Skip to content

github-actions.md

Latest commit

 

History

History
120 lines (78 loc) · 3.59 KB

github-actions.md

File metadata and controls

120 lines (78 loc) · 3.59 KB

GitHub Actions Workflows for Next.js

This directory contains GitHub Actions workflows for continuous integration and deployment of Next.js applications.

Directory Structure

.github/workflows/
├── ci.yml - Continuous Integration workflow
└── cd.yml - Continuous Deployment workflow

Continuous Integration (CI)

The CI workflow runs on every push to main and develop branches, as well as on pull requests to these branches. It performs the following tasks:

Linting

  • Checks code quality using ESLint
  • Ensures code follows project standards and best practices

Testing

  • Runs Jest tests to verify functionality
  • Ensures all tests pass before allowing deployment

Building

  • Builds the Next.js application
  • Verifies that the build process completes successfully
  • Uploads build artifacts for potential use in deployment

Security Scanning

  • Uses Snyk to scan for vulnerabilities in dependencies
  • Runs OWASP ZAP scan for security issues
  • Identifies potential security concerns before deployment

Continuous Deployment (CD)

The CD workflow runs when code is pushed to main or develop branches, or when a version tag is created. It automates the deployment process:

Environment Determination

  • Automatically determines the target environment based on branch or tag
  • Sets appropriate image tags for Docker images

Docker Build and Push

  • Builds the Docker image using the production Dockerfile
  • Pushes the image to DockerHub with appropriate tags
  • Utilizes caching for faster builds

Kubernetes Deployment

  • Updates Kubernetes manifests with the new image tag
  • Applies the changes to the appropriate environment
  • Verifies successful deployment

Notification

  • Sends Slack notifications about deployment status
  • Provides quick feedback on deployment success or failure

Usage

Required Secrets

The following secrets need to be configured in your GitHub repository:

For CI Workflow

  • SNYK_TOKEN: API token for Snyk vulnerability scanning

For CD Workflow

  • DOCKERHUB_USERNAME: DockerHub username
  • DOCKERHUB_TOKEN: DockerHub access token
  • AWS_ACCESS_KEY_ID: AWS access key for EKS access
  • AWS_SECRET_ACCESS_KEY: AWS secret key for EKS access
  • AWS_REGION: AWS region where EKS cluster is located
  • EKS_CLUSTER_NAME: Name of the EKS cluster
  • SLACK_WEBHOOK: Webhook URL for Slack notifications

Customizing Workflows

To customize these workflows for your specific needs:

  1. Modify the branch triggers in the on section
  2. Adjust environment names and conditions in the set-environment job
  3. Update Docker image names and tags in the build-and-push job
  4. Modify Kubernetes deployment paths in the deploy job

Best Practices

Security

  • Store sensitive information in GitHub Secrets
  • Use specific versions for GitHub Actions to prevent unexpected changes
  • Implement security scanning as part of the CI process

Performance

  • Use caching for dependencies and Docker layers
  • Run jobs in parallel when possible
  • Only run necessary steps based on changes

Reliability

  • Verify deployments with health checks
  • Implement notifications for deployment status
  • Use environment protection rules for production deployments

Common Pitfalls

  1. Secret Management: Ensure all required secrets are properly configured
  2. Permission Issues: Ensure GitHub Actions has appropriate permissions
  3. Resource Constraints: Be aware of GitHub Actions minutes and resource limits
  4. Dependency Caching: Properly configure caching to speed up workflows
  5. Error Handling: Implement proper error handling and notifications