Integrate with GitHub Actions

The Decodable CLI can be used in GitHub Actions to automate deployment of Decodable resources, such as pipelines and connections.

At a high level, the workflow uses the Decodable CLI to apply Decodable resource definitions. See this guide for details of invoking the CLI from a script.

Below is an example of doing this with a custom Flink pipeline.

Prerequisites

Authentication

It’s recommended that you create a dedicated user within your Decodable account with the permissions required. The benefit of a dedicated account is that any personnel changes at your company won’t impact the automation that you create here.

Storing authentication details

  1. Run decodable login --file my_account.auth and follow the prompts to login to Decodable using the dedicated account.

  2. Extract the value for refresh token: from my_account.auth. You can do this programmatically with yq:

    yq '.tokens.default.refresh_token' my_account.auth
  3. Store the refresh token value as a GitHub secret. In the example below we’ll assume that it’s stored as a secret called DECODABLE_REFRESH_TOKEN.

Resource definition

Declarative resource management is a powerful feature of Decodable to define one or more Decodable resources using YAML. These can be written by hand, or more commonly, extracted from existing resources.

Here is an example resource definition to create a custom Flink pipeline written in Java.

resources.yaml
---
kind: pipeline
metadata:
    name: java_pipeline
spec_version: v1
spec:
    type: JAVA
    job_file_path: target/decodable-custom-pipeline-0.1.jar
    properties:
        flink_version: 1.18-java11

Suggested workflow

Install CLI

You will need to make the CLI available in your GitHub workflow. You can download the CLI from here.

An example Docker container for the CLI is also available for reference.

Configure CLI

As described here, two files must be present for the CLI to work without user interaction. Below is an example of generating these.

  • Authentication details

    cat <<EOF > ~/.decodable/auth
    version: 1.0.0
    tokens:
        default:
            refresh_token: ${{ secrets.DECODABLE_REFRESH_TOKEN }}
    EOF
  • Account details

    cat <<EOF > ~/.decodable/config
    version: 1.0.0
    active-profile: default
    
    profiles:
      default:
        account: ${{ vars.DECODABLE_ACCOUNT_NAME }}
    EOF

    This assumes that you’ve stored your Decodable account name in a GitHub variable called $DECODABLE_ACCOUNT_NAME

Apply the Decodable resources

Once the authentication file is created, you can call the Decodable CLI to apply the resources to your Decodable account:

decodable apply resources.yaml

Putting it together in a GitHub workflow

This example GitHub Actions workflow will run when code is pushed to the main branch.

The workflow installs the CLI, configures it, and then applies all the resource definitions under the folder decodable-cicd. For example, you might have the following structure:

$ tree declarative-cicd
declarative-cicd
├── connections
│   └── datagen-01.yaml
└── pipelines
    └── count-messages.yaml

To use this workflow you should store:

.github/workflows/deploy-decodable.yaml
name: Deploy Decodable resources

on:
  push:
    branches:
      - main
  # pull_request:
  workflow_dispatch:

jobs:
  setup-and-apply:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    - name: Download and unpack the Decodable CLI
      run: |
        curl -L https://releases.decodable.co/decodable-cli/linux/amd64/decodable-cli-linux-amd64-1.20.0.tar.gz -o /tmp/decodable-cli.tar.gz && \
        tar -xzf /tmp/decodable-cli.tar.gz -C /tmp && \
        sudo mv /tmp/decodable-cli-linux-amd64-1.20.0/bin/decodable /usr/local/bin && \
        rm -r /tmp/decodable-cli.tar.gz /tmp/decodable-cli-linux-amd64-1.20.0

    - name: Create Decodable CLI auth file
      run: |
        mkdir -p ~/.decodable
        cat <<EOF > ~/.decodable/auth
        version: 1.0.0
        tokens:
          default:
            refresh_token: ${{ secrets.DECODABLE_REFRESH_TOKEN }}
        EOF

    - name: Create Decodable CLI config file
      run: |
        mkdir -p ~/.decodable
        cat <<EOF > ~/.decodable/config
        version: 1.0.0
        active-profile: default

        profiles:
          default:
            account: ${{ vars.DECODABLE_ACCOUNT_NAME }}
        EOF

    - name: Apply all Decodable resources
      run: decodable apply $(find declarative-cicd -name '*.yaml')