This page describes the CI/CD workflows for the Bank of Anthos app, which run in Github Actions.
The CI/CD pipelines for Bank of Anthos run in Github Actions, using a pool of two self-hosted runners. These runners are GCE instances (virtual machines) that, for every open Pull Request in the repo, run the code test pipeline, deploy test pipeline, and (on master) deploy the latest version of the app to bank-of-anthos.xyz
We also host a test GKE cluster, which is where the deploy tests (functional, UI tests) run. Every PR has its own namespace in the cluster.
Code Tests - ci.yaml
These tests run on every commit for every open PR, as well as any commit to master / any release branch. This workflow:
- Runs Java (
mvn) and Python (pylint) style checks on all the source code. - Runs all Java service unit tests, with test coverage reporting (
jacoco) - Runs all Python service unit tests, with test coverage reporting (
pytest --cov)
Deploy Tests- ci.yaml
These tests run on every commit for every open PR, as well as any commit to master / any release branch. This workflow:
- Creates a dedicated GKE namespace for that PR, if it doesn't already exist, in the PR GKE cluster.
- Uses
skaffold runto build and push the images specific to that PR commit. Then skaffold deploys those images, viadev-kubernetes-manifests, to the PR namespace in the test cluster. - Tests to make sure all the pods start up and become ready.
- Gets the LoadBalancer IP for the frontend service.
- Runs the end-to-end UI tests using Cypress, against that frontend IP. These tests ensure that the expected Bank of Anthos functionality (account creation, depositing money) continues to work with the changes introduced by this commit.
Push and Deploy Latest - push-deploy
This is the Continuous Deployment workflow, and it runs on every commit to the master branch. This workflow:
- Builds the contaner images for every service, tagging as
latest. - Pushes those images to Google Container Registry.
- Deploys the latest images to the GKE cluster hosting bank-of-anthos.xyz.
Note that this workflow does not update the image tags used in the public-facing kubernetes-manifests/ - these release manifests are tied to a stable v0.x.x release, and are set in the manual releasing process.
Cleanup - cleanup.yaml
This workflow runs when a PR closes, regardless of whether it was merged into master. This workflow deletes the PR-specific GKE namespace in the test cluster.
Should one of the two self-hosted Github Actions runners (GCE instances) fail, or you want to add more runner capacity, this is how to provision a new runner. Note that you need IAM access to the central Bank of Anthos GCP project in order to do this.
- Create a GCE instance.
- VM should be at least n1-standard-4 with 50GB persistent disk
- VM should use custom service account with only permissions to push images to GCR
- SSH into new VM through Google Cloud Console
- Follow the instructions to add a new runner on the Actions Settings page to authenticate the new runner
- Start GitHub Actions as a background service:
sudo ~/actions-runner/svc.sh install ; sudo ~/actions-runner/svc.sh start
- Install project-specific dependencies, including docker, skaffold, and kubectl:
wget -O - https://raw.githubusercontent.com/GoogleCloudPlatform/bank-of-anthos/master/.github/workflows/install-dependencies.sh | bash