Get in action with Github Actions
Github Actions has been a popular CI/CD tool from Github which allows us to customize our CI/CD workflows. One of the convenient ways to implement a CI pipeline is to integrate Github Actions with Fastlane.
To set up the Fastlane in your mobile repo, refer to this post — “Release Apps Faster with Fastlane ”. It's recommended to go through it to have a better understanding of complete flow.
Github Actions can trigger various lanes we have defined in Fastfile and allows us to decide when to trigger them.
The project structure will look as follows.
workflows directory will have the various workflow files. Each workflow file decides the trigger event and what actions should occur on that event.
Let’s start with the workflows.
Below workflow triggers the alpha lane from the Fastfile when any code is pushed to develop branch.
You can find Fastfile details here.
The steps in workflow are executed sequentially.
The “on” keyword looks for the event which is “push” in this case.
Under “push”, we need to define a branch name of which push event we want to listen to. In this case, it is “develop”.
We can specify multiple branches, paths or even tags.
branches-ignore, path-ignore and tag-ignore works the reverse way.
uses keyword allows us to use predefined actions. Actions are reusable code. Some actions require inputs that you must set using the with keyword. Review the action's README file to determine the inputs required.
So, you get the idea. You can find an exhaustive list of keywords here.
Secrets
The next part is to store secrets securely. The easiest way is to store them in Github secrets. They are encrypted before they are stored by Github. There are below naming rules which need to be followed.
We can access secrets in our workflow by calling —
“${{ secrets.SECRET_PASSPHRASE }}” where SECRET_PASSPHRASE is the secret name.
Secrets could be stored at the repository level or organization level. Organization-level secrets require admin access which can be restricted to particular repositories.
Also, Github suggests not storing JSON secrets directly. e.g. service account JSON files which are required by Firebase App Distributor or Google Play Store while uploading builds.
Here, we can encrypt the JSON file and store the passphrase safely in Github Secrets.
Let’s encode with gpg using a passphrase and store the encoded JSON file in the project directory.
$ gpg --symmetric --cipher-algo AES256 credentials.json This will prompt for a passphrase which we will save later in Github Secrets. This command will generate credentials.json.gpg file. Add this file to one of the project directories.
Now, let’s write a script to decrypt credentials.json.gpg file to give us credentials.json
The output of the script credentials.json will be stored temporarily in our project directory — ./app/keys/credentials.json.
This file will picked by lane in Fastfile to do its job. The job could be uploading the build to Google play Store, Firebase App Distributor or App center depending upon which lane is called by the Github workflow as below.
- name: Run lane alpha
uses: maierj/fastlane-action@v1.4.0
with:
lane: ‘alpha’
env:
BRANCH_NAME: develop
BUILD_NUMBER: ${{ env.BUILD_NUMBER }}
We should delete the decrypted credentials.json file once we are done with our task. We can add that step in the workflow. Script follows as below.
Further, its nice to add steps to notify build updates. In the above workflow code you find an example to notify in a Slack channel.
There may exist more workflow files in workflows directory which would trigger jobs and invoke lanes which will perform specific tasks.
Hope this article helps you to get on track with quicker and smoother CI/CD implementation.
Feel free to share, comment and clap if you found this article useful :)
