From 09e6feb2651debd5f1275a1155a4adc6917c1a0e Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 20:53:48 +0900 Subject: [PATCH 01/23] test --- .github/workflows/deploy_to_gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 2cf6a5a..2fe96f5 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -13,7 +13,7 @@ jobs: runs-on: gcloud-tf steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v3 # checkout: # name: Checkout code From 251da802c4f9c3ae876173d19b9939d04de8bd17 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 20:56:03 +0900 Subject: [PATCH 02/23] Test --- .github/workflows/deploy_to_gcp.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 2fe96f5..c9723f9 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -8,12 +8,25 @@ on: - deploy-dev jobs: - gcp-deploy: + checkout: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + gcp-deploy: name: Deploy to GCP runs-on: gcloud-tf steps: - - name: Checkout code - uses: actions/checkout@v3 + - name: Check Deploy Tools + run: | + ls -la + gcloud --version + terraform --version + + + # steps: + # - name: Checkout code + # uses: actions/checkout@v3 # checkout: # name: Checkout code From 017b88d0c9d79a9a19799c3b22e743e962137c44 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:07:27 +0900 Subject: [PATCH 03/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index c9723f9..87939a7 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -8,15 +8,13 @@ on: - deploy-dev jobs: - checkout: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 gcp-deploy: name: Deploy to GCP runs-on: gcloud-tf steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Check Deploy Tools run: | ls -la From dd65fdd8b56c9b06dc6a02951a1a20526c420f6d Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:18:08 +0900 Subject: [PATCH 04/23] =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 87939a7..e04d516 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -11,6 +11,9 @@ jobs: gcp-deploy: name: Deploy to GCP runs-on: gcloud-tf + env: + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -18,9 +21,25 @@ jobs: - name: Check Deploy Tools run: | ls -la + echo "Checking gcloud and terraform versions..." gcloud --version terraform --version + - name: Check Gcloud auth + run: | + echo "HOME: ${HOME}" + printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + + gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" + gcloud config set project "$GCP_PROJECT_ID" + + echo "Check gcloud" + gcloud config list + gcloud --version + + + # steps: # - name: Checkout code From fa09f7199f38ac8aade350870cc3dd6aaeb1f292 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:33:53 +0900 Subject: [PATCH 05/23] =?UTF-8?q?init=20terraform=E3=82=92=E8=A8=AD?= =?UTF-8?q?=E5=AE=9A=E3=81=97=E3=81=BE=E3=81=97=E3=81=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 5 +++++ scripts/deploy/init_terraform.sh | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index e04d516..04fc377 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -14,6 +14,7 @@ jobs: env: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} + REPO_NAME: ${{ github.repository }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -38,6 +39,10 @@ jobs: gcloud config list gcloud --version + - name: Exec Terraform init shell + run: | + ./scripts/terraform/init.sh + diff --git a/scripts/deploy/init_terraform.sh b/scripts/deploy/init_terraform.sh index 7e57d64..94e1a39 100644 --- a/scripts/deploy/init_terraform.sh +++ b/scripts/deploy/init_terraform.sh @@ -6,13 +6,16 @@ set -euo pipefail TF_DIR=${TF_DIR:-terraform} # GCS S3などで保存する -TF_STATE_BUCKET=${TF_STATE_BUCKET:-cicd-tfstate-bucket} +TF_STATE_BUCKET=${TF_STATE_BUCKET:-cicd-tfstate-bucket-20250906} ENV=${ENV:-dev} REPO_NAME=${REPO_NAME:-unknown} cd "$TF_DIR" +echo "$REPO_NAME" -# --- terraform init 実行 --- +ecgi + +# # --- terraform init 実行 --- terraform init \ -backend-config="bucket=${TF_STATE_BUCKET}" \ -backend-config="prefix=${REPO_NAME}/${ENV}" \ From 5811b76fb56f557c41cd6a51db66bd72fd82db7b Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:34:46 +0900 Subject: [PATCH 06/23] test --- .github/workflows/deploy_to_gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 04fc377..75c8e8d 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -41,7 +41,7 @@ jobs: - name: Exec Terraform init shell run: | - ./scripts/terraform/init.sh + ./scripts/deploy/init_terraform.sh From d5869b639c3d5b6faf6da47258291c9b70d93c4e Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:36:49 +0900 Subject: [PATCH 07/23] =?UTF-8?q?=E6=A8=A9=E9=99=90=E5=8F=8A=E3=81=B3?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/deploy/init_terraform.sh | 1 - 1 file changed, 1 deletion(-) mode change 100644 => 100755 scripts/deploy/init_terraform.sh diff --git a/scripts/deploy/init_terraform.sh b/scripts/deploy/init_terraform.sh old mode 100644 new mode 100755 index 94e1a39..bad7202 --- a/scripts/deploy/init_terraform.sh +++ b/scripts/deploy/init_terraform.sh @@ -13,7 +13,6 @@ REPO_NAME=${REPO_NAME:-unknown} cd "$TF_DIR" echo "$REPO_NAME" -ecgi # # --- terraform init 実行 --- terraform init \ From 19d4d881717aea7984dfe7c0422c327b03bdb8fc Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:43:27 +0900 Subject: [PATCH 08/23] =?UTF-8?q?=E3=83=90=E3=83=83=E3=82=AF=E3=82=A8?= =?UTF-8?q?=E3=83=B3=E3=83=89=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/provider.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/provider.tf b/terraform/provider.tf index fdeb7be..218805c 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,3 +1,7 @@ +terraform { + backend "gcs" {} +} + # Google Providerの設定 provider "google" { project = var.project_id From e7595d1365f1a52d1d13b67d206593f85f90b5a2 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 21:50:48 +0900 Subject: [PATCH 09/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 75c8e8d..6bd2a46 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -41,6 +41,11 @@ jobs: - name: Exec Terraform init shell run: | + ls -la ${HOME} + echo "$REPO_NAME" + echo "HOME: ${HOME}" + printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/init_terraform.sh From 1be5bd53883544e757754162548c46ced0983aa9 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:11:26 +0900 Subject: [PATCH 10/23] =?UTF-8?q?=E3=83=87=E3=83=97=E3=83=AD=E3=82=A4?= =?UTF-8?q?=E3=82=BD=E3=83=BC=E3=82=B9=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 10 ++++---- scripts/deploy/build_image_to_gar.sh | 35 ++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 scripts/deploy/build_image_to_gar.sh diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 6bd2a46..7126f44 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -15,6 +15,7 @@ jobs: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} REPO_NAME: ${{ github.repository }} + HASH_SUFFIX: ${{ github.sha }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -41,13 +42,12 @@ jobs: - name: Exec Terraform init shell run: | - ls -la ${HOME} - echo "$REPO_NAME" - echo "HOME: ${HOME}" - printf '%s' "$GCP_SA_KEY" > $HOME/sa.json export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/init_terraform.sh - + - name: Exec Container Image Push to Artifact Registry + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/build_image_to_gar.sh diff --git a/scripts/deploy/build_image_to_gar.sh b/scripts/deploy/build_image_to_gar.sh new file mode 100644 index 0000000..376c717 --- /dev/null +++ b/scripts/deploy/build_image_to_gar.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Google Container RegistryへDockerイメージをビルドしてプッシュするスクリプト +set -euo pipefail + +# 環境変数の設定 +REGION=${REGION:-asia-northeast1} +ENV=${ENV:-dev} +JOB_NAME=${JOB_NAME} +AR_REPO_NAME="cicd-repo-${ENV}" +HASH_SUFFIX=${HASH_SUFFIX:-$(date +%s)} + +# IMAGE_URIの設定 +# ローカル実行時は epoch 秒で自動採番。 +IMAGE_URI="${REGION}-docker.pkg.dev/${GCP_PROJECT_ID}/${AR_REPO_NAME}/run-job-${JOB_NAME}-image:${HASH_SUFFIX}" + +echo "REGION : ${REGION}" +echo "ENV : ${ENV}" +echo "JOB_NAME : ${JOB_NAME}" +echo "HASH_SUFFIX : ${HASH_SUFFIX}" +echo "IMAGE_URI : ${IMAGE_URI}" + +# Artifact Registry への認証設定 +gcloud auth configure-docker "${REGION}-docker.pkg.dev" + +# GARへDockerイメージをビルドしてプッシュ +gcloud builds submit --tag "${IMAGE_URI}" . + + + + + + + + + From 62f9f9c36160be6f8ca1cdae0cc927940d9e6397 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:13:05 +0900 Subject: [PATCH 11/23] =?UTF-8?q?=E3=83=93=E3=83=AB=E3=83=89=E7=94=A8?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/deploy/build_image_to_gar.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/deploy/build_image_to_gar.sh diff --git a/scripts/deploy/build_image_to_gar.sh b/scripts/deploy/build_image_to_gar.sh old mode 100644 new mode 100755 From 57fea674e7dd82ef6b191b35371969ede5b8cf5c Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:14:59 +0900 Subject: [PATCH 12/23] test --- .github/workflows/deploy_to_gcp.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 7126f44..d488c6a 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -16,6 +16,7 @@ jobs: GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} REPO_NAME: ${{ github.repository }} HASH_SUFFIX: ${{ github.sha }} + JOB_NAME: ${{ vars.JOB_NAME }} steps: - name: Checkout code uses: actions/checkout@v3 From ab32a9e825b950d06d21dfe1919888f5033ea862 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:32:50 +0900 Subject: [PATCH 13/23] =?UTF-8?q?=E3=83=97=E3=83=A9=E3=83=B3=E3=81=BE?= =?UTF-8?q?=E3=81=A7=E8=BF=BD=E5=8A=A0=E3=81=99=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 9 ++++++++- scripts/deploy/build_image_to_gar.sh | 3 +-- scripts/deploy/plan_terraform.sh | 24 ++++++++++++++++++++++++ terraform/dev.tfvars | 12 ++++++++++++ 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100755 scripts/deploy/plan_terraform.sh create mode 100644 terraform/dev.tfvars diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index d488c6a..680d73f 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -17,6 +17,7 @@ jobs: REPO_NAME: ${{ github.repository }} HASH_SUFFIX: ${{ github.sha }} JOB_NAME: ${{ vars.JOB_NAME }} + HASH_SUFFIX: ${{ github.sha }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -27,7 +28,7 @@ jobs: echo "Checking gcloud and terraform versions..." gcloud --version terraform --version - + - name: Check Gcloud auth run: | echo "HOME: ${HOME}" @@ -45,11 +46,17 @@ jobs: run: | export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/init_terraform.sh + - name: Exec Container Image Push to Artifact Registry run: | export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/build_image_to_gar.sh + - name: Exec Terraform init shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/plan_terraform.sh + # steps: diff --git a/scripts/deploy/build_image_to_gar.sh b/scripts/deploy/build_image_to_gar.sh index 376c717..0a94374 100755 --- a/scripts/deploy/build_image_to_gar.sh +++ b/scripts/deploy/build_image_to_gar.sh @@ -7,7 +7,7 @@ REGION=${REGION:-asia-northeast1} ENV=${ENV:-dev} JOB_NAME=${JOB_NAME} AR_REPO_NAME="cicd-repo-${ENV}" -HASH_SUFFIX=${HASH_SUFFIX:-$(date +%s)} +HASH_SUFFIX=${HASH_SUFFIX} # IMAGE_URIの設定 # ローカル実行時は epoch 秒で自動採番。 @@ -32,4 +32,3 @@ gcloud builds submit --tag "${IMAGE_URI}" . - diff --git a/scripts/deploy/plan_terraform.sh b/scripts/deploy/plan_terraform.sh new file mode 100755 index 0000000..0fba502 --- /dev/null +++ b/scripts/deploy/plan_terraform.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +HASH_SUFFIX=${HASH_SUFFIX} + +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} + +cd "$TF_DIR" + +if [ -f "${ENV}.tfvars" ]; then + terraform plan \ + -out=tfplan \ + -var-file="${ENV}.tfvars" \ + -var="hash_suffix=${HASH_SUFFIX}" + +else + # error raise + echo "ERROR: ${ENV}.tfvars not found in $(pwd)" >&2 + exit 1 +fi \ No newline at end of file diff --git a/terraform/dev.tfvars b/terraform/dev.tfvars new file mode 100644 index 0000000..72900c2 --- /dev/null +++ b/terraform/dev.tfvars @@ -0,0 +1,12 @@ +project_id = "gcp-devel-project" +region = "asia-northeast1" +env_name = "dev" + +job_name = "base" +# コンテナイメージ(CI/CDから渡される想定) + +cpu_limit = "1" +memory_limit = "512Mi" +timeout = "1800s" + + From ebc4c1ba43cf931162d9216fc1e5592d6129bfa0 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:34:51 +0900 Subject: [PATCH 14/23] =?UTF-8?q?=E3=83=97=E3=83=A9=E3=83=B3=E5=A4=89?= =?UTF-8?q?=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 680d73f..2391908 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -52,7 +52,7 @@ jobs: export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/build_image_to_gar.sh - - name: Exec Terraform init shell + - name: Exec Terraform plan shell run: | export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/plan_terraform.sh From 1fcbf0e33ab712b03c99da862e8a886b141754d2 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:42:01 +0900 Subject: [PATCH 15/23] =?UTF-8?q?=E3=82=A8=E3=83=A9=E3=83=BC=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/deploy/build_image_to_gar.sh | 11 +++-------- scripts/deploy/plan_terraform.sh | 3 +-- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/scripts/deploy/build_image_to_gar.sh b/scripts/deploy/build_image_to_gar.sh index 0a94374..133bac5 100755 --- a/scripts/deploy/build_image_to_gar.sh +++ b/scripts/deploy/build_image_to_gar.sh @@ -9,10 +9,13 @@ JOB_NAME=${JOB_NAME} AR_REPO_NAME="cicd-repo-${ENV}" HASH_SUFFIX=${HASH_SUFFIX} + # IMAGE_URIの設定 # ローカル実行時は epoch 秒で自動採番。 IMAGE_URI="${REGION}-docker.pkg.dev/${GCP_PROJECT_ID}/${AR_REPO_NAME}/run-job-${JOB_NAME}-image:${HASH_SUFFIX}" + + echo "REGION : ${REGION}" echo "ENV : ${ENV}" echo "JOB_NAME : ${JOB_NAME}" @@ -24,11 +27,3 @@ gcloud auth configure-docker "${REGION}-docker.pkg.dev" # GARへDockerイメージをビルドしてプッシュ gcloud builds submit --tag "${IMAGE_URI}" . - - - - - - - - diff --git a/scripts/deploy/plan_terraform.sh b/scripts/deploy/plan_terraform.sh index 0fba502..3f87562 100755 --- a/scripts/deploy/plan_terraform.sh +++ b/scripts/deploy/plan_terraform.sh @@ -4,10 +4,9 @@ set -euo pipefail # 変数の設定({HOME}/hash.txt からハッシュ値を取得) -HASH_SUFFIX=${HASH_SUFFIX} - TF_DIR=${TF_DIR:-terraform} ENV=${ENV:-dev} +HASH_SUFFIX=${HASH_SUFFIX} cd "$TF_DIR" From e3c965849150f42d2b41ecfd29b5c5a1652882ad Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:43:39 +0900 Subject: [PATCH 16/23] test --- .github/workflows/deploy_to_gcp.yml | 105 ++++++++++------------------ 1 file changed, 35 insertions(+), 70 deletions(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 2391908..acffd04 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -6,7 +6,6 @@ on: branches: - deploy-prd - deploy-dev - jobs: gcp-deploy: name: Deploy to GCP @@ -22,73 +21,39 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - - name: Check Deploy Tools - run: | - ls -la - echo "Checking gcloud and terraform versions..." - gcloud --version - terraform --version - - - name: Check Gcloud auth - run: | - echo "HOME: ${HOME}" - printf '%s' "$GCP_SA_KEY" > $HOME/sa.json - export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - - gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" - gcloud config set project "$GCP_PROJECT_ID" - - echo "Check gcloud" - gcloud config list - gcloud --version - - - name: Exec Terraform init shell - run: | - export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - ./scripts/deploy/init_terraform.sh - - - name: Exec Container Image Push to Artifact Registry - run: | - export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - ./scripts/deploy/build_image_to_gar.sh - - - name: Exec Terraform plan shell - run: | - export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - ./scripts/deploy/plan_terraform.sh - - - - # steps: - # - name: Checkout code - # uses: actions/checkout@v3 - - # checkout: - # name: Checkout code - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v3 - - # gcp-deploy: - # name: Deploy to GCP - # runs-on: gcloud-tf - # steps: - # - name: Check Deploy Tools - # run: | - # gcloud --version - # terraform --version - # ls -la - - - # - name: Set up Cloud SDK - # uses: google-github-actions/setup-gcloud@v1 - # with: - # project_id: ${{ secrets.GCP_PROJECT_ID }} - # service_account_key: ${{ secrets.GCP_SA_KEY }} - # export_default_credentials: true - - # - name: Run deployment script + # - name: Check Deploy Tools # run: | - # chmod +x ./deploy.sh - # ./deploy.sh + # ls -la + # echo "Checking gcloud and terraform versions..." + # gcloud --version + # terraform --version + + # - name: Check Gcloud auth + # run: | + # echo "HOME: ${HOME}" + # printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + + # gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" + # gcloud config set project "$GCP_PROJECT_ID" + + # echo "Check gcloud" + # gcloud config list + # gcloud --version + + # - name: Exec Terraform init shell + # run: | + # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + # ./scripts/deploy/init_terraform.sh + + # - name: Exec Container Image Push to Artifact Registry + # run: | + # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + # ./scripts/deploy/build_image_to_gar.sh + + # - name: Exec Terraform plan shell + # run: | + # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + # ./scripts/deploy/plan_terraform.sh + + From 843375d950eb2cf442ab73e6bcc8227d28f9bf34 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:49:34 +0900 Subject: [PATCH 17/23] =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index acffd04..4819fbf 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -1,4 +1,4 @@ -name: Gitea Deploy to GCP +name: Gitea Deploy to GCP AR on: workflow_dispatch: @@ -9,7 +9,7 @@ on: jobs: gcp-deploy: name: Deploy to GCP - runs-on: gcloud-tf + runs-on: ubuntu-latest env: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} From 2f50cbbd6e4e1e37c804efdee4d7d87a5399b3a3 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:51:30 +0900 Subject: [PATCH 18/23] test --- .github/workflows/{deploy_to_gcp.yml => deploy_to_run_job.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{deploy_to_gcp.yml => deploy_to_run_job.yml} (100%) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_run_job.yml similarity index 100% rename from .github/workflows/deploy_to_gcp.yml rename to .github/workflows/deploy_to_run_job.yml From 4fd5007a3e5b092c12d10927fc0e9f928a4fc222 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:52:20 +0900 Subject: [PATCH 19/23] test --- .github/workflows/deploy_to_run_job.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy_to_run_job.yml b/.github/workflows/deploy_to_run_job.yml index 4819fbf..7537cfe 100644 --- a/.github/workflows/deploy_to_run_job.yml +++ b/.github/workflows/deploy_to_run_job.yml @@ -19,7 +19,9 @@ jobs: HASH_SUFFIX: ${{ github.sha }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v3 + + # - name: Check Deploy Tools # run: | From 77214306bff1aba88bdd259b355d6334320f8d84 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:52:38 +0900 Subject: [PATCH 20/23] test --- .github/workflows/deploy_to_run_job.yml | 38 ------------------------- 1 file changed, 38 deletions(-) diff --git a/.github/workflows/deploy_to_run_job.yml b/.github/workflows/deploy_to_run_job.yml index 7537cfe..6ae31e5 100644 --- a/.github/workflows/deploy_to_run_job.yml +++ b/.github/workflows/deploy_to_run_job.yml @@ -16,46 +16,8 @@ jobs: REPO_NAME: ${{ github.repository }} HASH_SUFFIX: ${{ github.sha }} JOB_NAME: ${{ vars.JOB_NAME }} - HASH_SUFFIX: ${{ github.sha }} steps: - name: Checkout code uses: actions/checkout@v3 - - # - name: Check Deploy Tools - # run: | - # ls -la - # echo "Checking gcloud and terraform versions..." - # gcloud --version - # terraform --version - - # - name: Check Gcloud auth - # run: | - # echo "HOME: ${HOME}" - # printf '%s' "$GCP_SA_KEY" > $HOME/sa.json - # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - - # gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" - # gcloud config set project "$GCP_PROJECT_ID" - - # echo "Check gcloud" - # gcloud config list - # gcloud --version - - # - name: Exec Terraform init shell - # run: | - # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - # ./scripts/deploy/init_terraform.sh - - # - name: Exec Container Image Push to Artifact Registry - # run: | - # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - # ./scripts/deploy/build_image_to_gar.sh - - # - name: Exec Terraform plan shell - # run: | - # export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - # ./scripts/deploy/plan_terraform.sh - - From 2edea8d13c3ec63609dbebb9ac521549e6982499 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 22:53:37 +0900 Subject: [PATCH 21/23] test --- .github/workflows/deploy_to_gcp.yml | 59 +++++++++++++++++++++++++ .github/workflows/deploy_to_run_job.yml | 23 ---------- 2 files changed, 59 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/deploy_to_gcp.yml delete mode 100644 .github/workflows/deploy_to_run_job.yml diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml new file mode 100644 index 0000000..0920e60 --- /dev/null +++ b/.github/workflows/deploy_to_gcp.yml @@ -0,0 +1,59 @@ +name: Gitea Deploy to GCP + +on: + workflow_dispatch: + pull_request: + branches: + - deploy-prd + - deploy-dev + +jobs: + gcp-deploy: + name: Deploy to GCP + runs-on: gcloud-tf + env: + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} + REPO_NAME: ${{ github.repository }} + HASH_SUFFIX: ${{ github.sha }} + JOB_NAME: ${{ vars.JOB_NAME }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Check Deploy Tools + run: | + ls -la + echo "Checking gcloud and terraform versions..." + gcloud --version + terraform --version + + - name: Check Gcloud auth + run: | + echo "HOME: ${HOME}" + printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + + gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" + gcloud config set project "$GCP_PROJECT_ID" + + echo "Check gcloud" + gcloud config list + gcloud --version + + - name: Exec Terraform init shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/init_terraform.sh + + - name: Exec Container Image Push to Artifact Registry + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/build_image_to_gar.sh + + - name: Exec Terraform plan shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/plan_terraform.sh + + diff --git a/.github/workflows/deploy_to_run_job.yml b/.github/workflows/deploy_to_run_job.yml deleted file mode 100644 index 6ae31e5..0000000 --- a/.github/workflows/deploy_to_run_job.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Gitea Deploy to GCP AR - -on: - workflow_dispatch: - pull_request: - branches: - - deploy-prd - - deploy-dev -jobs: - gcp-deploy: - name: Deploy to GCP - runs-on: ubuntu-latest - env: - GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} - GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} - REPO_NAME: ${{ github.repository }} - HASH_SUFFIX: ${{ github.sha }} - JOB_NAME: ${{ vars.JOB_NAME }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - From 3c1c8159d426f7bdda4ed6df57824fea2b3e3062 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 23:01:26 +0900 Subject: [PATCH 22/23] =?UTF-8?q?=E3=83=87=E3=83=97=E3=83=AD=E3=82=A4?= =?UTF-8?q?=E3=82=BD=E3=83=BC=E3=82=B9=E3=82=92=E6=95=B4=E5=82=99=E3=81=99?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 9 +++++++++ scripts/deploy/applay_terraform.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100755 scripts/deploy/applay_terraform.sh diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 0920e60..c955af1 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -56,4 +56,13 @@ jobs: export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" ./scripts/deploy/plan_terraform.sh + - name: Exec Terraform apply shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/apply_terraform.sh + + - name: Clean up Gcloud auth file + run: | + rm -f $HOME/sa.json + echo "Cleaned up Gcloud auth file." diff --git a/scripts/deploy/applay_terraform.sh b/scripts/deploy/applay_terraform.sh new file mode 100755 index 0000000..5334ae0 --- /dev/null +++ b/scripts/deploy/applay_terraform.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} + +cd "$TF_DIR" + +# --- デプロイ条件 --- +if [[ "${BRANCH_NAME:-}" =~ ^.*deploy$ ]]; then + echo "Start terraform apply (ENV=${ENV}, DIR=${TF_DIR}) ..." +else + echo "Skip terraform apply (branch=${BRANCH_NAME:-})" + exit 0 +fi + +# --- plan 結果があるか確認 --- +if [[ ! -f tfplan ]]; then + echo "ERROR: tfplan not found in $(pwd). Run plan step first." >&2 + exit 1 +fi + +terraform apply -auto-approve tfplan From c8ea858abe76571107fe7eba5d18f105f9009628 Mon Sep 17 00:00:00 2001 From: "ry.yamafuji" Date: Fri, 5 Dec 2025 23:02:47 +0900 Subject: [PATCH 23/23] =?UTF-8?q?=E3=83=96=E3=83=A9=E3=83=B3=E3=83=81?= =?UTF-8?q?=E3=83=8D=E3=83=BC=E3=83=A0=E3=82=92=E8=BF=BD=E5=8A=A0=E3=81=99?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy_to_gcp.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index c955af1..bad81f7 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -17,6 +17,7 @@ jobs: REPO_NAME: ${{ github.repository }} HASH_SUFFIX: ${{ github.sha }} JOB_NAME: ${{ vars.JOB_NAME }} + BRANCH_NAME: ${{ github.ref_name }} steps: - name: Checkout code uses: actions/checkout@v3