Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

OpenShift Actions: Deploy to Red Hat OpenShift directly from your GitHub repository

February 13, 2020
Luca Stocchi
Related topics:
CI/CDDeveloper ToolsDevOps
Related products:
Red Hat OpenShift

Share:

    Here is a common situation: You write your code, everything is on GitHub, and you are ready to publish it. But, you know that your job is not finished yet. You need to deploy your code and this process can be a nightmare at times.

    Ideally, you should be able to do this whole process all in one place, but until now, you always had to set up external services and integrate them with GitHub (or add post-commit hooks). What if, instead, you could replace all of these extras and run everything directly from your GitHub repository with just a few YAML lines? Well, this is exactly what GitHub Actions are for.

    GitHub Actions are a new feature recently introduced by GitHub. They enable users to set up custom software development life cycle (SDLC) workflows directly from their GitHub repositories. By using actions, developers can let GitHub take care of a number of processes that can be triggered by a variety of events on the platform, like pushing code, making a release, and so on. This way, you can let GitHub deploy your app every time an event occurs and just focus on your code.

    Although GitHub Actions is still quite new, we could not wait to make an action and let developers connect and deploy to their Red Hat OpenShift cluster directly from their GitHub repository. In this article, we will take a quick look at the OpenShift Actions extension and show how easy it is to set up and use.

    Note: OpenShift Actions can be downloaded from the GitHub marketplace directly from this link.

    Using OpenShift Actions

    To use OpenShift Actions in your GitHub repository, start by creating your workflow and saving it as a YAML file in .github/workflows/<file name>.yml. By clicking on the Actions tab (on top of your repository, next to Pull request) you will be shown the most popular continuous integration workflows and you will be guided to set up your own, as shown in Figure 1.

    new workflow in the GitHub Actions tab

    Figure 1: Your new workflow in GitHub.">

    As you can see in the example below, you can define the events that trigger your workflow, the runner to execute each job (e.g., different types and versions of virtual host machines, including Linux, Windows, and macOS), and all of the actions to run:

    name: CI
    on:
      # Trigger the workflow on push to the master branch
      push:
        branches:
          - master
    jobs:
      build:
        runs-on: ubuntu-latest
        steps:
        - name: OpenShift Action
          uses: redhat-developer/openshift-actions@v1.1
          with:
            version: 'latest'
            openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}
            parameters: '{"apitoken": "${{ secrets.API_TOKEN }}", "acceptUntrustedCerts": "true"}'
            cmd: |
              'version'
              'start-build nodejs-ex --follow'
              'status'
    

    In our example, we want to deploy our application on OpenShift every time something is pushed to our master. For this reason, we configure our workflow to start when the event push occurs and also specify the branch we are interested in, the master. If the branch is omitted, the workflow will trigger on each push made to the repository.

    Next, we need to specify whether to use a GitHub-hosted or self-hosted runner. GitHub only provides runners on Windows Server 2019, Linux Ubuntu 16.04/18.04, and macOS Catalina 10.15. If you want to have your own runner on Red Hat Enterprise Linux/CentOS/Fedora, you have to choose self-hosted. Here is a list of all supported operating systems.

    Finally, we need to set up all of the actions (steps) we want to execute. In this case, we are just deploying our application to our OpenShift cluster using our OpenShift action, but you could also add another action to send an email or an SMS to someone, or run tests. Just use your imagination.

    Note: In this example, we are using OpenShift Actions v1.1. To use the latest release, go to the marketplace.

    OpenShift action inputs

    You can see that the OpenShift action requires inputs to run. Let’s look at what they are and what they are for:

    • version (optional): The version of the oc CLI that we want the OpenShift Actions to use when executing commands. This input accepts three different values:
      • version number (i.e., 3.11.36)
      • URL for downloading the oc bundle (i.e., https://mirror.openshift.com/pub/openshift-v3/clients/3.11.36/linux/oc.tar.gz)
      • version:
        • Used in the form version: 'latest'.
        • Downloads the latest version available.
        • Acts as the default value for this input.
    • openshift_server_url (required): The URL for the OpenShift cluster, used in the form openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}.
    • parameters (required): A JSON string with the values needed to connect to the OpenShift cluster. Must be in the form parameters: '{"apitoken": "${{ secrets.API_TOKEN }}", "acceptUntrustedCerts": "true"}'.
    • cmd (required): One or more oc commands to be executed.

    OpenShift action authentication

    To allow the extension to connect to our cluster, we need to configure an OpenShift connection. The parameters input is used for this purpose. Based on its value, one of two supported authentication methods will be used: basic or token.

    Basic authentication

    The parameters input uses a username and password to connect to the cluster, i.e., parameters: '{"username": "${{ secrets.USERNAME }}", "password": "${{ secrets.PASSWORD }}", "acceptUntrustedCerts": "true"}'

    Name Requirement Description
    username required The OpenShift username.
    password required The password for the specified user.
    acceptUntrustedCerts optional Whether it is ok to accept self-signed (untrusted) certificates.
    certificateAuthorityFile optional The path to where the certificate authority file is stored.

    Token authentication

    The parameters input uses an API token to connect to the cluster, i.e., parameters: '{"apitoken": "${{ secrets.API_TOKEN }}"}'.

    Name Requirement Description
    apitoken required The API token used for authentication.
    acceptUntrustedCerts optional Whether it is ok to accept self-signed (untrusted) certificate.
    certificateAuthorityFile optional The path where the certificate authority file is stored.

    Secrets

    As you can see above, we never write our sensitive data in the clear. We always use secrets. Even though this setup is not mandatory, we highly suggest using secrets when needed.

    Secrets are encrypted environment variables created in a repository and are only used by GitHub Actions. GitHub encrypts secrets in the web browser using public key-authenticated encryption and the Poly1305 cipher algorithm. For more information, see the TweetNaCl.js documentation.

    To make a secret available to an action, you must set it in your repository and then add it as an input or environment variable in the workflow file.

    Note: For an organization's repository, you must have admin access in order to create encrypted secrets. For a user account repository, you must be the repository owner to create encrypted secrets.

    Here is how to create a secret:

    1. Go to the main page of your repository.
    2. Click on Settings.
    3. In the left sidebar, select Secrets.
    4. Type a name for your secret in the Name input box. (Secret names must be unique and cannot contain any spaces.)
    5. Type the value for your secret. (To ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. Avoid creating secrets that contain JSON or encoded Git blobs.)
    6. Click Add secret.

    Note: Your workflow can have up to 100 secrets.

    Final words

    At this point, you should be able to set up your workflow and see the OpenShift action running every time the event chosen in your YAML file is triggered. To check if your workflow is working properly, you can always visit the Actions tab in your repository and verify that all of the steps succeeded, as shown in Figure 2.

    Workflow status in the Actions tab

    Figure 2: Check on your workflow in your repository's Actions tab.">

    If you encounter any bugs, have any suggestions, or if you would like to have a new feature implemented, you can submit an issue through our repo. OpenShift Actions is an open source project and suggestions, comments, and pull requests are always welcome.

    Last updated: February 5, 2024

    Recent Posts

    • Assessing AI for OpenShift operations: Advanced configurations

    • OpenShift Lightspeed: Assessing AI for OpenShift operations

    • OpenShift Data Foundation and HashiCorp Vault securing data

    • Axolotl meets LLM Compressor: Fast, sparse, open

    • What’s new for developers in Red Hat OpenShift 4.19

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue