<aside class="msg message">!<div class="msg-content">
この記事は<a href="https://qiita.com/advent-calendar/2023/github-actions" target="_blank" rel="nofollow noopener noreferrer">GitHub Actions Advent Calendar 2023</a>の16日目の記事です。
</div></aside>

<h1 id="%E3%81%AF%E3%81%98%E3%82%81%E3%81%AB">
<a class="header-anchor-link" href="#%E3%81%AF%E3%81%98%E3%82%81%E3%81%AB" aria-hidden="true"></a> はじめに</h1>
今まではデプロイ環境ごとにworkflowファイルを用意していました。
<div class="code-block-container"><pre class="language-txt"><code class="language-txt">.github
└── workflows
 ├── deploy_dev.yml
 └── deploy_prod.yml
</code></pre></div>上記をReusable workflowを使うことで共通化できたのでまとめます。
<div class="code-block-container"><pre class="language-txt"><code class="language-txt">.github
└── workflows
 ├── deploy.yml
 └── internal_deploy.yml
</code></pre></div><h1 id="%E5%95%8F%E9%A1%8C">
<a class="header-anchor-link" href="#%E5%95%8F%E9%A1%8C" aria-hidden="true"></a> 問題</h1>
環境ごとにworkflowファイルが分かれており、処理内容はまったく同じでした。 
処理内容の変更や新たな環境の追加があると、各workflowファイルを更新する必要があるため、手間になりそうです。
<h1 id="reusable-workflow%E3%82%92%E4%BD%BF%E3%81%86">
<a class="header-anchor-link" href="#reusable-workflow%E3%82%92%E4%BD%BF%E3%81%86" aria-hidden="true"></a> Reusable workflowを使う</h1>
<h2 id="reusable-workflow%E3%81%AE%E4%BD%9C%E6%88%90">
<a class="header-anchor-link" href="#reusable-workflow%E3%81%AE%E4%BD%9C%E6%88%90" aria-hidden="true"></a> Reusable workflowの作成</h2>
共通した処理内容をReusable workflowに書きます。
<ul>
<li>
<code>on.workflow_call</code>で別のワークフローから呼び出せるようにします。</li>
<li>
<code>on.workflow_call.inputs</code>で引数を設定します。</li>
<li>
<code>on.workflow_call.secrets</code>でsecretを設定します。</li>
<li>
<code>deploy</code>ジョブの<code>environment</code>に引数の<code>environment</code>を設定します。</li>
</ul>
<aside class="msg message">!<div class="msg-content">
設定したenvironmentのシークレットを使う際、<code>on.workflow_call.secrets</code>に同名の名称を定義する必要があります。 
<a href="https://github.com/orgs/community/discussions/25238#discussioncomment-3247035" target="_blank" rel="nofollow noopener noreferrer">https://github.com/orgs/community/discussions/25238#discussioncomment-3247035</a>
</div></aside>
<div class="code-block-container">
<div class="code-block-filename-container">.github/workflows/internal_deploy.yml</div>
<pre class="language-yml"><code class="language-yml">name: Deploy

on:
 workflow_call:
 inputs:
 environment:
 type: string
 required: true
 secrets:
 AWS_ACCESS_KEY_ID:
 required: true
 AWS_SECRET_ACCESS_KEY:
 required: true

jobs:
 deploy:
 name: Deploy
 runs-on: ubuntu-latest
 timeout-minutes: 120
 environment: ${{ inputs.environment }}
 steps:
 - name: checkout
 uses: actions/checkout@v4

 - name: setup node.js
 uses: actions/setup-node@v4

 - name: install cli
 run: npm i -g aws-cdk

 - name: configure aws credentials
 uses: aws-actions/configure-aws-credentials@v4
 with:
 aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
 aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 aws-region: ap-northeast-1

 - name: Deploy
 run: cdk deploy --context env=${{ inputs.environment }} --require-approval never
</code></pre>
</div><h2 id="reusable-workflow%E3%81%AE%E5%91%BC%E3%81%B3%E5%87%BA%E3%81%97">
<a class="header-anchor-link" href="#reusable-workflow%E3%81%AE%E5%91%BC%E3%81%B3%E5%87%BA%E3%81%97" aria-hidden="true"></a> Reusable workflowの呼び出し</h2>
環境ごとにReusable workflowを呼び出すworkflowを作成します。
<ul>
<li>
<code>dev_v</code>、<code>prod_v</code>から始まるタグをプッシュしたときに起動するworkflowです。
</li>
<li>
<code>deploy-to-dev</code>、<code>deploy-to-prod</code>ジョブを用意します。
<ul>
<li>タグ名によってデプロイ先を変更しています。</li>
<li>
<code>uses</code>に作成したReusable workflowを指定します。</li>
<li>
<code>with</code>に引数を渡します。</li>
<li>
<code>secrets</code>に<code>inherit</code>を指定することで、Reusable workflow内で利用可能なシークレット(organization、repository、environmentレベル)を自動的に引き継ぐことができます。
<ul>
<li><a href="https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit" target="_blank" rel="nofollow noopener noreferrer">https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit</a></li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="code-block-container">
<div class="code-block-filename-container">.github/workflows/deploy.yml</div>
<pre class="language-yml"><code class="language-yml">name: Deploy

on:
 push:
 tags:
 - "dev_v*"
 - "prod_v*"

jobs:
 integration:
 name: Integration
 runs-on: ubuntu-latest
 timeout-minutes: 5
 outputs:
 tag_name: ${{ steps.get_tag_name.outputs.TAG_NAME }}
 steps:
 - name: Get tag name
 id: get_tag_name
 run: |
 echo "TAG_NAME=${GITHUB_REF#refs/tags/}" &gt;&gt; "$GITHUB_OUTPUT"

 deploy-to-dev:
 name: Deploy to Development Environment
 needs: integration
 if: ${{ startsWith(needs.integration.outputs.tag_name, 'dev_v') }}
 uses: ./.github/workflows/internal_deploy.yml
 with:
 environment: dev
 secrets: inherit

 deploy-to-prod:
 name: Deploy to Production Environment
 needs: integration
 if: ${{ startsWith(needs.integration.outputs.tag_name, 'prod_v') }}
 uses: ./.github/workflows/internal_deploy.yml
 with:
 environment: prod
 secrets: inherit
</code></pre>
</div><h1 id="%E5%8F%82%E8%80%83">
<a class="header-anchor-link" href="#%E5%8F%82%E8%80%83" aria-hidden="true"></a> 参考</h1>
<a href="https://docs.github.com/en/actions/using-workflows/reusing-workflows" target="_blank" rel="nofollow noopener noreferrer">https://docs.github.com/en/actions/using-workflows/reusing-workflows</a>
<a href="https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_call" target="_blank" rel="nofollow noopener noreferrer">https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_call</a>
<a href="https://github.com/orgs/community/discussions/25238#discussioncomment-4367677" target="_blank" rel="nofollow noopener noreferrer">https://github.com/orgs/community/discussions/25238#discussioncomment-4367677</a>

EnvironmentsとReusable workflowsを使った処理の共通化

zenn-content

Discussion