Automatically Build and Deploy Your Site using GitHub Actions and Webhooks

5 minute read

In this post I will explain how you can use GitHub to automate the build and deployment processes that you have. I am going to automate the deployment of this site but you can do whatever you want. Just understanding the basics will be enough.

Introduction to GitHub Actions and Webhooks

Let me start by explaining what are GitHub Actions and GitHub Webhooks.

Github Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.

Webhooks provide a way for notifications to be delivered to an external web server whenever certain actions occur on a repository or organization. … For example, you can configure a webhook to execute whenever:

  • A repository is pushed to
  • A pull request is opened
  • A GitHub Pages site is built
  • A new member is added to a team

Defining the problem and solution

As I said, my example will be automating the deployment of this site. Here is the normal workflow of me doing it manually: My workflow

As you can see, the only place where my work is really required is writing the post. Other two steps can be automated. We will use GitHub Actions to generate the site content and Webhooks to let our server know about the new content so it can pull the changes. Let’s get started.

Setting up GitHub Actions

Setting up a GitHub Action is as easy as creating a .yml file in .github/workflows/ directory in your repository. Let us create a new action to build our site. Fortunately, there is already a GitHub action to do it for us. Create a file called .github/workflows/jekyll.yml in your root directory of your repository and put the following contents:

name: Jekyll site CI

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2

    - name: Jekyll Actions
      uses: helaili/jekyll-action@2.2.0
      with:
        token: ${{ secrets.GITHUB_TOKEN }} 
        keep_history: true
        target_branch: 'gh-pages'

That’s it! We have created our first Action. When we push this change, GitHub will start building our site and push the result to gh-pages branch. Currently, it will take a while to build because we don’t use caching. So let’s include it to build faster. Add the following piece as a second step:

# Use GitHub Actions' cache to shorten build times and decrease load on servers
- uses: actions/cache@v2
  with:
    path: vendor/bundle
    key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile') }}
    restore-keys: |
      ${{ runner.os }}-gems-

We are done with the Actions part. You can see the final code here. When you are also done with the code, just push it to trigger the action.

Now that we set up our Action to build the site, we need to let our server know about the changes so that it can pull the changes.

Creating a Webhook from GitHub

To add a Webhook, open your repository in browser and navigate to ‘Settings > Webhooks’ and click ‘Add Webhook’. Fill in the form with appropriate values. Here is an example: Webhook form example

This is all you have to do from GitHub. Now, whenever there is a push event to your repository, GitHub will send a POST request to your payload url with the details.

Note: Our Action is configured to push to a branch in our repository, so it will also trigger this hook and we will catch it.

Creating an endpoint to handle the requests

I will use Flask framework to handle the post requests coming to our endpoint. You can use whatever programming language or framework you want. It will be very simple code with just one job: Validate the secret keys and run a specific code.

Let’s start by creating a new project and a virtual environment:

mdkir post_receiver
cd post_receiver
python3 -m venv venv
source venv/bin/activate

Install the required packages:

pip install Flask gunicorn

Create a new file for storing our environment variables:

# config.py

APP_KEY = "your-secret-key" # same key that is used in github while creating the webhook
PROJECT_PATH = "/path/to/your/project/" # you will want to cd into this path and perform commands such as git pull etc.

And create the Flask application:

# post_receiver.py

import hashlib
import hmac
import subprocess

from flask import Flask, request

import config

application = Flask(__name__)

@application.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'GET':
        return 'OK'
    elif request.method == 'POST':
        content = request.data
        secret = bytes(config.APP_KEY, 'utf-8')
        digester = hmac.new(secret, content, hashlib.sha256)
        calculated_signature = 'sha256=' + digester.hexdigest()
        actual_signature = request.headers.get('X-Hub-Signature-256')
        if calculated_signature == actual_signature:
            subprocess.Popen(
            ['./perform-git-pull.sh', config.PROJECT_PATH])
            return 'OK'
        else:
            return 'Error'

if __name__ == "__main__":
    application.run(host='0.0.0.0')

I will not go into details explaining what each line does. Basically, we are checking if the request is a POST request and if so we are comparing the secret keys to make sure that the request is coming from GitHub. In our case, this is not too important because when the keys match we are running simple git commands in our repository but you might need it if you are doing something more complicated. And here is the contents of perform-git-pull.sh file:

#!/bin/bash

cd $1
git checkout gh-pages
git pull

We are almost done! All we need to do is create a service to automatically run our code and let nginx handle our endpoint correctly.

Create a new file post_receiver.service in /etc/systemd/system/:

#/etc/systemd/system/post_receiver.service

# change <user> to your actual username
[Unit]
Description=post_receiver
After=network.target multi-user.target

[Service]
User=<user>
Environment="PYTHONPATH=/home/<user>/post_receiver/venv/bin/python"
WorkingDirectory=/home/<user>/post_receiver
ExecStart=/home/<user>/post_receiver/venv/bin/gunicorn -b 127.0.0.1:5000 -w 2 --log-file /home/<user>/post_receiver/post_receiver.log post_receiver

[Install]
WantedBy=multi-user.target

Make sure port 5000 is reachable from outside.

sudo ufw allow 5000
sudo ufw enable

Finally, edit your nginx configuration, /etc/nginx/sites-available/yoursite

location =  /postreceive/ {
    proxy_pass          http://localhost:5000/;
}

Start, restart the services

sudo systemctl daemon-reload
sudo systemctl start post_receiver
sudo systemctl enable post_receiver
sudo systemctl restart nginx

That’s it! curl https://yourdomain.com/postreceive/ should return "OK" and we are ready to accept POST requests from GitHub.

Notes for debugging

In case anything goes wrong, here are a few tips to debug:

  • Every GitHub Action produces a log that you can examine. Check them to see if anything is odd.
  • In the Webhooks tab, there is a sub-tab called Recent Deliveries. You can take a look at there to see the results of the requests from your hooks.
  • You can always test your code locally with curl:
    ❯ curl -i -X POST -H 'Content-Type: application/json' -d '{"foo": "bar", "bar": "baz"}' https://yourdomain.com/postreceive/
    

Happy hacking!

Updated: