Implementing Touchless Change Management in GitHub CI/CD: Automating Approvals, Deployments, and Remediation
akhil mittal
Posted on October 18, 2024
Touchless Change Management (TCM) is a fully automated way to manage infrastructure and software changes, typically integrated into CI/CD pipelines. It automates approval workflows, deployment, monitoring, and auditing, eliminating the need for manual intervention. Here's how to integrate TCM with a GitHub CI/CD workflow:
Technical Details and Configuration
-
Set Up Change Management System (CMS):
- Use a CMS like ServiceNow or Jira to handle approvals. Set rules for automatic approvals based on risk assessments or pre-defined policies.
- In ServiceNow, create a workflow to approve changes with automated rules based on predefined criteria like severity, risk, and testing status.
-
Configure ServiceNow/Jira API:
- Create API tokens and webhook endpoints for ServiceNow/Jira to integrate with GitHub Actions.
- Example: ServiceNow generates a change request upon a PR, and the API tracks the approval status.
-
Configure GitHub Actions for Automated Approvals:
- Create a workflow triggered by a PR that automates testing, change request creation, and approval validation.
- The workflow continuously monitors the status of the change request in ServiceNow or Jira using polling or event-driven webhooks.
Example PR Trigger Workflow:
name: Change Management Workflow
on:
pull_request:
types: [opened, synchronize]
jobs:
test-and-request-approval:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run Tests
run: |
./run-tests.sh
- name: Create Change Request
id: create_request
run: |
curl -X POST https://api.servicenow.com/api/now/v2/table/change_request \
-H "Authorization: Bearer ${{ secrets.SERVICE_NOW_TOKEN }}" \
-d '{ "short_description": "New Change Request", "risk": "low" }'
- name: Monitor Change Approval Status
id: check_approval
run: ./check-approval.sh
- name: Deploy if Approved
if: ${{ steps.check_approval.outputs.status == 'approved' }}
run: ./deploy.sh
Key Steps:
- Run Tests: Ensures code passes all necessary unit tests.
- Create Change Request: Creates a request in ServiceNow or Jira using REST API.
- Check Approval: Polls the change management system for approval status.
- Deployment: Automatically deploys code when the change is approved.
-
Deployment and Infrastructure as Code (IaC):
- Leverage tools like Terraform or AWS CloudFormation to manage your infrastructure.
- GitHub Actions triggers the IaC deployment, ensuring that the infrastructure is automatically deployed or modified after change approval.
Example Terraform Deployment:
- name: Deploy Infrastructure with Terraform
run: |
terraform init
terraform apply -auto-approve
-
Automatic Remediation via AWS Lambda:
- Post-deployment, integrate monitoring tools like AWS CloudWatch or Prometheus to detect failures. Use Lambda functions to automatically revert changes or execute remediation steps if something goes wrong.
-
Audit and Close:
- Upon successful deployment, update the CMS with the final status, and close the change request.
- Include automated logs in the audit trail for future reference and compliance.
Workflow Summary:
- Developer Opens PR: Automatically triggers GitHub Actions.
- Tests & Scans: The workflow runs tests, security scans, and linting.
- Create Change Request: Automatically generates a change request in ServiceNow/Jira.
- Monitor Approval: The system monitors for auto-approval or manually approved changes.
- Automated Deployment: On approval, the workflow deploys using IaC (Terraform, CloudFormation).
- Close the Loop: The CMS is updated with the final status, and the change request is closed.
Benefits of TCM in GitHub CI/CD:
- Faster Deployments: Automates the entire process, removing human bottlenecks.
- Audit Trails: Keeps a complete log of every step for compliance.
- Improved Security: Automatically integrates testing, approval, and remediation workflows.
Advanced Features:
- Rollback/Remediation: Use Lambda to automatically roll back changes if any post-deployment issues are detected.
- Risk-Based Approvals: Automate approval based on predefined risk policies, ensuring that only high-risk changes need manual approval.
Conclusion:
Touchless Change Management integrated with GitHub CI/CD enables a smooth, fully automated flow for code deployment, compliance, and security management. Leveraging tools like ServiceNow, Jira, and AWS Lambda within GitHub workflows ensures efficient, traceable, and safe cloud infrastructure management.
This approach eliminates manual intervention, ensuring faster, more reliable, and secure infrastructure changes across cloud environments.
Posted on October 18, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
October 18, 2024