[go: up one dir, main page]
Scribd
Upload
16 views7 pages

CI CD Guide With GitHub Actions

CI_CD_Guide_with_GitHub_Actions

Uploaded by

Wahyu Cahyadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views7 pages

CI CD Guide With GitHub Actions

CI_CD_Guide_with_GitHub_Actions

Uploaded by

Wahyu Cahyadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Panduan Praktis CI/CD + GitHub Actions

Materi ringkas berbahasa Indonesia lengkap dengan diagram pipeline dan contoh YAML GitHub Actions.
Ringkasan CI/CD
CI/CD (Continuous Integration/Continuous Delivery/Deployment) mengotomatisasi proses build, test, dan
rilis aplikasi. Tujuan utamanya adalah mempercepat siklus rilis, menjaga kualitas, dan menurunkan risiko
perubahan besar.

Komponen Umum: Source Control • Build • Test • Artifact • Deploy • Monitor


Diagram Pipeline CI/CD
Contoh 1 — GitHub Actions: Node.js CI (Build & Test)
File: .github/workflows/ci-node.yml
name: CI - Node.js
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
build-test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Install deps
run: npm ci
- name: Lint
run: npm run lint --if-present
- name: Unit test
run: npm test -- --ci --reporters=default --reporters=jest-junit
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: test-reports-${{ matrix.node-version }}
path: |
junit.xml
coverage/**
Contoh 2 — Build & Push Docker ke GHCR + Deploy ke
Kubernetes
File: .github/workflows/cd-docker-k8s.yml

Catatan: environment dengan required reviewers di GitHub dapat dipakai sebagai gate (approval)
sebelum deploy ke production. Set rahasia (secrets) seperti GHCR_TOKEN, KUBE_CONFIG, dan
variabel lainnya di GitHub repository Settings → Secrets and variables.
name: CD - Docker & Kubernetes
on:
workflow_run:
workflows: ["CI - Node.js"]
types: [completed]
branches: [ main ]

jobs:
publish-and-deploy:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
environment: production
steps:
- uses: actions/checkout@v4

- name: Log in to GHCR


uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build & push image


uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:latest

- name: Set up kubectl


uses: azure/setup-kubectl@v4

- name: Configure kubeconfig


run: |
mkdir -p $HOME/.kube
echo "${{ secrets.KUBE_CONFIG }}" > $HOME/.kube/config

- name: Deploy to cluster


run: |
kubectl set image deployment/app app=ghcr.io/${{ github.repository }}:latest
kubectl rollout status deployment/app --timeout=180s
Contoh 3 — Terraform Plan/Apply dengan Approval
(Environment Gates)
File: .github/workflows/infra-terraform.yml

Gunakan environment staging dan production yang memerlukan approval. Set variabel seperti
TF_VAR_* dan credentials cloud (mis. AWS) di Environment secrets agar isolation lebih kuat.
name: IaC - Terraform
on:
push:
paths:
- infra/**
branches: [ main ]

jobs:
plan:
runs-on: ubuntu-latest
defaults:
run:
working-directory: infra
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- name: Terraform Init
run: terraform init -input=false
- name: Terraform Plan
run: terraform plan -input=false -out=tfplan
- name: Upload plan
uses: actions/upload-artifact@v4
with:
name: tfplan
path: infra/tfplan

apply:
needs: plan
runs-on: ubuntu-latest
environment: production
defaults:
run:
working-directory: infra
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- name: Download plan artifact
uses: actions/download-artifact@v4
with:
name: tfplan
path: infra
- name: Terraform Apply (Approved)
run: terraform apply -input=false tfplan
Best Practices untuk GitHub Actions
• Pisahkan pipeline CI (validasi kode) dan CD (rilis).
• Pakai cache build (npm, pip, docker layers) untuk mempercepat eksekusi.
• Gunakan environments dan protected branches sebagai kontrol rilis/approval.
• Simpan rahasia di Secrets & gunakan OIDC (id-token) untuk akses cloud yang lebih aman (tanpa
long■lived keys).
• Terapkan matrix build & parallel jobs untuk feedback cepat.
• Kirim artifact (coverage, report, sbom) agar rilis terdokumentasi & auditable.
• Monitor pipeline (durasi, tingkat kegagalan) untuk perbaikan berkelanjutan.

You might also like