tqer39 · tqer39 · Apr 14, 2024 · Apr 14, 2024 · Apr 14, 2024
@@ -0,0 +1,131 @@
+---
+name: infrastucture - portfolio
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  AWS_ACCOUNT_ID: '072693953877'
+  AWS_ENV_NAME: portfolio
+  OIDC_IAM_ROLE: portfolio-terraform-aws-deploy
+
+jobs:
+  set-matrix:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set Matrix
+        id: set-matrix
+        uses: ./.github/actions/set-matrix
+        with:
+          AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
+
+  terraform:
+    needs: [set-matrix]
+    if: ${{ needs.set-matrix.outputs.matrix != '["_empty"]' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      id-token: write # For aws-actions/configure-aws-credentials
+      contents: read # For aws-actions/configure-aws-credentials
+      deployments: write # For bobheadxi/deployments
+      pull-requests: write # For bobheadxi/deployments
+    strategy:
+      fail-fast: false
+      matrix:
+        directory: ${{ fromJson(needs.set-matrix.outputs.matrix )}}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: AWS Credential
+        uses: ./.github/actions/aws-credential
+        with:
+          oidc-iam-role: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.OIDC_IAM_ROLE }}
+
+      - name: Terraform Plan
+        uses: ./.github/actions/terraform-plan
+        with:
+          working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Start Deployment
+        if: env.TF_PLAN_STATUS == 'has-diff' && github.ref == 'refs/heads/main'
+        uses: bobheadxi/deployments@v1
+        id: deployment
+        with:
+          step: start
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ env.AWS_ENV_NAME }}
+
+      - name: Terraform Apply
+        if: env.TF_PLAN_STATUS == 'has-diff' && contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
+        uses: ./.github/actions/terraform-apply
+        with:
+          AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
+          AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
+
+      - name: Finish Deployment
+        if: env.TF_PLAN_STATUS == 'has-diff' && always() && github.ref == 'refs/heads/main'
+        uses: bobheadxi/deployments@v1
+        with:
+          step: finish
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: ${{ job.status }}
+          env: ${{ steps.deployment.outputs.env }}
+          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
+
+  delete_pr_comments:
+    name: Delete PR Comments
+    needs: [terraform]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    if: contains(fromJSON('["pull_request"]'), github.event_name)
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Check and delete comments
+        run: |
+          ./.github/scripts/delete_pr_comments.sh \
+            "tqer39" \
+            "time-capsule" \
+            "${{ env.AWS_ENV_NAME }}" \
+            "${{ github.event.pull_request.number }}" \
+            "${{ secrets.GITHUB_TOKEN }}"
+
+  workflow-result-infrastructure-portfolio:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs: [terraform]
+    if: always()
+    steps:
+      - name: Failure
+        if: >-
+          contains(needs.*.result, 'failure')
+          || contains(needs.*.result, 'cancelled')
+        run: |
+          echo "workflow failure"
+          exit 1
+      - name: Success
+        run: |
+          echo "workflow success"
@@ -0,0 +1,87 @@
+---
+name: infrastructure portfolio (difference check)
+
+on:
+  schedule:
+    - cron: '0 22 * * *' # 毎日 7:00(JST) に実行
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  AWS_ACCOUNT_ID: '072693953877'
+  AWS_ENV_NAME: portfolio
+  OIDC_IAM_ROLE: portfolio-terraform-aws-deploy
+
+jobs:
+  set-matrix:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Set Matrix
+        id: set-matrix
+        uses: ./.github/actions/set-matrix
+        with:
+          AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
+
+  terraform:
+    needs: [set-matrix]
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        directory: ${{ fromJson(needs.set-matrix.outputs.matrix )}}
+    permissions:
+      id-token: write # For aws-actions/configure-aws-credentials
+      contents: read # For aws-actions/configure-aws-credentials
+      deployments: write # For bobheadxi/deployments
+      pull-requests: write # For bobheadxi/deployments
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: AWS Credential
+        id: aws-credential
+        uses: ./.github/actions/aws-credential
+        with:
+          oidc-iam-role: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.OIDC_IAM_ROLE }}
+
+      - name: Terraform Plan (difference check)
+        if: ${{ steps.aws-credential.outcome == 'success' }}
+        id: terraform-plan
+        uses: ./.github/actions/terraform-plan
+        with:
+          working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set Slack Message (Terraform Plan failure)
+        continue-on-error: true
+        if: ${{ env.TF_PLAN_STATUS == 'has-diff' }}
+        run: echo "ERROR_MSG=インフラのコードと実体のリソースに差分があります" >> "$GITHUB_ENV"
+
+      - name: Set Slack Message (another error)
+        continue-on-error: true
+        if: ${{ failure() && env.TF_PLAN_STATUS != 'has-diff' }}
+        run: echo "ERROR_MSG=difference check CIがエラー終了しました" >> "$GITHUB_ENV"
+
+      - name: Slack Notification (failure)
+        continue-on-error: true
+        if: ${{ failure() || env.TF_PLAN_STATUS == 'has-diff' }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: '#ntf_time-capsule'
+          SLACK_COLOR: danger
+          SLACK_TITLE: '${{ env.AWS_ENV_NAME }}(${{ env.AWS_ACCOUNT_ID }}): ${{ env.ERROR_MSG }}'
+          SLACK_MESSAGE: "<!subteam^S049GE784QJ> 確認してください。\npath: `${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}`"
+          SLACK_LINK_NAMES: true
+          SLACK_USERNAME: GitHubActionsBot
+          SLACK_ICON_EMOJI: ':x:'
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
@@ -113,7 +113,7 @@ jobs:
             "${{ github.event.pull_request.number }}" \
             "${{ secrets.GITHUB_TOKEN }}"
 
-  workflow-result-infrastructure:
+  workflow-result-infrastructure-sandbox:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     needs: [terraform]

@@ -0,0 +1,33 @@
+---
+name: manual - infrastructure - portfolio
+
+on:
+  workflow_dispatch:
+    inputs:
+      TF_PATH:
+        type: string
+        description: Terraform CLIを実行するパス。
+        required: true
+        default: './infrastructure/environments/portfolio/手で設定する'
+      TF_TYPE:
+        type: choice
+        description: Terraformで実行する処理の種類
+        required: true
+        default: terraform plan
+        options:
+          - terraform plan
+          - terraform apply
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  terraform:
+    uses: ./.github/workflows/_manual-infrastructure-common.yml
+    with:
+      AWS_ACCOUNT_ID: 107662415716
+      AWS_ENV_NAME: portfolio
+      OIDC_IAM_ROLE: portfolio-terraform-aws-deploy
+      TF_PATH: ${{ inputs.TF_PATH }}
+      TF_TYPE: ${{ inputs.TF_TYPE }}