Azure Spring Cloud CI/CD 与 GitHub ActionsAzure Spring Cloud CI/CD with GitHub Actions

GitHub Actions 支持自动化的软件开发生命周期工作流。GitHub Actions support an automated software development lifecycle workflow. 通过适用于 Azure Spring Cloud 的 GitHub Actions,可以在存储库中创建工作流来生成、测试、打包、发布并部署到 Azure。With GitHub Actions for Azure Spring Cloud you can create workflows in your repository to build, test, package, release, and deploy to Azure.

先决条件Prerequisites

此示例需要 Azure CLIThis example requires the Azure CLI.

设置 GitHub 存储库并进行身份验证Set up GitHub repository and authenticate

需要使用 Azure 服务主体凭据来为 Azure 登录操作授权。You need an Azure service principal credential to authorize Azure login action. 若要获取 Azure 凭据,请在本地计算机上执行以下命令:To get an Azure credential, execute the following commands on your local machine:

az login
az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID> --sdk-auth 

若要访问某个特定的资源组,可以缩小范围:To access to a specific resource group, you can reduce the scope:

az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP> --sdk-auth

该命令应该会输出一个 JSON 对象:The command should output a JSON object:

{
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    ...
}

此示例使用 GitHub 上的 PiggyMetrics 示例。This example uses the PiggyMetrics sample on GitHub. 对于该示例,请打开 GitHub 存储库页,然后单击“设置”选项卡。打开“机密”菜单,然后单击“添加新机密” :Fork the sample, open GitHub repository page, and click Settings tab. Open Secrets menu, and click Add a new secret:

添加新机密

将机密名称设置为 AZURE_CREDENTIALS,并将其值设置为在标题“设置 GitHub 存储库并进行身份验证”下找到的 JSON 字符串。Set the secret name to AZURE_CREDENTIALS and its value to the JSON string that you found under the heading Set up your GitHub repository and authenticate.

设置机密数据

也可以在 GitHub Actions 中从 Key Vault 获取 Azure 登录凭据,如在 GitHub Actions 中向 Key Vault 进行 Azure Spring 身份验证中所述。You can also get the Azure login credential from Key Vault in GitHub actions as explained in Authenticate Azure Spring with Key Vault in GitHub Actions.

预配服务实例Provision service instance

若要预配 Azure Spring Cloud 服务实例,请使用 Azure CLI 运行以下命令。To provision your Azure Spring Cloud service instance, run the following commands using the Azure CLI.

az extension add --name spring-cloud
az group create --location chinaeast2 --name <resource group name>
az spring-cloud create -n <service instance name> -g <resource group name>
az spring-cloud config-server git set -n <service instance name> --uri https://github.com/xxx/piggymetrics --label config

生成工作流Build the workflow

工作流是使用以下选项定义的。The workflow is defined using the following options.

使用 Azure CLI 准备部署Prepare for deployment with Azure CLI

az spring-cloud app create 命令目前不是幂等的。The command az spring-cloud app create is currently not idempotent. 建议将此工作流用于现有的 Azure Spring Cloud 应用和实例。We recommend this workflow on existing Azure Spring Cloud apps and instances.

请使用以下 Azure CLI 命令来进行准备:Use the following Azure CLI commands for preparation:

az configure --defaults group=<service group name>
az configure --defaults spring-cloud=<service instance name>
az spring-cloud app create --name gateway
az spring-cloud app create --name auth-service
az spring-cloud app create --name account-service

直接使用 Azure CLI 进行部署Deploy with Azure CLI directly

请在存储库中创建 .github/workflow/main.yml 文件:Create the .github/workflow/main.yml file in the repository:

name: AzureSpringCloud
on: push

env:
  GROUP: <resource group name>
  SERVICE_NAME: <service instance name>

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - uses: actions/checkout@main
    
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    
    - name: maven build, clean
      run: |
        mvn clean package -DskipTests
    
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
      
    - name: Install ASC AZ extension
      run: az extension add --name spring-cloud
   
    - name: Deploy with AZ CLI commands
      run: |
        az configure --defaults group=$GROUP
        az configure --defaults spring-cloud=$SERVICE_NAME
        az spring-cloud app deploy -n gateway --jar-path ${{ github.workspace }}/gateway/target/gateway.jar
        az spring-cloud app deploy -n account-service --jar-path ${{ github.workspace }}/account-service/target/account-service.jar
        az spring-cloud app deploy -n auth-service --jar-path ${{ github.workspace }}/auth-service/target/auth-service.jar

使用 Azure CLI action 进行部署Deploy with Azure CLI action

Az run 命令将使用最新版本的 Azure CLI。The az run command will use the latest version of Azure CLI. 如果有重大更改,也可以将特定版本的 Azure CLI 与 azure/CLI action 配合使用。If there are breaking changes, you can also use a specific version of Azure CLI with azure/CLI action.

备注

此命令将会在一个新容器中运行,所以 env 将不起作用,并且跨操作文件访问可能会有额外限制。This command will run in a new container, so env will not work, and cross action file access may have extra restrictions.

在存储库中创建 .github/workflow/main.yml 文件:Create the .github/workflow/main.yml file in the repository:

name: AzureSpringCloud
on: push

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - uses: actions/checkout@main
    
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    
    - name: maven build, clean
      run: |
        mvn clean package -DskipTests
        
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
              
    - name: Azure CLI script
      uses: azure/CLI@v1
      with:
        azcliversion: 2.0.75
        inlineScript: |
          az extension add --name spring-cloud
          az configure --defaults group=<service group name>
          az configure --defaults spring-cloud=<service instance name>
          az spring-cloud app deploy -n gateway --jar-path $GITHUB_WORKSPACE/gateway/target/gateway.jar
          az spring-cloud app deploy -n account-service --jar-path $GITHUB_WORKSPACE/account-service/target/account-service.jar
          az spring-cloud app deploy -n auth-service --jar-path $GITHUB_WORKSPACE/auth-service/target/auth-service.jar

使用 Maven 插件进行部署Deploy with Maven Plugin

另一种选择是使用 Maven 插件来部署 Jar 并更新应用设置。Another option is to use the Maven Plugin for deploying the Jar and updating App settings. mvn azure-spring-cloud:deploy 命令是幂等的,将会在需要时自动创建应用。The command mvn azure-spring-cloud:deploy is idempotent and will automatically create Apps if needed. 你无需提前创建相应的应用。You don't need to create corresponding apps in advance.

name: AzureSpringCloud
on: push

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    
    - uses: actions/checkout@main
    
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    
    - name: maven build, clean
      run: |
        mvn clean package -DskipTests
        
    # Maven plugin can cosume this authentication method automatically
    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    # Maven deploy, make sure you have correct configurations in your pom.xml
    - name: deploy to Azure Spring Cloud using Maven
      run: |
        mvn azure-spring-cloud:deploy

运行工作流Run the workflow

在将 .github/workflow/main.yml 推送到 GitHub 后,GitHub Actions 应该会自动启用。GitHub Actions should be enabled automatically after you push .github/workflow/main.yml to GitHub. 在推送新提交时,将会触发该操作。The action will be triggered when you push a new commit. 如果你在浏览器中创建此文件,你的操作应该已经运行了。If you create this file in the browser, your action should have already run.

若要验证是否已启用该操作,请单击 GitHub 存储库页上的“操作”选项卡:To verify that the action has been enabled, click Actions tab on the GitHub repository page:

验证操作是否已启用

如果在存在错误的情况下(例如,如果尚未设置 Azure 凭据)运行操作,则可以在修复该错误后重新运行检查。If your action runs in error, for example, if you haven't set the Azure credential, you can rerun checks after fixing the error. 在 GitHub 存储库页上,单击“操作”,选择特定的工作流任务,然后单击“重新运行检查”按钮来重新运行检查 :On the GitHub repository page, click Actions, select the specific workflow task, and then click the Rerun checks button to rerun checks:

重新运行检查

后续步骤Next steps