In this blog post, we’ll delve into the intricacies of setting up GitHub Actions and some of the challenges we overcame when developing the CI/CD pipeline for Versa Note, our versatile SolidWorks drawing note add-in.
GitHub Actions are an automation and CI/CD platform, enabling the automation of software development tasks through workflows directly from any GitHub repository. Workflows can be triggered by events like code changes or scheduled intervals, and through the use of scripting files, GitHub orchestrates a sequence of steps and jobs to build, test, and deploy code. These actions are executed in virtual environments hosted by GitHub, and support Linux & Windows environments as well as many others.
The Challenge: Building the Installer
One of the initial challenges encountered while setting up the GitHub Actions workflow for Versa Note was related to building the installer. Microsoft’s Install Project extension for Visual Studio was utilized for the installation of Versa Note due to it’s simplicity and ease of setup, however building this extension is not supported by Microsoft’s command line build interfaces, MSBuild.exe. An alternative approach was to trigger the Visual Studio build environment via the command line (which can be called in a GitHub action script using devenv.com) for building the installer. While this approach might seem unconventional, it proved effective in overcoming the compatibility hurdle.
Separating the Installer from the Complete Solution
While the use of the Visual Studio environment to build the installer solved one problem, it created another. The installer extension was designed to allow the installer to be set up in the same solution as the other project components, and references assigned as well as build order. Unfortunately, this architecture didn’t play nicely with GitHub’s build environment, and the installer struggled to find the necessary project references. The easy fix was to separate the installer from the custom class libraries in Versa note, and point the installer to the complied DLL’s. By segregating the installer, we were able to build the individual components using MSBuild.exe, and then trigger the installer build using the devenv.com, with no issues. This approach not only reduced the complexity of the installer but also ensured that all the necessary references were available within GitHub’s virtual build environment. If you would like to read more about the importance of removing these types of dependencies in an automated build environment, you can check out this post.
The Creative Secret Management Solution
Securing sensitive information, such as API keys and credentials, is of paramount importance in software development. This was the primary driver for setting up the GitHub action build script for Versa Note; implementing the use of encrypted secrets through a GitHub action is the best way to keep these keys safe since they are not committed to your repository in plain text. In the case of Versa Note, a creative solution was devised to handle secrets during the automated build process. In order to enable both automated and local builds in the development environment, a .cs file containing a simple class with the secrets was used.
This secrets file was excluded from version control, preventing it from being accidentally exposed in the repository. During the build process, the GitHub Actions workflow was configured to use an encrypted secret containing the class and all of the API keys, to re-create this file so that the secret keys and tokens are compiled into the build.
In Conclusion
Setting up GitHub Actions for building applications like Versa Note comes with its fair share of challenges, from unconventional tool choices to secret management. However, by creatively addressing these challenges and tailoring the workflow to the project’s unique needs, developers can create a streamlined and secure development pipeline. As software development continues to evolve, tools like GitHub Actions provide us with the means to optimize our processes and deliver high-quality applications to users worldwide.
