diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml new file mode 100644 index 0000000..faccd9e --- /dev/null +++ b/.github/workflows/deploy_to_gcp.yml @@ -0,0 +1,67 @@ +name: Gitea Deploy to GCP + +on: + workflow_dispatch: + pull_request: + branches: + - deploy-prd + - deploy-dev + +jobs: + gcp-deploy: + name: Deploy to GCP + runs-on: gcloud-tf + env: + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} + REPO_NAME: ${{ github.repository }} + COMPONENT_NAME: ${{ vars.COMPONENT_NAME }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Check Deploy Tools + run: | + ls -la + echo "Checking gcloud and terraform versions..." + gcloud --version + terraform --version + + - name: Check Gcloud auth + run: | + echo "HOME: ${HOME}" + printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + + gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" + gcloud config set project "$GCP_PROJECT_ID" + + echo "Check gcloud" + gcloud config list + gcloud --version + + - name: Exec Terraform init shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/init_terraform.sh + + - name: Exec Container Image Push to Artifact Registry + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/build_image_to_gar.sh + + - name: Exec Terraform plan shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/plan_terraform.sh + + - name: Exec Terraform apply shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/apply_terraform.sh + + - name: Clean up Gcloud auth file + run: | + rm -f $HOME/sa.json + echo "Cleaned up Gcloud auth file." + diff --git a/scripts/deploy/applay_terraform.sh b/scripts/deploy/applay_terraform.sh new file mode 100755 index 0000000..5334ae0 --- /dev/null +++ b/scripts/deploy/applay_terraform.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} + +cd "$TF_DIR" + +# --- デプロイ条件 --- +if [[ "${BRANCH_NAME:-}" =~ ^.*deploy$ ]]; then + echo "Start terraform apply (ENV=${ENV}, DIR=${TF_DIR}) ..." +else + echo "Skip terraform apply (branch=${BRANCH_NAME:-})" + exit 0 +fi + +# --- plan 結果があるか確認 --- +if [[ ! -f tfplan ]]; then + echo "ERROR: tfplan not found in $(pwd). Run plan step first." >&2 + exit 1 +fi + +terraform apply -auto-approve tfplan diff --git a/scripts/deploy/init_terraform.sh b/scripts/deploy/init_terraform.sh new file mode 100755 index 0000000..bad7202 --- /dev/null +++ b/scripts/deploy/init_terraform.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +TF_DIR=${TF_DIR:-terraform} + +# GCS S3などで保存する +TF_STATE_BUCKET=${TF_STATE_BUCKET:-cicd-tfstate-bucket-20250906} +ENV=${ENV:-dev} +REPO_NAME=${REPO_NAME:-unknown} + +cd "$TF_DIR" +echo "$REPO_NAME" + + +# # --- terraform init 実行 --- +terraform init \ + -backend-config="bucket=${TF_STATE_BUCKET}" \ + -backend-config="prefix=${REPO_NAME}/${ENV}" \ + \ No newline at end of file diff --git a/scripts/deploy/plan_terraform.sh b/scripts/deploy/plan_terraform.sh new file mode 100755 index 0000000..2370e4e --- /dev/null +++ b/scripts/deploy/plan_terraform.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} + +cd "$TF_DIR" + +if [ -f "${ENV}.tfvars" ]; then + terraform plan \ + -out=tfplan \ + -var-file="${ENV}.tfvars" + +else + # error raise + echo "ERROR: ${ENV}.tfvars not found in $(pwd)" >&2 + exit 1 +fi \ No newline at end of file