GitHub Actions でTerraformを安全に実行する仕組み

8.4K Views

September 01, 23

#SRE Holdings Corporation #Terraform #CI/CD #GitHub Actions #Slack Notifications

スライド概要

小澤友彦

@kota65535

スライド一覧

エンジニア

またはPlayer版

埋め込む »CMSなどでJSが使えない場合

ダウンロード

ダウンロード(pdf - 6.62MB)

関連スライド

TerraformでもSQLスキーマの管理がしたい！

小澤友彦 3.9K

猫でも分かるUnreal Engineの学び方 - 超初心者向け編 - 2023 v1.0

ue4 ue5 ue-beginner

エピックゲームズジャパン 1.3M

Unreal Engine5 Lumenの仕組みと肝心なところ

ue5 ue-rendering ue-lumen

エピックゲームズジャパン 1.1M

SQL滅ぶべし

株式会社ホクソエム 849.4K

猫でも分かる UE5.0, 5.1 におけるアニメーションの新機能について【CEDEC+KYUSHU 2022】

ue5 cedec+kyushu ue-animation ue-optimize ue-bp ue-physics ue-sequencer

エピックゲームズジャパン 797.2K

各ページのテキスト

https://twitter.com/kota65535

https://developer.hashicorp.com/terraform/tutorials/state/resource-targeting

10.

11.

12.

13.

14.

15.

Plan • terraform plan Plan jobs: plan: steps: ... - name: Run terraform init run: terraform init - name: Run terraform plan run: terraform plan -out tfplan - name: Upload plan file uses: actions/upload-artifact@v3 with: name: Terraform plan file path: tfplan Plan Plan ... © 2023 SRE Holdings Corporation 15

16.

17.

18.

Plan Slack Plan • jobs: plan: ... after-plan: needs: - plan steps: - name: Notify terraform plan result to slack uses: kota65535/github-terraform-plan-slack-action@v1 id: plan-result with: plan-job: plan terraform plan plan-step: Run terraform plan channel: infra-dev Slack ... © 2023 SRE Holdings Corporation 18

19.

20.

[beta]

Apply
Slack

•
after-plan:
needs:
- plan
steps:
...

- name: Ask if apply workflow should be run
should-apply true
if: steps.plan-result.outputs.should-apply == 'true'
uses: kota65535/github-workflow-dispatch-slack-action@v1
with:
workflow: apply-dev.yml
inputs: '{"plan-workflow-run-id":"${{ github.run_id }}","commit":"${{ github.sha }}"}'
channel: infra-dev
Slack

© 2023 SRE Holdings Corporation

20

21.

22.

23.

24.

[beta]

Apply
•

User Interaction
⁃

•

Slack Bot

cf. https://qiita.com/odm_knpr0122/items/04c342ec8d9fe85e0fe9

Request URL
⁃
⁃

•

Slack Bot

Slack

POST

Endpoint URL

API Gateway

URL

Veri cation Token
⁃

Endpoint Public

⁃

Slack Bot

{
"choice": true,
"request": {
"owner": "sre-aip",
"repo": "sample-basic",
"workflow_id": "apply-dev.yml",
...
}
}
}

© 2023 SRE Holdings Corporation

24

https://qiita.com/odm_knpr0122/items/04c342ec8d9fe85e0fe9

25.

Apply Terraform • AWS Slack User Interaction API Gateway, Lambda module "github_workflow_dispatch_slack" { source = "kota65535/github-workflow-dispatch-slack/aws" version = "0.1.0" github_token = "aaaaaaaa" slack_verification_token = "bbbbbbbb" } © 2023 SRE Holdings Corporation 25

26.

Apply Work ow Dispatch • ⁃ Plan ⁃ Plan Run ID name: Apply to dev on: workflow_dispatch: inputs: commit: description: Commit hash type: string plan-workflow-run-id: description: Plan workflow run ID type: string required: false ... © 2023 SRE Holdings Corporation 26

27.

Apply • Plan terraform apply jobs: apply: steps: ... - name: Download plan file if run ID given uses: dawidd6/action-download-artifact@v2 with: run_id: ${{ github.event.inputs.plan-workflow-run-id }} name: Terraform plan file path: terraform/envs/${{ env.ENV }} - name: Run terraform init run: terraform init - name: Run terraform apply Apply run: terraform apply tfplan © 2023 SRE Holdings Corporation Plan 27

28.

29.

30.

• github-terraform-plan-slack-action ⁃ • github-work ow-dispatch-slack-action ⁃ • Terraform Plan GitHub Action Work ow Slack terraform-aws-github-work ow-dispatch-slack ⁃ GitHub Action Work ow Terraform Module © 2023 SRE Holdings Corporation Slack API Gateway + Lambda 30

31.

GitHub Actions でTerraformを 安全に実行する仕組み