Repository Settings
Set secrets at the environment, repository or organization level
Reference the secret in the workflow YAML file:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: pbi-tools deploy | |
| run: | | |
| /app/pbi-tools/pbi-tools.core deploy . "$PROFILE" | |
| env: | |
| PBI_CLIENT_SECRET: ${{ secrets.PBI_CLIENT_SECRET }} |
Protect the ‘main’ and ‘Release’ branches
Further Reading: About protected branches
Optionally, configure Environment protection rules
Optionally, protect tags
This prevents developers from creating and pushing their own tags.
GitHub Actions - CI/CD Pipeline
Each CI/CD pipeline is defined as a workflow with a corresponding YAML file in the (standard) .github/workflows folder:
The three workflow files aboce are essentially identical. They only differ in the type of trigger used and the target environment.
Development Trigger
on:
pull_request:
branches:
- 'Release/*'
UAT/Staging Trigger
on:
push:
branches:
- 'Release/*'
Production Trigger - Schedule
on:
schedule:
- cron: '0/10 * * * *'
Production Trigger - Push
on:
push:
branches:
- 'main'
Full Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy-UAT | |
| # Controls when the workflow will run | |
| on: | |
| push: | |
| branches: | |
| - 'Release/*' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| inputs: | |
| whatIf: | |
| description: 'Enable WhatIf Mode' | |
| type: boolean | |
| required: true | |
| default: true | |
| env: | |
| PROFILE: Contoso | |
| jobs: | |
| Deployment: | |
| runs-on: ubuntu-latest | |
| environment: UAT | |
| container: | |
| image: ghcr.io/pbi-tools/pbi-tools-core:1.0.0-rc.2_20220525 | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v3 | |
| - name: pbi-tools info | |
| run: | | |
| /app/pbi-tools/pbi-tools.core info | |
| - name: pbi-tools deploy (WhatIf) | |
| if: ${{ github.event.inputs.whatIf == 'true' }} | |
| run: | | |
| /app/pbi-tools/pbi-tools.core deploy . "$PROFILE" UAT -whatIf | |
| env: | |
| PBI_CLIENT_SECRET: ${{ secrets.PBI_CLIENT_SECRET }} | |
| - name: pbi-tools deploy | |
| if: ${{ github.event.inputs.whatIf != 'true' }} | |
| run: | | |
| /app/pbi-tools/pbi-tools.core deploy . "$PROFILE" UAT | |
| env: | |
| PBI_CLIENT_SECRET: ${{ secrets.PBI_CLIENT_SECRET }} |
View previous workflow runs on the “Actions” tab
Environments
Access active environments from the project landing page:
The full deployment history for all environments:
Detail view for a particular deployment:
