Skip to content

Using GitHub Actions with AppPack (Advanced)

AppPack will setup a full continuous integration pipeline for your app on AWS. This is the recommended approach, however in some scenarios an application may require more flexibility than what is built-in.

AppPack maintains a few GitHub Actions that can be used to let you build a custom application pipeline using GitHub Actions.

Prerequisites

  1. Create an IAM User
  2. Attach a prebuilt IAM Policy to the user. It will be named apppack-app-{appname}-CodebuildPolicy-{random}. For example, a policy for the app ll-production might be named apppack-app-ll-production-CodebuildPolicy-RMSWNYR4ZW6W.
  3. Create access keys for the user
  4. Add those as encrypted secrets in your GitHub Repository

Tip

In general, it is best practice not to generate static access keys for your AWS environment, but when performing actions outside AWS in an automated environment, it is more-or-less unavoidable. Treat these as you would any other account password and consider rotating them regularly to reduce risk in the event of a leak.

Available Actions

Using the Actions in a Workflow

Here is an example workflow which uses a custom test process with AppPack in GitHub Actions:

name: apppack-build

on: [push]

jobs:
  pipeline:
    runs-on: ubuntu-20.04
    env:
      AWS_DEFAULT_REGION: us-east-1
    steps:
      - uses: actions/checkout@v2
      - name: Build
        id: build
        uses: apppackio/build-action@v1
        with:
          appname: my-app
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - name: Test
        run: |
          set -euf -o pipefail
          docker run --rm \
             --entrypoint /cnb/lifecycle/launcher \
             ${{ steps.build.outputs.docker_image }} \
             my-test-script | tee test.log
      - name: Upload Artifacts
        uses: apppackio/upload-artifacts-action@v1
        with:
          appname: my-app
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - name: Deploy
        uses: apppackio/deploy-action@v1
        with:
          appname: my-app
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}