This example project connects to a PostgreSQL database and executes a simple query.
This project contains GitHub Actions (in the ./.github/workflows
directory):
- Before making code changes, create a new branch and perform any changes in the new branch. When ready to deploy a review workload, simply create a pull request to the main branch. On a pull request (or updates to an existing pull request) to the
main
branch, the application is containerized and pushed to the dev Org's private repository. The GVC andReview Workload
is created (if it not already created) by applying the YAML contents of the files./cpln/cpln-gvc.yaml
and./cpln/cpln-workload.yaml
. The name of theReview Workload
is prefixed by the name of the branch that created the pull request and a dash. - When a pull request is accepted and the code is merged into the
main
branch, adev
workload is updated (or created if it doesn't exists) in the dev Org by applying the same files as step 1, except that the workload name is prefixed withdev-
. This allows the application to be reviewed and tested before being pushed to the production Org. - The promotion to the
stage
andprod
workload is accomplished by manually executing theDeploy-To-Stage-or-Prod
workflow and selecting the desired workload type (stage or prod). The target GVC and Workload in the production Org is updated (or created if it doesn't exist) by applying the YAML contents of the files./cpln/cpln-gvc-prod.yaml
and./cpln/cpln-workload.yaml
. The main difference between the two GVC files is that theprod
version contains thePull Secret
that is needed the pull the image from the dev Org. Thestage
andprod
Workloads reuse the image that was initially pushed to the development Org.
Each action contains a release phase that will execute a script named release-tasks.sh
within the path
release/ENVIRONMENT_NAME
. If this phase fails, the remainder of the action will not execute.
The following Control Plane resources are required:
- Two Control Plane Orgs representing a
dev
andprod
environments. Thedev
org will host the review and dev Workloads. Theprod
org will host the stage and prod Workloads.
Note: The stage
and prod
Workloads are deployed to the prod
org since these environments should mirror each other.
This example uses the Control Plane CLI to perform the necessary actions within the GitHub Actions. The CLI requires a Service Account
with the proper permissions to perform actions.
Since actions will be performed against multiple Orgs, a Service Account
is required in each Org.
Perform the following steps in each Org:
- Follow the Control Plane documentation to create a
Service Account
and create a key. Take a note of the key. It will be used in the next section. - Add the Service Account to the
superusers
group. Once the GitHub Action executes as expected, a policy can be created with a limited set of permissions and theService Account
can be removed from thesuperusers
group.
Perform the following steps to set up the example:
-
Fork this repo to your own GitHub account.
-
The following variables are required and must be added as GitHub repository secrets.
Browse to the Secrets page by clicking Settings
(top menu bar), then Secrets
(left menu bar), and finally click Actions
.
Add the following variables:
CPLN_ORG_DEVELOPMENT
: Name of thedev
Control Plane Org.CPLN_ORG_PRODUCTION
: Name of theprod
Control Plane Org.CPLN_GVC
: GVC NameCPLN_WORKLOAD
: Workload NameCPLN_TOKEN_DEVELOPMENT
: Development Org's Service Account Key from the previous step.CPLN_TOKEN_PRODUCTION
: Production Org's Service Account Key from the previous step.CPLN_IMAGE
: The name of the image that will be deployed to the development Org's private repository. The GitHub Action workflow will append the short SHA of the commit as the image tag.
-
Review the
.github/workflow/*
files. These actions will be triggered as described in theGitHub Actions
section above. -
Review the Control Plane YAML files that are located in the
/cpln
directory. No changes are required to execute the example.- The
cpln-gvc.yaml
file defines the GVC to be created/updated for thedev
Org. - The
cpln-gvc-prod.yaml
file defines the Pull Secret and GVC to be created/updated for theprod
Org. - The
cpln-workload.yaml
file defines the Workload to be created/updated corresponding to the review/dev/staging/prod Workloads.
- The
-
IMPORTANT: In order for the GitHub Actions to execute, they need to be enabled by clicking the
Actions
tab and clicking theI understand my workflows, go ahead and enable them
button.
After the GitHub Action has successfully deployed the application, it can be tested by following these steps:
- Browse to the Control Plane Console (https://console.cpln.io/).
- If necessary, select a different Org by clicking your profile circle in the upper right corner, click the Org pull-down, and select the target Org.
- Select the GVC that was set in the
CPLN_GVC
variable. - Select the desired Workload.
- Click the
Open
button. The app will open in a new tab and the output will be displayed.
-
The
cpln apply
command creates and updates the resources defined within the YAML file. If the name of a resource is changed,cpln apply
will create a new resource. Any orphaned resources will need to be deleted manually. -
The Control Plane CLI commands use the
CPLN_ORG
andCPLN_TOKEN
environment variables when needed. There is no need to add the --org or --token flags when executing CLI commands. -
The GVC definition must exists in its own YAML file. The
cpln apply
command executing the file that contains the GVC definition must be executed before any child YAML files (workloads, identities, etc.) are executed.
To control which users have the ability to perform sensitive actions, such as merging a pull request, you can utilize the built-in capabilities of GitHub by creating a custom repository role.
Review these instructions on how to create a role.
GitHub