awscliが含まれている「aws-actions/configure-aws-credentials@v1 」というGithubActions用のカタログのようなものがあって、引数でユーザーKeyとSecretを渡すとよしなにしてくれる物があるけれど、複数Profileは対応していないみたい。
なので、Ubuntuイメージに普通にawscliをインストールして、crednecialを2つセットする。
ただ、awscliのインストールに数分かかるのが少しネックだけどしょうがないよね。
name: "apply-to-production"
on:
push:
branches: [master]
jobs:
terraform-apply:
name: "Terraform apply to master"
runs-on: ubuntu-latest
environment: production
timeout-minutes: 10
defaults:
run:
shell: bash
env:
AWS_ENVIRONMENT: production
TFSTATE-PROFILE: aws-vamdemic-prod
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install AWS CLI
run: |
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --update
aws --version
- name: Add Dev profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_DEV }} --profile aws-vamdemic-dev
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY_DEV }} --profile aws-vamdemic-dev
- name: Add Prod profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_PROD }} --profile aws-vamdemic-prod
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY_PROD }} --profile aws-vamdemic-prod
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.0.9
- name: Terraform Format
run: terraform fmt -check
- name: Terraform Init
run: terraform init
- name: Select workspace ${{ env.AWS_ENVIRONMENT }}
run: terraform workspace select ${{ env.AWS_ENVIRONMENT }}
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
run: terraform apply -auto-approve