{"id":60877,"date":"2024-03-21T12:42:16","date_gmt":"2024-03-21T07:12:16","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=60877"},"modified":"2024-03-21T12:42:16","modified_gmt":"2024-03-21T07:12:16","slug":"adding-approval-workflow-to-your-github-action","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/adding-approval-workflow-to-your-github-action\/","title":{"rendered":"Adding approval workflow to your GitHub Action"},"content":{"rendered":"

Introduction<\/b><\/h2>\n

GitHub Actions has become an integral part of modern software development, streamlining continuous integration and delivery processes. However, users have longed for a straightforward approval flow, similar to Azure Pipelines. It offers a simplified way to incorporate approval steps into CI\/CD pipelines. This update opens doors for users to enhance workflow control.<\/span><\/p>\n

Objective<\/b><\/h2>\n

The objective is to inform and guide GitHub Actions to users through the newly introduced “reviewers” feature, which enables the creation of approval flows within their CI\/CD pipelines.\u00a0<\/span><\/p>\n

The focus is on providing a practical and accessible guide for users to quickly adopt and implement this feature in their workflows.\u00a0<\/span><\/p>\n

The aim is to empower users with the knowledge and tools to enhance their continuous integration and delivery practices using GitHub Actions.<\/span><\/p>\n

Setting things up<\/b><\/h2>\n
    \n
  1. An Azure Account \u2014 You can get a free Azure account as well and do exactly this without any obligation.<\/span><\/li>\n
  2. Set up an Azure App Service resource \u2014 I\u2019m using App Service Linux and just created it using basically all the defaults.\u00a0<\/span><\/li>\n
  3. Download the publish profile and save those somewhere for now as we\u2019ll refer back to them in the next step.<\/span><\/li>\n
  4. In your App Service go to the Deployment Centre and select github action. Then select the options accordingly.<\/span><\/li>\n<\/ol>\n

    That\u2019s it!\u00a0 With those basics set up I can get started with the next steps of building out the workflow.\u00a0 I should note that the steps I outlined here are free for GitHub public repositories.\u00a0 For private repositories you need to be a GitHub Enterprise Server customer.\u00a0 Since my sample is public I\u2019m ready to go!<\/span><\/p>\n

    Environments<\/b><\/h2>\n

    The first concept is Environments. These are basically a separate segmented definition of your repo that you can associate secrets and protection rules with. This is the key to the approval workflow as one of the protection rules is reviewers required (aka approvers).\u00a0 The first thing we\u2019ll do is set up two environments: staging and production.\u00a0 Go to your repository settings and you\u2019ll see a new section called Environments in the navigation.\u00a0<\/span><\/p>\n

    \"\"<\/p>\n

    T<\/span>o create an environment, click the New Environment button and give it a name. I created one called production and one called APPROVAL. In each of these you can do things independently like secrets and reviewers. Either way\u00a0 click the Required reviewers checkbox and add yourself at least and save protection rules.\u00a0<\/span><\/p>\n

    Add Required reviewers. You can add the users for reviewers and these users are those who are collaborators.\u00a0<\/span><\/p>\n

    Now we\u2019ll add some secrets. With Environments, you can have independent secrets for each environment. Remember those profiles you downloaded earlier, now you\u2019ll need them. In the production environment create a new secret named PUBLISH_PROFILE and paste in the contents of the publish profile. This allows our workflow to use environment-specific secret settings when they are called naming as we\u2019ll be marking the environment in the workflow and it will pick up secrets from that environment only (or the repo if not found there \u2013 you can have a hierarchy of secrets effectively).<\/span><\/p>\n

    Send a Google Chat Notification from a GitHub Action<\/b><\/h2>\n

    To receive notifications when you want to build and deploy on prod to approve it.<\/span><\/h2>\n
      \n
    1. Configure WebHook in a Google Chat Room to receive notifications \u00a0\u2192 <\/span>Direct message or spaces (select any one) \u2192 App & Integrations \u2192 Add webhooks. Then copy the webhook link.<\/li>\n
    2. Select the Github Repository.<\/li>\n
    3. Configure secrets needed for the GitHub action. We maintain the webhook URL (created in step 1)as a repository secret.<\/span><\/li>\n<\/ol>\n