The process of pull request gating is straightforward. At the end of the Dev CD workflow, we’ll introduce a step to initiate a pull request to merge dev into the prod branch. Human approval is required to proceed with merging the pull request. This step highlights how various organizations may adopt different methods to verify and promote tested code. Some may opt for automated merging, while others may prioritize human-triggered actions. Once the code is successfully merged into the prod branch, it triggers the Prod CD workflow. This workflow creates the Prod environment and deploys our application. It also executes the same integration test we ran in the Dev environment to ensure the deployed application in Prod remains intact.
Here’s the step we’ll add to the Dev CD workflow:
raise-pull-request:
name: Raise Pull Request
needs: [binary-auth]
uses: ./.github/workflows/raise-pr.yml
secrets: inherit
As we can see, this step invokes the raise-pr.yml file. Let’s look at that:
steps:
uses: actions/checkout@v2
name: Raise a Pull Request
id: pull-request
uses: repo-sync/pull-request@v2 with:
destination_branch: prod
github_token: ${{ secrets.GH_TOKEN }}
This workflow does the following:
• Checks out the code from the repository
• Raises a pull request to merge with the prod branch using the GH_TOKEN secret
To enable the workflow’s functionality, we need to define a GitHub token. This token allows the workflow to act on behalf of the current user when creating the pull request. Here are the steps:
- Go to https://github.com/settings/personal-access-tokens/new.
- Create a new token with Repository access for the mdo-environments repository, granting it the read-write pull request permission. This approach aligns with the principle of least privilege, offering more granular control.
- Once the token is created, copy it.
- Now, create a GitHub Actions secret named GH_TOKEN and paste the copied token as the value. You can do this by visiting https://github.com// mdo-environments/settings/secrets/actions.
Next, let’s proceed to copy the workflow files using the following commands:
$ cd ~/mdo-environments/.github/workflows
$ cp ~/modern-devops/ch13/raise-pr/.github/workflows/dev-cd-workflow.yml .
$ cp ~/modern-devops/ch13/raise-pr/.github/workflows/raise-pr.yml .
We’re ready to push this code to GitHub. Run the following commands to commit and push the changes to your GitHub repository:
$ git add –all
$ git commit -m “Added PR Gating”
$ git push
This should trigger a GitHubActions workflow in your GitHub repository, and you should observe something similar to the following:
Figure 13.14 – Raising a pull request
GitHub has generated a pull request to merge the code into the prod branch, and the Dev CD workflow is running as anticipated. We can now review the pull request and merge the code into the prod branch.
