action-app-deploy

Composite action to deploy applications to an XP instance.

What's new

Easier setup for customers
- Set the required arguments in your repository
- Refer to this composite action script in a workflow

Usage

In your workflow specify the required arguments to be used as an input to this deploy action and use the actinon to execute the deployment task. See action.yml

Mandatory arguments

url
username
password

Optional arguments

app_jar: name path to the app to be deployed. If it's not given, the action will look for an app under "./build/libs/"
client_cert: required only if you need to authenticate using mTLS
client_key: required only if you need to authenticate using mTLS

Note: The url, username and app_jar parameters can be given as string or secret inputs. But password, client_cert and client_key has to be stored in a secret store.

Here is an example workflow

jobs:
  app_deploy_job:
    runs-on: ubuntu-latest
    name: A job to deploy app
    steps: 
      - uses: actions/checkout@v3
      - id: deploy_app_to_XP
        uses: enonic/action-app-deploy@<tag>
        with:
          url: 'https://<org-proj>.enonic.cloud:4443'
          username: 'deploy-user'
          password: ${{ secrets.XP_PASS }}

Implementation notes

Notes

Input to action

I don't like app_src_path and appname. Reasons being:

They dont use the same naming convention. One uses snake_case and not the other.
They should be optional. It is very predictable where these jars end up. This parameter does not change for 99% of people.
They should be merged to app_jar that defaults to ./build/libs/*.jar. Having 2 causes confusion (app_src_path is not src of anything). Change the underlying logic how this is handled. See below.

README

These two sections in the readme called Deploy an app over MTLS and Deploy an app without MTLS are implementation details and not helpful for the average person. What are they trying to say?

Implementation

The implementation should not include - uses: actions/checkout@v2. This action should not have to worry about that.
Do we really need this base64 business for the cert and key?
This should IMO be implemented in bash, not using pure github actions. That way its easier to debug. My suggesion would be to do something like this:

name: 'App deploy action script'
description: 'Github action script to be used for app deployment'
inputs:
  url: 
    description: 'URL to XP instance'
    required: true
  username:  
    description: 'deploy user name'
    required: true
  password: 
    description: 'password of deploy user'
    required: true
  client_key:  
    description: 'Client key for MTLS session'
    required: false
  client_cert: 
    description: 'Client cert for MTLS session'
    required: false
  app_jar:  
    description: 'Path of the app to be deployed'
    required: true
    default: './build/libs/*.jar'

runs:
  using: "composite"
  steps:
    - name: Deploy
      env:
        XP_URL: ${{ inputs.url }}
        XP_USERNAME: ${{ inputs.username }}
        XP_PASSWORD: ${{ inputs.password }}
        CLIENT_KEY: ${{ inputs.client_key }}
        CLIENT_CERT: ${{ inputs.client_cert }}
        APP_JAR: ${{ inputs.app_jar }}
      shell: bash
      run: deploy.sh

And create a script called deploy.sh:

#!/usr/bin/env bash

# Note this is just pseudo code, I dont think its 100% correct

set -e

FILE="$(find . -wholename ${APP_JAR} | head -n 1)"

if [ -z "$FILE" ]; then
    echo "No app jar found with pattern: ${APP_JAR}"
    exit 1
else
    echo "Found app jar: ${FILE}"
fi

PARAMS="-X POST -f -s -S -o - -u ${XP_USER}:${XP_PASSWORD} -F file=@${FILE}"

if [ "$CLIENT_KEY" != "" ] && [ "$CLIENT_CERT" != "" ]; then
    echo "Using mTLS"
    KEY=$(mktemp /tmp/key.XXXXXX)
    CERT=$(mktemp /tmp/crt.XXXXXX)
    echo -n "${CLIENT_KEY}" | base64 -d > ${KEY}
    echo -n "${CLIENT_CERT}" | base64 -d > ${CERT}
    PARAMS="${PARAMS} --key ${KEY} --cert ${CERT}"
fi

curl ${PARAMS} ${XP_URL}/app/install

enonic / action-app-deploy Goto Github PK