📘
GitHub Actions/Terraformを用いてGCFへのデプロイとScheduler/PubSubの設定を行う
Note
個人用のメモです。
やりたいこと
- GitHub ActionsによるGoogle Cloud Functionsのデプロイ
- TerraformによるScheduler, PubSubの設定
- Github ActionsでTerraformを自動化
1. GitHub ActionsによるGCFのデプロイ
name: Deploy Cloud Functions
on:
workflow_dispatch:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- uses: actions/checkout@v3
- id: auth
uses: google-github-actions/auth@v0
with:
workload_identity_provider: "projects/your-project-id/locations/global/workloadIdentityPools/your-workload-identity-pool/providers/your-provider"
service_account: "your-service-account@your-project-id.iam.gserviceaccount.com"
- id: deploy_your_function
uses: "google-github-actions/deploy-cloud-functions@v0"
with:
name: "your-function"
runtime: "python39"
env_vars:
ENV=prod
service_account_email: "your-service-account@your-project-id.iam.gserviceaccount.com"
source_dir: "src"
event_trigger_type: "google.pubsub.topic.publish"
event_trigger_resource: "projects/your-project-name/topics/your_function"
timeout: 500
注意点: TBA
2. TerraformによるScheduler, PubSubの設定
resource "google_pubsub_topic" "your_function_topic" {
name = "your_function"
}
resource "google_pubsub_subscription" "your_function_subscription" {
name = "your_function_subscription"
topic = google_pubsub_topic.your_function_topic.name
message_retention_duration = "604800s"
retain_acked_messages = true
ack_deadline_seconds = 600
enable_message_ordering = false
expiration_policy {
ttl = ""
}
}
resource "google_cloud_scheduler_job" "your_function_job" {
name = "your_function"
description = "your_function"
schedule = "0 * * * *"
region = "asia-northeast1"
time_zone = "Asia/Tokyo"
pubsub_target {
topic_name = google_pubsub_topic.your_function_topic.id
data = base64encode("test")
}
}
注意点: TBA
3. Github ActionsでTerraformを自動化
name: Terraform Apply
on:
pull_request:
branches:
- main
types: [closed]
env:
TF_VERSION: '1.2.9'
TF_WORK_DIR: 'terraform'
jobs:
apply:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0.4.0
with:
workload_identity_provider: "projects/your-project-id/locations/global/workloadIdentityPools/your-workload-identity-pool-for-terraform/providers/your-provider-for-terraform"
service_account: "your-service-account-for-terraform@your-project-id.iam.gserviceaccount.com"
- name: Checkout
uses: actions/checkout@v2.1.0
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1.3.2
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Terraform Init
id: init
working-directory: ${{ env.TF_WORK_DIR }}
run: |
terraform init
- name: Terrafrom Validate
id: validate
working-directory: ${{ env.TF_WORK_DIR }}
run: terraform validate -no-color
- name: Terraform Plan
id: plan
working-directory: ${{ env.TF_WORK_DIR }}
run: |
terraform plan -no-color
- name: Terraform Apply
id: apply
working-directory: ${{ env.TF_WORK_DIR }}
run: |
terraform apply -refresh-only
注意点: TBA
参考資料
Discussion