-
Notifications
You must be signed in to change notification settings - Fork 0
87 lines (76 loc) · 2.93 KB
/
infrastructure-sandbox-difference-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
---
name: infrastructure sandbox (difference check)
on:
schedule:
- cron: '0 22 * * *' # 毎日 7:00(JST) に実行
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AWS_ACCOUNT_ID: 107662415716
AWS_ENV_NAME: sandbox
OIDC_IAM_ROLE: sandbox-terraform-aws-deploy
jobs:
set-matrix:
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Set Matrix
id: set-matrix
uses: ./.github/actions/set-matrix
with:
AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
terraform:
needs: [set-matrix]
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
directory: ${{ fromJson(needs.set-matrix.outputs.matrix )}}
permissions:
id-token: write # For aws-actions/configure-aws-credentials
contents: read # For aws-actions/configure-aws-credentials
deployments: write # For bobheadxi/deployments
pull-requests: write # For bobheadxi/deployments
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: AWS Credential
id: aws-credential
uses: ./.github/actions/aws-credential
with:
oidc-iam-role: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.OIDC_IAM_ROLE }}
- name: Terraform Plan (difference check)
if: ${{ steps.aws-credential.outcome == 'success' }}
id: terraform-plan
uses: ./.github/actions/terraform-plan
with:
working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set Slack Message (Terraform Plan failure)
continue-on-error: true
if: ${{ env.TF_PLAN_STATUS == 'has-diff' }}
run: echo "ERROR_MSG=インフラのコードと実体のリソースに差分があります" >> "$GITHUB_ENV"
- name: Set Slack Message (another error)
continue-on-error: true
if: ${{ failure() && env.TF_PLAN_STATUS != 'has-diff' }}
run: echo "ERROR_MSG=difference check CIがエラー終了しました" >> "$GITHUB_ENV"
- name: Slack Notification (failure)
continue-on-error: true
if: ${{ failure() || env.TF_PLAN_STATUS == 'has-diff' }}
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: '#ntf_time-capsule'
SLACK_COLOR: danger
SLACK_TITLE: '${{ env.AWS_ENV_NAME }}(${{ env.AWS_ACCOUNT_ID }}): ${{ env.ERROR_MSG }}'
SLACK_MESSAGE: "<!subteam^S049GE784QJ> 確認してください。\npath: `${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}`"
SLACK_LINK_NAMES: true
SLACK_USERNAME: GitHubActionsBot
SLACK_ICON_EMOJI: ':x:'
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}