CI/CD実装 #39
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci/cd | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened, synchronize] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| test-prep: | |
| runs-on: ubuntu-22.04 | |
| env: | |
| TF_VAR_service: ${{ secrets.TEST_SERVICE }} | |
| TF_VAR_env: test | |
| steps: | |
| # - name: Confirm minimum permissions | |
| # uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| # with: | |
| # config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| - name: Setup job | |
| uses: ./.github/actions/setup | |
| with: | |
| workload_identity_provider: ${{ secrets.TEST_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.TEST_SERVICE_ACCOUNT }} | |
| - name: Run apply command to tier1 on test | |
| run: | | |
| ./terraform/environments/test/tier1/apply.sh | |
| test: | |
| needs: test-prep | |
| runs-on: ubuntu-22.04 | |
| env: | |
| TF_VAR_service: ${{ secrets.TEST_SERVICE }} | |
| TF_VAR_env: test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| shard: [modules1, modules2] | |
| steps: | |
| # - name: Confirm minimum permissions | |
| # uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| # with: | |
| # config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| - name: Setup job | |
| uses: ./.github/actions/setup | |
| with: | |
| workload_identity_provider: ${{ secrets.TEST_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.TEST_SERVICE_ACCOUNT }} | |
| - name: Run tests | |
| run: | | |
| while IFS= read MODULE; do | |
| ./terraform/modules/$MODULE/test.sh | |
| done <<< "$(yq -r .${{ matrix.shard }}[] ./.github/test_matrix.yaml)" | |
| plan: | |
| needs: test | |
| runs-on: ubuntu-22.04 | |
| env: | |
| TF_VAR_service: ${{ secrets.STG_SERVICE }} | |
| TF_VAR_env: stg | |
| steps: | |
| # - name: Confirm minimum permissions | |
| # uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| # with: | |
| # config: ${{ vars.PERMISSIONS_CONFIG }} | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| - name: Setup job | |
| uses: ./.github/actions/setup | |
| with: | |
| workload_identity_provider: ${{ secrets.STG_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.STG_SERVICE_ACCOUNT }} | |
| - name: Run plan command to tier1 on stg | |
| run: | | |
| cd ./terraform/environments/stg/tier1/ | |
| terraform init -backend-config="bucket=${{ env.TF_VAR_service }}-${{ env.TF_VAR_env }}-terraform" | |
| terraform plan | |
| - name: Run plan command to tier2 on stg | |
| run: | | |
| cd ./terraform/environments/stg/tier2/ | |
| terraform init -backend-config="bucket=${{ env.TF_VAR_service }}-${{ env.TF_VAR_env }}-terraform" | |
| terraform plan | |
| - name: Send the results to Slack channel | |
| id: slack | |
| uses: slackapi/[email protected] | |
| with: | |
| payload: | | |
| { | |
| "key": "value", | |
| "foo": "bar" | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |