// Setting up a GitHub action to push configurations to Batfish Enterprise

Setting up a GitHub action to push configurations to Batfish Enterprise

With up-to-date backup of production configurations in GitHub you can now take advantage of GitHub actions and trigger automated analysis of your configurations by Batfish Enterprise.

Before you set up your first GitHub action, there is some pre-work to be done:

  1. Setup a server and start the Batfish Enterprise service on it. Write down the DNS name and IP address of this server, you will need it later.
  2. Create a Github secret in your repository named BFE_SSL_CERTIFICATE and set it to be the base64 encoded string output of the CA PEM file used on the Batfish Enterprise server.

NOTE: Run base64 -i yourCA.pem and copy the output into the BFE_SSL_CERTIFICATE secret. Replace yourCA.pem with the certificate authority (CA) PEM file installed on the Batfish Enterprise server. 

Now you are ready to set up a GitHub action in your repository where your configurations are stored. Detailed instructions on how to setup a workflow can be found here. The instructions below will get you started:

  1. In the local clone of your configuration archive GitHub repository, create the directories: .github and .github/workflows
  2. Create a file named batfish_upload.yml in .github/workflows with the contents shown below. Set server_name and server_ip to the hostname and IP address of the Batfish Enterprise server.
    branches: [ master ]

    runs-on: ubuntu-18.04

    - name: Checkout this repo
      uses: actions/checkout@v2
        path: main #to reference files from this repo, the filepath to use will be $GITHUB_WORKSPACE/main

    # Modify this step so that your snapshot directory is organized in the way described at
    # https://batfish.readthedocs.io/en/latest/notebooks/interacting.html#Packaging-snapshot-data

    - name: Create snapshot directory required for Batfish
      run: |
        mkdir -p $GITHUB_WORKSPACE/tmp/configs
        mkdir -p $GITHUB_WORKSPACE/tmp/batfish
        cp $GITHUB_WORKSPACE/main/*.cfg $GITHUB_WORKSPACE/tmp/configs/
        cp $GITHUB_WORKSPACE/main/batfish/* $GITHUB_WORKSPACE/tmp/batfish/
        echo "::set-output name=snapshot_dir::$GITHUB_WORKSPACE/tmp/"
      id: prepare_snapshot

    - name: Create snapshot artifact
      uses: actions/upload-artifact@v2

        name: batfish_snapshot
        path: ${{ steps.prepare_snapshot.outputs.snapshot_dir }}

    - name: Upload new snapshot to Batfish Enterprise server
      uses: saparikh/bfe-upload@v1.0
        server_name: your.batfishenterprise.server.name #DNS name for your Batfish Enterprise server
        server_ip: your.batfishenterprise.server.ip #IP address of your Batfish Enterprise server
        snapshot_folder: ${{ steps.prepare_snapshot.outputs.snapshot_dir }}
        network_name: YOUR-NETWORK #Name of your network
        snapshot_name: ${{ github.sha }} #This should be a unique value per commit. You can use a combination \ 
                                    of the branch name and timestamp if you don’t want to use the commit id
        ssl_certificate: ${{ secrets.BFE_SSL_CERTIFICATE }} #Github secret containing base64 encoded CA file
      id: upload_snapshot

    - name: Retrieve outputs from BFE upload action
      run: |
        echo ${{ steps.upload_snapshot.outputs.status }}
        echo ${{ steps.upload_snapshot.outputs.url }}
  1. Commit this file and push to the repository
git add .github
git commit -am “intial commit of github action that will upload configs to Batfish Enterprise”
git push

That’s it. You now have a GitHub action that will upload configurations to Batfish Enterprise every time the repository is updated. Navigate to the Batfish Enterprise dashboard to see the topology and interact with the snapshot.

See What's Possible

Pre-deployment validation of your network’s security, reliability and compliance policies, fully-automated with Batfish.

Request Your Demo