Balena push openBalena alternative

Hello everyone!
Lets me present you alternative to the “balena push” based on Github Actions.

You are welcome to create pull requests.
Need your help to implement the whole process of build such as “balena deploy”, etc.
Also need understand the way of adding cert to docker-worker
Open for your proposals, and feature requests.


Your timing with this is incredible. Thanks for putting this together its exactly what I was looking for.

Now, I need to figure out how to use github actions… Thats another story.

At action page you can see the example :smile:
My own idea was to use a self-hosted Github Actions runner which allow using custom CA and certs for deploying code to the cloud.
If you will find a workaround how to use custom ca.crt in Github Actions worker - it will be incredible!
For using functionality as balena push - just create git in project folder - upload your code to repo and using Actions tab - create your own job with using example!

Awesome, I’m just not familiar with how I inject my own env variables.

  balena_api_token: ${{secrets.BALENA_API_TOKEN}}
  balena_command: "deploy my-awesome-app --logs"
  open_balena_address: ${{secrets.OPEN_BALENA_ADDRESS}}
  root_cert: ${{secrets.OPEN_BALENA_ROOT_CERT}}

Also, how did you get it to work without the custom ca.crt? I would assume that that would be a requirement

Also is the open_balena_address the root domain? ie. or is it one of the subdomains like

I’ve managed to work out the variables and script. But I think I’m running into the ca.crt issue you mention. Is this what you’re seeing in the github logs?

Retrying "registry.***/v2/f14c323e365b7cdd434b3e928e134c30:latest" after 2.0s (1 of 2) due to: Error: Get [https://registry.***/v2/:](https://registry.%2A%2A%2A/v2/:) x509: certificate signed by unknown authority

Maybe @dfunckt you have any suggestions re getting the ca.crt deployed properly in a github action flow?

I’m already found how to use custom CA at self-hosted github runner alongside with you balena cloud instance.
I will provide guide today soon :slight_smile:

Moment when i realize that it works - is awesome :slight_smile:

This is it

Nice work :+1: :+1: :+1: :+1:
Works for me!

1 Like

I have idea how to use it for creating os images and deploy it as artifact to this repo :wink:
I will provide guide later

1 Like

That self-hosted action builder feature is pretty powerful.

In a production environment you’d not want to run the github builder on the same machine as your openbalena, but this is very very useful.

Also, probably useful to run it as a service so it stays up.

1 Like

This helps if you have distributed team for development.
You can host runner in another place for creating releases in async mode)
For building you can use balena build - just in case for test if everything is ok, and use deploy for uploading it to prod.
I already had mentioned possibility to run worker in background as service in my guide :wink:

Ha, I got too excited to test it I completely missed that step in your guide

Haha - this is ok. I was excited to create guide too.
Github Actions (GA) is very powerfull tools, you can use GithubApi to trigger builds, and so on.
Like a “one ring to rule them all”, GA give opportunity to recreate part of functionality provided by balenaCloud!
My next step will be something like OS configurer for apps, which upload your customized system image to specified S3 storage, or just publish it directly in repo as artifact

1 Like

@teslov any thoughts on how we might use the action steps to update the application environment variables in openbalena?

I’m interested updating the app’s envs with info about the release/commit automatically, so that downstream we can see that the device is running the correct commit in the logs.

This is kinda what I was thinking:

  1. Set up first env for the application manually in CLI:
    balena env add commit null --application testing

  2. Retrieve the env ID with
    balena envs --application testing

1  COMMIT     null            testing     *
  1. On each deployment (where GITHUB_SHA is the commit id)
    balena env rename 1 $GITHUB_SHA

  2. Confirm the change with
    balena envs --application testing

1  COMMIT     123abc456def    testing     *

You would know better than myself, but can we just add that as another command to the action yml?

      balena_api_token: ${{secrets.BALENA_API_TOKEN}}
      balena_command: "deploy github-action-test --logs"
      balena_command: "balena env rename 1 $GITHUB_SHA"
      open_balena_address: ${{secrets.OPEN_BALENA_ADDRESS}}
      root_cert: ${{secrets.OPEN_BALENA_ROOT_CERT}}

I imagine this could basically be an openbalena version of balena clouds commit id.

Screen Shot 2021-03-14 at 7.57.12 AM

1 Like

I think you have a posibility to use && in balena command to combine it.
Like deploy && balena env rename 1 ${SHA VARIABLE HERE}
Or using pipe to use output in another command like devices | grep ....
Part of commands running in sh script, so you are not limited to expand it with your custom logic.
With using key --output json you can try jq tool, for processing it as json
The best way to implement your logic - just add new workflow to repo, with another purpose - dividing workflow by functions - is better.
If you are depends on success of your build - just add it as new job in workflow tree.

If you need so, i will provide possibility to use docker secrets in actions due to using custom docker registries and images.
And in next versions I will add Json as variable functionality with custom logic
Maybe at this, or next week