Managing Configuration on Git

Use declarative environment files and PR-based workflows to manage infrastructure provisioning through Git with Bricks Action.

By integrating with Bricks Action, teams can "shift-left" infrastructure provisioning and maintain PR-based workflows, leveraging developer-friendly and GitOps-compatible declarative files.

Recommended Workflow Described

Below is a suggested opinionated workflow that can be modified according to the team's needs.

Developers leverage side branches to provision their infrastructure. Each commit triggers a environment to a developer-owned environment
Once the changes are ready, the engineer opens a Pull Request (PR) to promote the change for review and obtain approval before merging and deploying to shared environments.
Once the Pull Request (PR) is approved, the engineer merges its code and waits for the next release day.
On the release day, the DevOps team should trigger a workflow that detects the recent changes and creates a batch environment.

Batch Environments

Bluebricks recommends aligning infrastructure modifications with the primary SDLC.

On release day, the Delivery team manually triggers or automates a workflow using a ticketing system; the GitHub Action Workflow should collect the recent changes and trigger installation for each.

This approach ensures:

Synchronized application and infrastructure releases.
Controlled, predictable, and repeatable environments.
Automation-driven efficiency with minimal manual intervention.

Github Action Workflow Example

name: Bricks Matrix Environment Workflow

on:
  pull_request:
    branches: [master]
    paths:
      - 'bluebricks/collections/**'
  push:
    branches:
      - master
      - feature/inf-273/environments
    paths:
      - 'bluebricks/collections/**'
  workflow_dispatch:
    inputs:
      plan_only:
        description: 'Generate plan only without deploying'
        required: true
        default: true
        type: boolean

jobs:
  # Detect changes in environments folder and prepare matrix
  changes:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}
      any_changes: ${{ steps.set-matrix.outputs.any_changes }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Fetch all history for detecting changes

      - name: Get changed files
        id: changed-files
        # For PRs use git diff, for manual runs find all YAML files
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Get changed files in PR
            CHANGED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- bluebricks/environments/ | grep -v values.yaml | grep -E '\.ya?ml$' || echo "")
          else
            # For workflow_dispatch, consider all YAML files
            CHANGED_FILES=$(find bluebricks/environments -type f \( -name "*.yaml" -o -name "*.yml" \) ! -name "values.yaml" | sort)
          fi
          echo "Files to process:"
          echo "$CHANGED_FILES"
          {
            echo "CHANGED_FILES<<EOF"
            echo "$CHANGED_FILES"
            echo "EOF"
          } >> "$GITHUB_ENV"

      - name: Set matrix
        id: set-matrix
        run: |
          # Convert changed files to JSON array format
          if [[ -z "$CHANGED_FILES" ]]; then
            echo "No environment files changed"
            echo "matrix=[]" >> $GITHUB_OUTPUT
            echo "any_changes=false" >> $GITHUB_OUTPUT
          else
            # Convert space separated file list to JSON array
            FILES_JSON=$(echo "$CHANGED_FILES" | jq -R -s -c 'split("\n") | map(select(length > 0))')
            echo "matrix=${FILES_JSON}" >> $GITHUB_OUTPUT
            echo "any_changes=true" >> $GITHUB_OUTPUT
          fi

  # Create environment plans for all changed files
  bricks-plan:
    needs: changes
    if: needs.changes.outputs.any_changes == 'true'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        file: ${{ fromJson(needs.changes.outputs.matrix) }}
      # Allow other environments to continue even if one fails
      fail-fast: false
      # Limit parallel executions to avoid rate limiting
      max-parallel: 5
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Extract environment name
        id: extract-name
        run: |
          # Extract environment name from file path for use in job display
          FILENAME=$(basename "${{ matrix.file }}")
          ENVIRONMENT_NAME=${FILENAME%.*}  # Remove extension
          echo "name=$ENVIRONMENT_NAME" >> $GITHUB_OUTPUT

      - name: Create Bricks environment plan (${{ steps.extract-name.outputs.name }})
        uses: bluebricks-co/bricks-action@support-for-install-flow
        with:
          command: install
          file: ${{ matrix.file }}
          # env: ${{ github.event.inputs.environment || 'staging' }}
          plan-only: ${{ github.event.inputs.plan_only || 'true' }}
          api-key: ${{ secrets.BRICKS_API_KEY }}

  # Deploy if workflow_dispatch and plan_only is false
  bricks-deploy:
    needs: [changes, bricks-plan]
    if: |
      needs.changes.outputs.any_changes == 'true' && 
      github.event_name == 'workflow_dispatch' && 
      github.event.inputs.plan_only == 'false'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        file: ${{ fromJson(needs.changes.outputs.matrix) }}
      fail-fast: false
      max-parallel: 3
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Extract environment name
        id: extract-name
        run: |
          FILENAME=$(basename "${{ matrix.file }}")
          ENVIRONMENT_NAME=${FILENAME%.*}
          echo "name=$ENVIRONMENT_NAME" >> $GITHUB_OUTPUT

      - name: Execute Bricks environment (${{ steps.extract-name.outputs.name }})
        uses: bluebricks-co/bricks-action@support-for-install-flow
        with:
          command: install
          file: ${{ matrix.file }}
          api-key: ${{ secrets.BRICKS_API_KEY }}

  summary:
    needs: [changes, bricks-plan]
    if: always() && needs.changes.outputs.any_changes == 'true'
    runs-on: ubuntu-latest
    steps:
      - name: Environment Summary
        run: |
          echo "### Environment Summary" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Processed Environment files:" >> $GITHUB_STEP_SUMMARY
          
          # Use a more reliable approach that avoids complex JSON parsing
          matrix='${{ needs.changes.outputs.matrix }}'
          # Method 1: Simple approach that works even if JSON is malformed
          echo "$matrix" | grep -o '"[^"]*"' | sed 's/"//g' | while read file; do
            echo "- $file" >> $GITHUB_STEP_SUMMARY
          done
          
          # Method 2 (Fallback): If nothing was listed above
          if ! grep -q "^-" $GITHUB_STEP_SUMMARY; then
            echo "- No files were processed or could not parse file list" >> $GITHUB_STEP_SUMMARY
          fi

PreviousManaging Infrastructure-as-Code on Git NextWebhooks

Last updated 7 days ago

Was this helpful?

Good evening

hashtagRecommended Workflow Described

hashtagBatch Environments

hashtagGithub Action Workflow Example

Recommended Workflow Described

Batch Environments

Github Action Workflow Example