Skip to content
CI

ネットワーク設定を追加、ポートを動的に割当 #17

Sign in to view logs

ネットワーク設定を追加、ポートを動的に割当

ネットワーク設定を追加、ポートを動的に割当 #17

Workflow file for this run

.github/workflows/ci.yml at 9918879
name: CI
on:
push:
branches:
- feature/**
env:
AWS_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.IAM_ROLE_NAME }}
AWS_DEFAULT_REGION: ap-northeast-1
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
setup:
runs-on: ubuntu-latest
outputs:
modules_changed: ${{ steps.modules_changes.outputs.changes }}
envs_changed: ${{ steps.envs_changes.outputs.changes }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Get changed modules dirs
uses: dorny/paths-filter@v2
id: modules_changes
with:
filters: |
modules:
- 'modules/**'
- name: Get changed envs dirs
uses: dorny/paths-filter@v2
id: envs_changes
with:
filters: |
environments:
- 'environments/**'
terragrunt:
needs: setup
if: needs.setup.outputs.envs_changed != '[]'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup aqua
uses: aquaproj/[email protected]
with:
aqua_version: v2.28.0
aqua_opts: ""
- name: Install tools via Aqua
run: aqua install
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Initialize Terragrunt
working-directory: environments/prod
run: terragrunt run-all init --terragrunt-non-interactive
- name: Check Terragrunt format
working-directory: environments/prod
run: terragrunt run-all fmt -check
- name: Validate Terragrunt
working-directory: environments/prod
run: terragrunt run-all validate
- name: Run Terragrunt plan
working-directory: environments/prod
run: terragrunt run-all plan
terraform:
needs: setup
if: needs.setup.outputs.modules_changed != '[]'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup aqua
uses: aquaproj/[email protected]
with:
aqua_version: v2.28.0
aqua_opts: ""
- name: Install tools via Aqua
run: aqua install
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Run TFsec
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tfsec --format=checkstyle | reviewdog -f=checkstyle -name="tfsec" -reporter=github-pr-review -filter-mode=nofilter -fail-on-error
- name: Run TFlint
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tflint --init
tflint --format=checkstyle | reviewdog -f=checkstyle -name="tflint" -reporter=github-pr-review -filter-mode=nofilter -fail-on-error
release-pull-request:
needs: [terragrunt, terraform]
if: needs.setup.outputs.envs_changed != '[]' || needs.setup.outputs.modules_changed != '[]'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set Tokyo Time
id: set_tokyo_time
run: echo "tokyo_time=$(TZ=Asia/Tokyo date '+%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
- name: Determine if PR already exists
id: check_pr
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_COUNT=$(gh pr list --head "${{ github.ref_name }}" --json number --jq '. | length')
echo "::set-output name=pr_count::$PR_COUNT"
- name: Create Pull Request
if: steps.check_pr.outputs.pr_count == '0'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr create \
-B main \
-H "${{ github.ref_name }}" \
-t "Automated Release - ${{ env.tokyo_time }}" \
-b "This automated PR merges the feature branch '${{ github.ref_name }}' into 'main' and includes the following updates:\n\n- Security checks\n- Format checks\n\nPlease review and approve the changes." \
-a "${{ github.actor }}"
shell: bash