merge.md # event: merge From 546b20b5270e25940625c9e91fa0ca035ae4789a Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:55:38 +0100 Subject: [PATCH 16/31] add information about aws --- responses/05_confirm-aws.md | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index 6f143a2..46a61e5 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -1,9 +1,35 @@ # AWS Configuration +For deployment, we will be using AWS. + +### S3 Buckets + +### Access keys for IAM Users + +To automate the authentication, AWS recommends using a process called [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). By creating a specific key for a purpose or individual, specific scopes can be specified and access can be tracked. + +When you create an access key, the key pair is active by default, and you can use the pair right away. You will be adding the following two secrets to this repository: + +- **AWS_ACCESS**: This serves as the user identifying token. "Access key ID" +- **AWS_SECRET**: This represents the secret key value pair that's like a password. It's under "Secret access key". + ## Step 5: Confirm AWS configuration ### :keyboard: Activity: Create an AWS account by the following specifications, and confirm here. -1. Go to AWS -2. Create a deploy token there -3. Once you are done, confirm here by commenting anything in this pull request \ No newline at end of file +1. Create an account at [aws.amazon.com](https://aws.amazon.com/) + - _This requires credit card information. If you'd like to continue with the course without an AWS account, Learning Lab will still respond, but none of the deployments will work._ +2. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html) + - The region needs to be the same as what is specified in the `aws-config.yml` file in this pull request. :eyes: **For this exercise, choose us-west-2**. :eyes: If you'd like to choose another region, make sure to update the `aws-config.yml` file to match. +3. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ +4. In the navigation pane, choose **Users** +5. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab +6. In the Access keys section: + - Choose **Create access key** + - Then, choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer + - Store the file in a secure location + - ⚠️_You will not have access to the secret access key again after this dialog box closes_ + - After you download the CSV file, choose **Close** +7. Save the `AWS_ACCESS` token in the **Settings > Secrets** +8. Save the `AWS_SECRET` token in the **Settings > Secrets** +9. Once you are done, confirm here by commenting anything in this pull request From 4318fbaa06b60cc6c07ffe68b066d29164281e91 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 10:57:53 +0100 Subject: [PATCH 17/31] break up the aws steps differently --- config.yml | 6 +++--- responses/05_confirm-aws.md | 26 +++----------------------- responses/06_env-variables.md | 27 +++++++++++++++++++++++++-- 3 files changed, 31 insertions(+), 28 deletions(-) diff --git a/config.yml b/config.yml index d17488a..f0c2bd5 100644 --- a/config.yml +++ b/config.yml @@ -127,7 +127,7 @@ steps: # event: responding with a comment -- title: Confirm AWS configuration +- title: Confirm AWS S3 configuration description: Create an AWS account by the following specifications, and confirm here event: issue_comment.created link: '{{ repoUrl }}/pulls/2' @@ -141,8 +141,8 @@ steps: with: 06_env-variables.md # event: Respond with a comment -- title: Enter environment variables - description: Enter your AWS environment variables into this repository, and confirm here +- title: Create and store environment variables + description: Create your AWS IAM secrets and enter them in this repository event: issue_comment.created link: '{{ repoUrl }}/pulls/2' actions: diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index 46a61e5..6807ebd 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -1,35 +1,15 @@ -# AWS Configuration +# AWS Configuration - S3 Buckets For deployment, we will be using AWS. ### S3 Buckets -### Access keys for IAM Users -To automate the authentication, AWS recommends using a process called [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). By creating a specific key for a purpose or individual, specific scopes can be specified and access can be tracked. +## Step 5: Confirm AWS S3 configuration -When you create an access key, the key pair is active by default, and you can use the pair right away. You will be adding the following two secrets to this repository: - -- **AWS_ACCESS**: This serves as the user identifying token. "Access key ID" -- **AWS_SECRET**: This represents the secret key value pair that's like a password. It's under "Secret access key". - -## Step 5: Confirm AWS configuration - -### :keyboard: Activity: Create an AWS account by the following specifications, and confirm here. +### :keyboard: Activity: Create an AWS account by the following specifications, and confirm here 1. Create an account at [aws.amazon.com](https://aws.amazon.com/) - _This requires credit card information. If you'd like to continue with the course without an AWS account, Learning Lab will still respond, but none of the deployments will work._ 2. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html) - The region needs to be the same as what is specified in the `aws-config.yml` file in this pull request. :eyes: **For this exercise, choose us-west-2**. :eyes: If you'd like to choose another region, make sure to update the `aws-config.yml` file to match. -3. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ -4. In the navigation pane, choose **Users** -5. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab -6. In the Access keys section: - - Choose **Create access key** - - Then, choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer - - Store the file in a secure location - - ⚠️_You will not have access to the secret access key again after this dialog box closes_ - - After you download the CSV file, choose **Close** -7. Save the `AWS_ACCESS` token in the **Settings > Secrets** -8. Save the `AWS_SECRET` token in the **Settings > Secrets** -9. Once you are done, confirm here by commenting anything in this pull request diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index f75f0a5..e242aba 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -1,8 +1,31 @@ # Environment Variables -## Step 6: Enter environment variables -### :keyboard: Activity: Enter your AWS environment variables in this repository +### Access keys for IAM Users + +To automate the authentication, AWS recommends using a process called [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). By creating a specific key for a purpose or individual, specific scopes can be specified and access can be tracked. + +When you create an access key, the key pair is active by default, and you can use the pair right away. You will be adding the following two secrets to this repository: + +- **AWS_ACCESS**: This serves as the user identifying token. "Access key ID" +- **AWS_SECRET**: This represents the secret key value pair that's like a password. It's under "Secret access key". + +## Step 6: Create and store environment variables + +### :keyboard: Activity: Create your AWS IAM secrets and enter them in this repository 1. Add the tokens to this repository with the token name `AWS_SECRET_KEY` 2. Once you are done, confirm here by commenting anything in this pull request + +3. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ +4. In the navigation pane, choose **Users** +5. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab +6. In the Access keys section: + - Choose **Create access key** + - Then, choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer + - Store the file in a secure location + - ⚠️_You will not have access to the secret access key again after this dialog box closes_ + - After you download the CSV file, choose **Close** +7. Save the `AWS_ACCESS` token in the **Settings > Secrets** +8. Save the `AWS_SECRET` token in the **Settings > Secrets** +9. Once you are done, confirm here by commenting anything in this pull request From 91dc5fcb3b0cb52a9b8528cd60d452b198bbd1ca Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:02:11 +0100 Subject: [PATCH 18/31] better 05 instructions --- responses/05_confirm-aws.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index 6807ebd..3bb3c88 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -1,9 +1,10 @@ # AWS Configuration - S3 Buckets -For deployment, we will be using AWS. +For deployment, we will be using AWS. ### S3 Buckets +Amazon S3 Buckets are containers. They're also a very flexible type of data storage- they can be configured to work in many different types of ways. They're popular for their security, scalability, and dependability. Our S3 Bucket will be the container that our application is deployed in, both in staging and in production. ## Step 5: Confirm AWS S3 configuration @@ -13,3 +14,4 @@ For deployment, we will be using AWS. - _This requires credit card information. If you'd like to continue with the course without an AWS account, Learning Lab will still respond, but none of the deployments will work._ 2. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html) - The region needs to be the same as what is specified in the `aws-config.yml` file in this pull request. :eyes: **For this exercise, choose us-west-2**. :eyes: If you'd like to choose another region, make sure to update the `aws-config.yml` file to match. +3. Confirm that you've created an S3 bucket by commenting anything in this pull request \ No newline at end of file From 1ccd109c6a5faed21bc6e783a22f9f19eb2f1e99 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:02:26 +0100 Subject: [PATCH 19/31] formatting for 06 --- responses/06_env-variables.md | 1 - 1 file changed, 1 deletion(-) diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index e242aba..5a7c2a3 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -1,6 +1,5 @@ # Environment Variables - ### Access keys for IAM Users To automate the authentication, AWS recommends using a process called [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). By creating a specific key for a purpose or individual, specific scopes can be specified and access can be tracked. From 4a6908937eae712773cd986be3800e26787ad0fa Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:06:35 +0100 Subject: [PATCH 20/31] improve context for steps 2 3 and 4 --- responses/02_environment.md | 2 +- responses/03_workflow-steps.md | 5 +++++ responses/04_merge.md | 7 +++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/responses/02_environment.md b/responses/02_environment.md index fb068ad..7379be0 100644 --- a/responses/02_environment.md +++ b/responses/02_environment.md @@ -4,7 +4,7 @@ We will be working with AWS for the deployment environment. AWS will do the work ### What are the options? -You may want to choose a different environment based on your application. For example, if you are building an application to run on an Android phone, the environment may be X. If the app will be for a Mac, you may choose X. Options of environments may be.... +You may want to choose a different environment based on your application. You can read more about [virtual environments for GitHub Actions](https://help.github.com/en/github/automating-your-workflow-with-github-actions/virtual-environments-for-github-actions) on GitHub Help. ## Step 2: Choose the environment for AWS diff --git a/responses/03_workflow-steps.md b/responses/03_workflow-steps.md index 10910ca..c6e4c37 100644 --- a/responses/03_workflow-steps.md +++ b/responses/03_workflow-steps.md @@ -4,6 +4,11 @@ So far, the workflow knows what the trigger is and what environment to run in. B ## Step 3: Write the steps for the staging workflow +We won't be going into detail on the steps of this workflow, but it would be a good idea to check them out. You'll see that we're adding steps using existing actions for: + +- `actions/checkout` +- `Deploy to AWS` + ### :keyboard: Activity: Write the steps for the staging deployment workflow ```yml diff --git a/responses/04_merge.md b/responses/04_merge.md index 7238d1c..8a90d84 100644 --- a/responses/04_merge.md +++ b/responses/04_merge.md @@ -1,9 +1,12 @@ # Completed Workflow -Nice job, you've done it! +Nice job, you've done it! It won't be "working" yet, because our next step is to work on the configuration files that AWS will need. But, the logic for this workflow is complete. ## Step 4: Merge the staging workflow -### :keyboard: Activity: Merge this staging workflow pull request \ No newline at end of file +### :keyboard: Activity: Merge this staging workflow pull request + +1. Merge this pull request +2. Delete the `staging-workflow` branch` \ No newline at end of file From dacb03ba0722331757544ae7c15cdafa67dad9ff Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:14:28 +0100 Subject: [PATCH 21/31] more info on approve --- responses/07_approve.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/responses/07_approve.md b/responses/07_approve.md index 300484c..40b069d 100644 --- a/responses/07_approve.md +++ b/responses/07_approve.md @@ -1,7 +1,23 @@ # AWS Configuration files -This is what those files are: +To deploy successfully to our S3 bucket on AWS, we need a few special configuration files. + +### `aws-config.yml` + +The `aws-config.yml` file is needed with the `Deploy to AWS` Action that we're using. **How did we know that it's needed?** In the [documentation for the GitHub action](https://github.com/github/deploy-nodejs), there are specific instructions about including this file, and where it needs to sit within the repository. + +Whenever you're using a GitHub Action, it's important to read the documentation. There may be details like what secrets or other template files are required for the Action to work as expected. + +### `sam-template.yml` + +This file is a bit trickier. The template `aws-config.yml` file that was documented with the action has a placeholder for this template, but doesn't specify what we should do. + +In our case, we created the `sam-template.yml` for you. It contains information that's specific about the application source code in this repository. When we tell AWS to deploy, it wonders "Deploy _what_?". This file communicates which files should be deployed, and how, within our S3 bucket on AWS. ## Step 7: Approve the pull request -### :keyboard: Activity: Approve pull request adding aws-config.yml and sam-template.yml \ No newline at end of file +I've requested your approval on this pull request. Once you approve this, I will merge. + +### :keyboard: Activity: Approve pull request adding `aws-config.yml` and `sam-template.yml` + +1. Approve this pull request \ No newline at end of file From 919df4681a193de68ddac05d07920b58d20bc42a Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:15:03 +0100 Subject: [PATCH 22/31] add instructions for staging --- responses/08_test.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/responses/08_test.md b/responses/08_test.md index 62102bc..d1a02f0 100644 --- a/responses/08_test.md +++ b/responses/08_test.md @@ -6,4 +6,7 @@ Now that the proper configuration and workflow files are present, let's test thi In this pull request, there's a small change to the game. Once you add the label, you should be able to see the deployment! -### :keyboard: Activity: Add the proper label to this pull request \ No newline at end of file +### :keyboard: Activity: Add the proper label to this pull request + +1. On the right hand side, click **Add label** +2. Select the label titled **stage** From 0c9c11a02abd137d537baca1322ed75f6815297c Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:18:05 +0100 Subject: [PATCH 23/31] deployment prod description; --- responses/10_environment.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/responses/10_environment.md b/responses/10_environment.md index c8befda..7c2fdcc 100644 --- a/responses/10_environment.md +++ b/responses/10_environment.md @@ -1,6 +1,10 @@ # Choosing an environment -Just like with the other workflow, we will need to specify an environment for AWS. +Just like with the other workflow, we will need to specify an environment for AWS. We will choose the same environment because we are working with the same `Node.js` app. + +**Continuous delivery** is a concept that contains many behaviors and other, more specific concepts. One of those concepts is **test in production**. That can mean different things to different projects and different companies, and isn't a strict rule that says you are or aren't "doing CD". + +In our case, we can match our production environment to be exactly like our staging environment. This minimizes opportunities for surprises once we deploy to production. ## Step 10: Choose the environment for AWS From 7fe74e2adcea73923c0c72cc4a00931da86177f7 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:21:09 +0100 Subject: [PATCH 24/31] better workflow 2 steps info --- responses/11_workflow-steps.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/responses/11_workflow-steps.md b/responses/11_workflow-steps.md index 0c4bddf..6a719bb 100644 --- a/responses/11_workflow-steps.md +++ b/responses/11_workflow-steps.md @@ -2,6 +2,19 @@ So far, the workflow knows what the trigger is and what environment to run in. But, what exactly is supposed to run? The "steps" section of this workflow specify what actions to be run in the Ubuntu environment when new labels are added. +With the staging deployment, we use `checkout` and `Deploy to AWS`. In this workflow, we use: + +- `actions/checkout@v1` +- `Deploy to AWS` + +We also have a new section past the `deploy` section, called **Docker Build, Tag, Push**, or Build-and-Push-Docker-Image. This part of the workflow uses the action from another course. That action builds the code, tags the commit, and pushes a package to the GitHub Package Registry. + +- `actions/checkout@v1` +- `actions/download-artifact@master` +- `mattdavis0351/actions/docker-gpr@v1` + +All of this happens automatically once a pull request is merged! + ## Step 11: Write the steps for the production workflow ### :keyboard: Activity: Write the steps for the production deployment workflow From d8a1ceca0b25ae41f2304d0828c6cdc6a00c92e4 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:21:55 +0100 Subject: [PATCH 25/31] better name for final step --- config.yml | 2 +- responses/12_merge.md | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/config.yml b/config.yml index f0c2bd5..cfd829b 100644 --- a/config.yml +++ b/config.yml @@ -283,7 +283,7 @@ steps: # event: merge -- title: Merge this pull request +- title: Merge the production workflow description: Merge this pull request and test the production deployment workflow event: pull_request.closed link: '{{ repoUrl }}/pulls/3' diff --git a/responses/12_merge.md b/responses/12_merge.md index 0d8450f..b6f4224 100644 --- a/responses/12_merge.md +++ b/responses/12_merge.md @@ -1,7 +1,10 @@ # Completed Workflow -Nice job, you've done it! +Nice job, you've done it! -## Step 12: Merge the staging workflow +## Step 12: Merge the production workflow -### :keyboard: Activity: Merge this production workflow pull request \ No newline at end of file +### :keyboard: Activity: Merge this pull request and test the production deployment workflow + +1. Merge this pull request +2. Delete the branch \ No newline at end of file From 9593fda3dabe876ac672ff237ce949a56e9c575d Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:24:18 +0100 Subject: [PATCH 26/31] correct links so they are pull not pulls --- config.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/config.yml b/config.yml index cfd829b..2fa30aa 100644 --- a/config.yml +++ b/config.yml @@ -45,7 +45,7 @@ steps: - title: Configure a trigger based on labels description: Configure the workflow trigger based on an a label being added event: pull_request - link: '{{ repoUrl }}/pulls/1' + link: '{{ repoUrl }}/pull/1' actions: # We validate that trigger is correct #- type: gate @@ -60,7 +60,7 @@ steps: - title: Choose the environment for AWS description: Choose the Ubuntu environment for our app event: pull_request - link: '{{ repoUrl }}/pulls/1' + link: '{{ repoUrl }}/pull/1' actions: # We validate @@ -75,7 +75,7 @@ steps: - title: Write the steps for the staging workflow description: Write the steps for the staging deployment workflow event: pull_request - link: '{{ repoUrl }}/pulls/1' + link: '{{ repoUrl }}/pull/1' actions: # We validate @@ -93,7 +93,7 @@ steps: - title: Merge the staging workflow description: Merge this staging workflow pull request event: pull_request.closed - link: '{{ repoUrl }}/pulls/1' + link: '{{ repoUrl }}/pull/1' actions: # we make sure it's merged @@ -130,7 +130,7 @@ steps: - title: Confirm AWS S3 configuration description: Create an AWS account by the following specifications, and confirm here event: issue_comment.created - link: '{{ repoUrl }}/pulls/2' + link: '{{ repoUrl }}/pull/2' actions: # Step 6: Enter environment variables @@ -144,7 +144,7 @@ steps: - title: Create and store environment variables description: Create your AWS IAM secrets and enter them in this repository event: issue_comment.created - link: '{{ repoUrl }}/pulls/2' + link: '{{ repoUrl }}/pull/2' actions: # Validate if possible @@ -165,7 +165,7 @@ steps: - title: Approve pull request description: Approve pull request adding the aws-config.yml and sam-template.yml event: pull_request_review - link: '{{ repoUrl }}/pulls/2' + link: '{{ repoUrl }}/pull/2' actions: # we make sure it's approved @@ -204,7 +204,7 @@ steps: - title: Test the staging action description: Test the new action to deploy labeled pull requests to staging event: pull_request.labeled - link: '{{ repoUrl }}/pulls/3' + link: '{{ repoUrl }}/pull/3' actions: # We need to prepare next PR for them where they write the prod deployment workflow @@ -229,7 +229,7 @@ steps: - title: Write the production deployment trigger description: Write the production deployment trigger in the new workflow event: pull_request - link: '{{ repoUrl }}/pulls/3' + link: '{{ repoUrl }}/pull/3' actions: # We validate @@ -246,7 +246,7 @@ steps: - title: Choose the environment for AWS description: Commit the proper environment for AWS to the workflow file event: pull_request - link: '{{ repoUrl }}/pulls/3' + link: '{{ repoUrl }}/pull/3' actions: # We validate @@ -263,7 +263,7 @@ steps: - title: Write the steps for the production workflow description: Write the steps for the production deployment to the workflow file event: pull_request - link: '{{ repoUrl }}/pulls/3' + link: '{{ repoUrl }}/pull/3' actions: # We validate @@ -286,7 +286,7 @@ steps: - title: Merge the production workflow description: Merge this pull request and test the production deployment workflow event: pull_request.closed - link: '{{ repoUrl }}/pulls/3' + link: '{{ repoUrl }}/pull/3' actions: # check that its merged From b60f1db864ce1aa769d7726166b4c1ec1b3771dc Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:38:16 +0100 Subject: [PATCH 27/31] better instructions around s3 stuff --- responses/05_confirm-aws.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/responses/05_confirm-aws.md b/responses/05_confirm-aws.md index 3bb3c88..ceab158 100644 --- a/responses/05_confirm-aws.md +++ b/responses/05_confirm-aws.md @@ -13,5 +13,7 @@ Amazon S3 Buckets are containers. They're also a very flexible type of data stor 1. Create an account at [aws.amazon.com](https://aws.amazon.com/) - _This requires credit card information. If you'd like to continue with the course without an AWS account, Learning Lab will still respond, but none of the deployments will work._ 2. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html) + - If you aren't sure how to get there, you can search for `S3`. - The region needs to be the same as what is specified in the `aws-config.yml` file in this pull request. :eyes: **For this exercise, choose us-west-2**. :eyes: If you'd like to choose another region, make sure to update the `aws-config.yml` file to match. + - For all other options, accept the defaults. 3. Confirm that you've created an S3 bucket by commenting anything in this pull request \ No newline at end of file From 4d1c8ebc23e7ae20bc47b2f22f1f75cf2ded9edf Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:39:51 +0100 Subject: [PATCH 28/31] instruction formatting --- responses/06_env-variables.md | 1 - 1 file changed, 1 deletion(-) diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index 5a7c2a3..5516a4b 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -15,7 +15,6 @@ When you create an access key, the key pair is active by default, and you can us 1. Add the tokens to this repository with the token name `AWS_SECRET_KEY` 2. Once you are done, confirm here by commenting anything in this pull request - 3. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ 4. In the navigation pane, choose **Users** 5. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab From 22f1f6ca08dc68936b18bd0290ff2d2d58f40eef Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 11:44:36 +0100 Subject: [PATCH 29/31] tell it which permissions --- responses/06_env-variables.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index 5516a4b..753acec 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -17,13 +17,15 @@ When you create an access key, the key pair is active by default, and you can us 2. Once you are done, confirm here by commenting anything in this pull request 3. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ 4. In the navigation pane, choose **Users** -5. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab -6. In the Access keys section: +5. Create a new user with **programmatic access** +6. When setting permissions, search for and select **AmazonS3FullAccess** +7. In the Access keys section: - Choose **Create access key** + - Create a - Then, choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer - Store the file in a secure location - - ⚠️_You will not have access to the secret access key again after this dialog box closes_ + - ⚠️ _You will not have access to the secret access key again after this dialog box closes_ - After you download the CSV file, choose **Close** -7. Save the `AWS_ACCESS` token in the **Settings > Secrets** -8. Save the `AWS_SECRET` token in the **Settings > Secrets** -9. Once you are done, confirm here by commenting anything in this pull request +8. Save the `AWS_ACCESS` token in the **Settings > Secrets** +9. Save the `AWS_SECRET` token in the **Settings > Secrets** +10. Once you are done, confirm here by commenting anything in this pull request From b256f7d7c1323f6fac8abb79a63d733306ce76bc Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 12:01:48 +0100 Subject: [PATCH 30/31] access and secret key name instruction update --- responses/06_env-variables.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/responses/06_env-variables.md b/responses/06_env-variables.md index 753acec..9576097 100644 --- a/responses/06_env-variables.md +++ b/responses/06_env-variables.md @@ -19,13 +19,11 @@ When you create an access key, the key pair is active by default, and you can us 4. In the navigation pane, choose **Users** 5. Create a new user with **programmatic access** 6. When setting permissions, search for and select **AmazonS3FullAccess** -7. In the Access keys section: - - Choose **Create access key** - - Create a - - Then, choose **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer +7. Use a tag that will identify this token pair, like **Deployment Learning Lab** +8. **Download .csv file** to save the access key ID and secret access key to a CSV file on your computer - Store the file in a secure location - ⚠️ _You will not have access to the secret access key again after this dialog box closes_ - After you download the CSV file, choose **Close** -8. Save the `AWS_ACCESS` token in the **Settings > Secrets** -9. Save the `AWS_SECRET` token in the **Settings > Secrets** -10. Once you are done, confirm here by commenting anything in this pull request +9. Save the _Access key ID_ as a secret, named `AWS_ACCESS_KEY` in the **Settings > Secrets** +10. Save the _Secret access key_ as a secret, named `AWS_SECRET_KEY` in the **Settings > Secrets** +11. Once you are done, confirm here by commenting anything in this pull request From dffa1979876eab69147cc52d42f617791160f583 Mon Sep 17 00:00:00 2001 From: Briana Swift Date: Fri, 1 Nov 2019 12:16:25 +0100 Subject: [PATCH 31/31] add course details --- course-details.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/course-details.md b/course-details.md index e69de29..cceb547 100644 --- a/course-details.md +++ b/course-details.md @@ -0,0 +1,9 @@ +This course is about continuous delivery, or CD, with GitHub Actions. We create two workflows to deploy our app to an AWS S3 bucket automatically. CD is an important part of modern software development, and it has a big meaning. CD is the practice of delivering software faster and with higher quality. To do this, it takes many different practices, behaviors, and technologies. + +In this course, we focus on workflows to deploy pull requests automatically to a staging environment, and to deploy all merged commits to production. In this course, you will: + +- Create two workflow files +- Configure AWS S3 for deployment +- Use secrets to store tokens +- Deploy to staging and production +- Practice using GitHub Actions \ No newline at end of file