Configure GitHub
This section discusses how you can configure Github to integrate with Duplo
Prerequisites
Deploy and test the application - To use GitHub CI/CD, deploy your application with DuploCloud as a Service and test that it works as expected.
Add Google Cloud Credentials - Add a Service Account, setting up Cloud Credentials for GCP in DuploCloud.
Obtaining and configuring an API token
To call a DuploCloud API from Github, obtain an API token.
Create a Service Account user in DuploCloud. Service Account users are usernames that are not an email address, such as
github-bot
ormy-api-user
. These users do not log in, but their account owns the API token.Give the DuploCloud user access to the desired Tenant. See adding Tenant access for a user.
Create an API token for that user. See creating API Tokens.
Add a GitHub Repository secret that contains the DuploCloud API token.
Adding Tenant access for users
pageTenant access for usersGCP Security Account
When using GCP with a dedicated security account for pipeline access, you must make it available to the pipelines.
Creating the Service Account for GCP
Select the project.
Create a key for the Service Account and download the JSON credentials for use in GitHub Actions.
In GitHub, navigate to Settings.
Create a GitHub Actions Secret named
CLOUD_CREDENTIALS
with the contents pasted from the JSON credentials you downloaded from the Service Account.Create a GitHub Actions Variable named
CLOUD_ACCOUNT
with the Project ID or Name from GCP.
The JSON Credentials file you download has the following content:
Azure Security Account
Create an Azure Security Account with needed permissions in Azure Entra ID.
The JSON Credential file has the following content:
Within Github Actions Settings
Create a Github Actions Secret named
CLOUD_CREDENTIALS
with the contents pasted from the json credentials you downloaded from the service accountCreate a Github Actions Variable named
CLOUD_ACCOUNT
with the directory name for Azure.
Setup Duplocloud in a Workflow
To get fully setup with Duplocloud and the underlying cloud provider you use, you get everything you need setup with duplocloud/actions/setup. This action will install the cli for duplocloud and the CLI for the underlying cloud as well. Finally it will perform a safe login so subsequent steps may freely interact with duplocloud or the cloud it manages.
Here is the most basic setup for any pipeline to get started.
Configuring Environments for Github Actions
Github Environments are how you define different deployment environments for your workflows and how they are differ from one to the other. Here you define environment specific variables and secrets. This allows you to parameterize and secure your workflows. We highly recommend using this feature, however it is paid and therefore optional since you may not have it.
The most common use case with Duplocloud is to match up one Tenant to one Environment. Imagine we have a tenant named dev01
, then you make a new environment in every repo which will deploy to it named dev01
. Often times you may not even need to add any secrets or variables because we already added the DUPLO_HOST
and DUPLO_TOKEN
at the repo level earlier and you only need the name of the environment as the value for the DUPLO_TENANT
.
This shows how to configure a job to use an environment using an input and match it up to the tenant.
The input type is environment
which only works on workflow_dispatch
because it provides a UI with a drop down selector for choosing from the list of configured Github Environments. On any other event type, the environment input would simply be type string and you pass in a name.
References:
The rest of this documentation will assume that you named the GitHub repository secret DUPLO_TOKEN
.
Last updated