karatejb: 11月 2021

2021年11月28日星期日

[GitHub] Github Actions - Workflow dependencies

Github Action Workflow Dependency

▌Introduction

The jobs in a GitHub Actions: workflow by default run in parallel at the same time.

To run a job only when another job has completed, we can use needs keyword as following,

(The sample manifest comes from GitHub Docs: Creating dependent jobs)

jobs:
  setup:
    runs-on: ubuntu-latest
    steps:
      - run: ./setup_server.sh
  build:
    needs: setup
    runs-on: ubuntu-latest
    steps:
      - run: ./build_server.sh
  test:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - run: ./test_server.sh

However, it needs some tricks on workflows dependencies, let us see the following example.

▌Implement

▋ Scenario

I am going to create 2 workflows:

1. Publish Docker Image

2. Run Docker Container (to execute some commands)

The second workflow depends on the result of the first one.

We will run the container after the Docker image publish successfully. In other words, if publishing fails, we won’t run the container.

▋ Constraints

1. Currently (2021-11) GitHub Actions only supports putting the second workflow (that will be triggered by first one) on the “default branch”.

2. To get the previous workflow’s state, use the value of github.event.workflow_run.conclusion.

▋ Workflow: Publish Docker Image

This is the first workflow and it is not what we will focus in the article, see [GitHub] Github Actions - Publish Docker images for more details.

▋publish_docker_image.yml

---
name: Publish Docker Image
on:
  push:
    branches: [ master ]
jobs:
  push_images_to_acr:
    name: Push images to ACR
    runs-on: ubuntu-18.04
    steps:
      - name: Checkout repo
        uses: actions/checkout@v2
      - name: Login to ACR
        uses: azure/docker-login@v1
        with:
          login-server: ${{ secrets.ACR_REGISTRY }}
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}
      - name: Build and push
        id: build_publish
        uses: docker/build-push-action@v2
        with:
          # context: .
          file: ./docker/dockerfile
          push: true
          tags: ${{ secrets.ACR_REGISTRY }}/my-demo:latest

▋ Workflow: Run Docker Container

The second workflow will need to watch the if the dependent workflow has been closed by

on:
  workflow_run:
    workflows: 
      - The dependent workflow name
    types: 
      - completed

▋run_docker_constainer.yml

---
name: Run Docker Container
on:
  workflow_run:
    workflows: 
      - Publish Docker Image
    types: 
      - completed
jobs:
  run_docker_container:
    name: Run
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-18.04
    steps:
      - name: Run
        uses: addnab/docker-run-action@v3
        with:
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}
          registry: ${{ secrets.ACR_REGISTRY }}
          image: ${{ secrets.ACR_REGISTRY }}/my-demo:latest
          # options:
          run: |
            echo "The container is running."

Like we mentioned in Constraints, we have to enable the workflow (put the manifest file) in the default branch, e.q. master or main.

Notice that the above manifest used addnab/docker-run-action as the “Docker Run Action” Or we can use the default Action like this,

---
name: Run Docker Container
on:
  workflow_run:
    workflows: 
      - Publish Docker Image
    types: 
      - completed
jobs:
  run_docker_container:
    name: Run
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-18.04
    container: karatejb/my-demo:latest
    steps:
      - name: Dcoker run
        run: |
          echo "The container is running."