diff --git a/_posts/2022-01-04-build-and-deploy-automatically.md b/_posts/2022-01-04-build-and-deploy-automatically.md new file mode 100644 index 0000000..0a9200e --- /dev/null +++ b/_posts/2022-01-04-build-and-deploy-automatically.md @@ -0,0 +1,197 @@ +--- +title: "Automatically Build and Deploy Your Site using GitHub Actions and Webhooks" +date: 2022-01-04 20:40:00 +0300 +tags: github-actions github-webhooks ci-cd +--- +In this post I will explain how you can use GitHub to automate the build and deployment processes that you have. I am going to automate the deployment of this site but you can do whatever you want. Just understanding the basics will be enough. + + +## Introduction to GitHub Actions and Webhooks +Let me start by explaining what are GitHub Actions and GitHub Webhooks. + +> **Github Actions** is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production. + +> **Webhooks** provide a way for notifications to be delivered to an external web server whenever certain actions occur on a repository or organization. ... For example, you can configure a webhook to execute whenever: + - A repository is pushed to + - A pull request is opened + - A GitHub Pages site is built + - A new member is added to a team + + +## Defining the problem and solution +As I said, my example will be automating the deployment of this site. Here is the normal workflow of me doing it manually: +![My workflow](/assets/images/gh-actions-and-webhooks/workflow.png) + +As you can see, the only place where my work is really required is writing the post. Other two steps can be automated. We will use GitHub Actions to generate the site content and Webhooks to let our server know about the new content so it can pull the changes. Let's get started. + +### Setting up GitHub Actions +Setting up a GitHub Action is as easy as creating a `.yml` file in `.github/workflows/` directory in your repository. Let us create a new action to build our site. Fortunately, there is already a [GitHub action](https://github.com/marketplace/actions/jekyll-actions) to do it for us. Create a file called `.github/workflows/jekyll.yml` in your root directory of your repository and put the following contents: +```yaml +name: Jekyll site CI + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Jekyll Actions + uses: helaili/jekyll-action@2.2.0 + with: + {% raw %}token: ${{ secrets.GITHUB_TOKEN }} {% endraw %} + keep_history: true + target_branch: 'gh-pages' +``` +That's it! We have created our first Action. When we push this change, GitHub will start building our site and push the result to `gh-pages` branch. Currently, it will take a while to build because we don't use caching. So let's include it to build faster. Add the following piece as a second step: +```yaml +# Use GitHub Actions' cache to shorten build times and decrease load on servers +- uses: actions/cache@v2 + with: + path: vendor/bundle + {% raw %}key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile') }} + restore-keys: | + ${{ runner.os }}-gems-{% endraw %} +``` +We are done with the Actions part. You can see the final code [here](https://github.com/Asocia/sahinakkayadotdev/blob/main/.github/workflows/jekyll.yml). When you are also done with the code, just push it to trigger the action. + +### Setting up the Webhook and related endpoint +Now that we set up our Action to build the site, we need to let our server know about the changes so that we it pull the changes. + + +#### Creating a Webhook from GitHub + +To add a Webhook, open your repository in browser and navigate to *'Settings > Webhooks'* and click *'Add Webhook'*. Fill in the form with appropriate values. Here is an example: +![Webhook form example](/assets/images/gh-actions-and-webhooks/add-webhook.png) + +This is all you have to do from GitHub. Now, whenever there is a *`push`* event to your repository, GitHub will send a POST request to your *payload url* with the details. + +**Note:** Our Action is configured to push to a branch in our repository, so it will also trigger this hook and we will catch it. +{: .notice--info} + +#### Creating an endpoint to handle the requests +I will use [Flask](https://flask.palletsprojects.com/en/2.0.x/) framework to handle the post requests coming to our endpoint. You can use whatever programming language or framework you want. It will be very simple code with just one job: Validate the secret keys and run a specific code. + +Let's start by creating a new project, and a virtual environment: +```bash +mdkir post_receiver +cd post_receiver +python3 -m venv venv +source venv/bin/activate +``` +Install the required packages: +```bash +pip install Flask gunicorn +``` +Create a new file for storing our environment variables: +```python +# config.py + +APP_KEY = "your-secret-key" # same key that is used in github while creating the webhook +PROJECT_PATH = "/path/to/your/project/" # you will want to cd into this path and perform commands such as git pull etc. +``` + +And create the Flask application: +```python +# post_receiver.py + +import hashlib +import hmac +import subprocess + +from flask import Flask, request + +import config + +application = Flask(__name__) + +@application.route('/', methods=['GET', 'POST']) +def index(): + if request.method == 'GET': + return 'OK' + elif request.method == 'POST': + content = request.data + secret = bytes(config.APP_KEY, 'utf-8') + digester = hmac.new(secret, content, hashlib.sha256) + calculated_signature = 'sha256=' + digester.hexdigest() + signature = request.headers.get('X-Hub-Signature-256') + if calculated_signature == request.headers.get('X-Hub-Signature-256'): + subprocess.Popen( + ['./perform-git-pull.sh {}'.format(config.PROJECT_PATH)], shell = True) + return 'OK\n' + else: + return 'ERROR\n' + +if __name__ == "__main__": + application.run(host='0.0.0.0') +``` +I will not go into details explaining what each line does. Basically, we are checking if the request is a POST request and if so we are comparing the secret keys to make sure that the request is coming from GitHub. In our case, this is not too important because when the keys match we are running a simple `git pull` command in our repository but you might need it if you are doing something more complicated. And here is the contents of `perform-git-pull.sh` file: +```bash +#!/bin/bash + +cd $1 +git pull +``` +We are almost done! All we need to do is create a service to automatically run our code and let nginx handle our endpoint correctly. + +Create a new file `post_receiver.service` in `/etc/systemd/system/`: +``` +#/etc/systemd/system/post_receiver.service + +# change to your actual username +[Unit] +Description=post_receiver +After=network.target multi-user.target + +[Service] +User= +Environment="PYTHONPATH=/home//post_receiver/venv/bin/python" +WorkingDirectory=/home//post_receiver +ExecStart=/home//post_receiver/venv/bin/gunicorn -b 127.0.0.1:5000 -w 2 --log-file /home//post_receiver/post_receiver.log post_receiver + +[Install] +WantedBy=multi-user.target +``` + +Make sure port `5000` is reachable from outside. +```bash +sudo ufw allow 5000 +sudo ufw enable +``` + +Finally, edit your nginx configuration, `/etc/nginx/sites-available/yoursite` +``` +location = /postreceive/ { + proxy_pass http://localhost:5000/; +} +``` + +Start, restart the services +```bash +sudo systemctl daemon-reload +sudo systemctl start post_receiver +sudo systemctl enable post_receiver +sudo systemctl restart nginx +``` + +That's it! `curl https://yourdomain.com/postreceive/` should return `"OK"` and we are ready to accept POST requests from GitHub. + + +### Notes for debugging +In case anything goes wrong, here are a few tips to debug: +- Every GitHub Action produces a log that you can examine. Check them to see if anything is odd. +- In the *Webhooks* tab, there is a sub-tab called *Recent Deliveries*. You can take a look at there to see the results of the requests from your hooks. +- You can always test your code locally with `curl`: + ``` + ❯ curl -i -X POST -H 'Content-Type: application/json' -d '{"foo": "bar", "bar": "baz"}' https://yourdomain.com/postreceive/ + ``` + +Happy hacking! + + diff --git a/assets/images/gh-actions-and-webhooks/add-webhook.png b/assets/images/gh-actions-and-webhooks/add-webhook.png new file mode 100644 index 0000000..88a0aa8 Binary files /dev/null and b/assets/images/gh-actions-and-webhooks/add-webhook.png differ diff --git a/assets/images/gh-actions-and-webhooks/workflow.png b/assets/images/gh-actions-and-webhooks/workflow.png new file mode 100644 index 0000000..011378e Binary files /dev/null and b/assets/images/gh-actions-and-webhooks/workflow.png differ