awscliが含まれている「aws-actions/configure-aws-credentials@v1 」というGithubActions用のカタログのようなものがあって、引数でユーザーKeyとSecretを渡すとよしなにしてくれる物があるけれど、複数Profileは対応していないみたい。
なので、Ubuntuイメージに普通にawscliをインストールして、crednecialを2つセットする。
ただ、awscliのインストールに数分かかるのが少しネックだけどしょうがないよね。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
name: "apply-to-production" on: push: branches: [master] jobs: terraform-apply: name: "Terraform apply to master" runs-on: ubuntu-latest environment: production timeout-minutes: 10 defaults: run: shell: bash env: AWS_ENVIRONMENT: production TFSTATE-PROFILE: aws-vamdemic-prod steps: - name: Checkout uses: actions/checkout@v2 - name: Install AWS CLI run: | # Install AWS CLI curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install --update aws --version - name: Add Dev profile credentials to ~/.aws/credentials run: | aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_DEV }} --profile aws-vamdemic-dev aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY_DEV }} --profile aws-vamdemic-dev - name: Add Prod profile credentials to ~/.aws/credentials run: | aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_PROD }} --profile aws-vamdemic-prod aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY_PROD }} --profile aws-vamdemic-prod - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.0.9 - name: Terraform Format run: terraform fmt -check - name: Terraform Init run: terraform init - name: Select workspace ${{ env.AWS_ENVIRONMENT }} run: terraform workspace select ${{ env.AWS_ENVIRONMENT }} - name: Terraform Plan run: terraform plan - name: Terraform Apply run: terraform apply -auto-approve |