Hi,
Any ideas or tools that I can use to automate the deployment of jobs using github CI/CD (actions) ?
For example:
Code is uploaded, tagged and pushed to the container registry.
Now I need to let the nomad cluster know that he needs to pull the latest version and deploy it. using github actions.
If you have access to your Nomad API from the workflow, you should be able to simply do a nomad job run of the job definition. This would be the equivalent of doing a helm upgrade. If you need to pass variables, such as the new version of the application as tagged by the workflow and pushed to the registry, you an use the -var flag:
nomad job run -var ${tag_version} jobspec.nomad
You could also use the Job Update API endpoint.
There may be some details which depend on your particular situation, but the main constraint here would be that you need to be able to reach and authenticate to the Nomad API from a runner. If the Nomad cluster is not on the internet, this is often achieved by adding the runner to an overlay network using Tailscale or similar.
Does this all sound feasible in your case?
I wrote a GHA for creating a dynamic credential for Nomad deploys that might be helpful: GitHub - mikenomitch/nomad-jwt-auth: A repository to demonstrate JWT auth in Nomad using a GHA token - (Iām actually working on a blog post for this now, I can share once its out)
In the docs the final command just gets Nomad status, but if you composed those actions alongside some ābuild and upload my imageā action that returns the new image name/url and then the final action in the chain was just a bash call with ānomad run ./path-to-job -var āimage=${image-id-from-upload-image-action}āā.
i have been working on running GA workers inside our nomad cluster. Have submitted the setup to HashiTalks 2024. Working on a blog post too, but nothing i can share right now unfortunately
This is a simple and good approach. My concerns were using GitHub actions from unofficial sources, just read the code of lucasmelin/setup-nomad@v1 looks very transparent might worth a try. thanks