Deployment made easy with GitHub Actions

GitHub Actions is a CI/CD platform offered by GitHub and it’s here to make the automation of build, test and deploy pipelines easier than ever before.

The platform was launched in 2019 and is growing more and more popular.

Here are some of the key advantages of using GitHub Actions that I can mention:

• It’s already there. If you have a GitHub repository you can start using actions to automate every stage of your project lifecycle, no setup required, everything is managed by GitHub.
• It’s platform agnostic. No matter the technology your project uses you can probably find a suitable action in the marketplace, and you can run that action either by using a GitHub provided runner or a self-hosted one.
• It’s fully integrated. You can use repository events or webhooks from third party apps to trigger your actions.
• It’s community driven. You can choose from thousands of actions that were created and shared publicly to support a wide variety of workflows.

All the magic happens inside GitHub Workflows written in a friendly YAML format and which can be triggered manually, by repository or external events and can also run on a schedule.

Workflows contain one or multiple Jobs which have a series of steps that are all executed in a dedicated runner. All the complex and repetitive tasks that are needed to run inside multiple Jobs and Workflows can be built into Actions, or you can use an appropriate one from the GitHub Actions Marketplace.

ForgeRock Secure API Gateway (SAPI-G) is driven by accessibility, fast implementation, and community support and this is mainly what GitHub Actions brings to the table and what would make them a good match.

The SAPI-G architectural complexity adds some level of intricacy to the deployment procedure and I believe that using GitHub Actions would make a significant impact on the speed and simplicity of deployment.

To kick things off I am looking into how the Identity Platform configuration process can be automated to be more straightforward and more adaptable to changes.

I welcome any opinions, questions, or advice on this topic.

@dragos.panaitescu interested to hear more about how the secrets associated to the deployment can be managed. Would this be using github encrypted secrets or something of this sort Encrypted secrets - GitHub Docs ?

or maybe some vault/pam like integration?

At this point I have used GitHub Actions Encrypted Secrets and I can say they are most straight forward approach. But as I mentioned in the post, GitHub Actions Marketplace is full of already available actions that you can use, including a Vault Secrets action which gives you easy access to any secrets stored inside Vault (you can find it here: Vault Secrets · Actions · GitHub Marketplace · GitHub).