\u5728\u8fd9\u7bc7\u6587\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u603b\u7ed3\u5982\u4f55\u5728Terraform\u56e2\u961f\u8fd0\u4f5c\u4e2d\u5b9e\u73b0\u6301\u7eedapply\u3002\u6211\u4eec\u7684\u57fa\u7840\u8bbe\u65bd\u73af\u5883\u662fAWS\uff0c\u4e3b\u8981\u7684\u505a\u6cd5\u4e0e\u5b9e\u8df5Terraform\u7684\u7b2c27\u7ae0”\u6301\u7eedapply\u548cTerraform\u5728\u54ea\u91cc\u6267\u884c”\uff08Continuous apply and where to execute Terraform\uff09\u4e2d\u6240\u603b\u7ed3\u7684\u51e0\u4e4e\u76f8\u540c\u3002\u5728\u5b9e\u9645\u73af\u5883\u5efa\u8bbe\u4e2d\uff0c\u6211\u4eec\u975e\u5e38\u53c2\u8003\u4e86\u8fd9\u7bc7\u6587\u7ae0\uff0c\u5e0c\u671b\u5b83\u80fd\u4f5c\u4e3a\u4e00\u4e2a\u6837\u4f8b\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n
\u5f53\u524d\u4f7f\u7528\u7684\u662f\u5b9e\u9645\u7684\u670d\u52a1\uff0cAWS\u5e73\u53f0\u4e0a\u6709\u4e24\u4e2a\u8d26\u6237\uff0c\u5206\u522b\u7528\u4e8e\u751f\u4ea7\u73af\u5883\u548c\u5f00\u53d1\u73af\u5883\u3002\u751f\u4ea7\u73af\u5883\u5305\u62ecproduction\u548cstaging\uff0c\u800c\u5f00\u53d1\u73af\u5883\u5219\u662fdevelopment\u3002terraform\u7684\u6e90\u4ee3\u7801\u4e0e\u5e94\u7528\u4ee3\u7801\u4e00\u8d77\u901a\u8fc7GitHub\u8fdb\u884c\u7ba1\u7406\uff0c\u91c7\u7528GitFlow\u8fdb\u884c\u8fd0\u7ef4\u3002tf\u6587\u4ef6\u5219\u901a\u8fc7terraform cloud\u8fdb\u884c\u7ba1\u7406\uff0c\u8ba1\u5212\u548c\u5e94\u7528\u5219\u57fa\u672c\u4e0a\u7531\u4e00\u4eba\u5728\u672c\u5730\u8fdb\u884c\u3002<\/p>\n
\u6587\u4ef6\u5939\u7684\u7ed3\u6784\u5982\u4e0b\u6240\u793a\u3002<\/p>\n
app\/ ... \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30b3\u30fc\u30c9\r\nterraform\/prod\/ ... \u672c\u756aAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\r\n \/common ... \u672c\u756aAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u5171\u901a\u306b\u4f7f\u3046\u3082\u306e\u306etf\u30d5\u30a1\u30a4\u30eb\u7fa4\r\n \/prod ... production\u74b0\u5883\u3067\u4f7f\u3046\u3082\u306e\u306etf\u30d5\u30a1\u30a4\u30eb\u7fa4\r\n \/stg ... staging\u74b0\u5883\u3067\u4f7f\u3046\u3082\u306e\u306etf\u30d5\u30a1\u30a4\u30eb\u7fa4\r\n \/dev\/ ... \u958b\u767aAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u7528\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\r\n \/common ... \u958b\u767aAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u5171\u901a\u306b\u4f7f\u3046\u3082\u306e\u306etf\u30d5\u30a1\u30a4\u30eb\u7fa4\r\n \/dev ... develop\u74b0\u5883\u3067\u4f7f\u3046\u3082\u306e\u306etf\u30d5\u30a1\u30a4\u30eb\u7fa4\r\n<\/code><\/pre>\n\u6211\u5011\u5e0c\u671b\u6b64\u6b21\u80fd\u5920\u5be6\u73fe\u7684\u76ee\u6a19\u3002<\/h1>\n\n- \n
AWS\u4e0a\u3067plan,apply\u3092\u3055\u305b\u305f\u3044<\/ul>\n<\/li>\n<\/ul>\n\u5b9f\u884c\u306b\u6642\u9593\u304c\u304b\u304b\u308b\u3082\u306e\u3092\u30ed\u30fc\u30ab\u30eb\u3067\u5b9f\u884c\u3055\u308c\u308b\u306e\u306f\u9014\u4e2d\u3067\u843d\u3061\u306a\u3044\u304b\u4e0d\u5b89<\/p>\n
\u8907\u6570\u4eba\u904b\u7528\u3057\u3066\u3082\u4e8b\u6545\u304c\u8d77\u3053\u3089\u306a\u3044\u3088\u3046\u306b\u3057\u305f\u3044<\/p>\n
\u5e38\u306b\u6700\u65b0\u306e\u72b6\u614b\u3067apply\u304c\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u305f\u3044
\nterraform\u306e\u5185\u5bb9\u3092\u30ec\u30d3\u30e5\u30fc\u3057\u5408\u3048\u308b\u3088\u3046\u3057\u305f\u3044<\/p>\n
\u672c\u756a\u74b0\u5883\u4ee5\u5916\u306f\u3042\u308b\u7a0b\u5ea6\u67d4\u8edf\u306b\u64cd\u4f5c\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u305f\u3044<\/p>\n
\u958b\u767a\u74b0\u5883\u3067\u306f\u30c8\u30e9\u30a4\u30a2\u30f3\u30c9\u30a8\u30e9\u30fc\u304c\u3057\u3084\u3059\u3044\u3088\u3046\u306b\u3057\u305f\u3044\u3002<\/p>\n
# \u6700\u540e\u6210\u529f\u5b9e\u73b0\u7684\u4e8b\u7269<\/p>\n
\n- \n
GitHub\u3067\u30d7\u30eb\u30ea\u30af\u6642\u306bCodeBuild\u4e0a\u3067plan\u5b9f\u884c\u3001\u30de\u30fc\u30b8\u6642\u306bapply\u5b9f\u884c<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
plan,apply\u5b9f\u884c\u6642\u306b\u306fGitHub\u306e\u30b3\u30e1\u30f3\u30c8\u3068Slack\u4e21\u65b9\u306b\u901a\u77e5\u3059\u308b<\/ul>\n<\/li>\n<\/ul>\nGitHub\u3060\u3051\u3060\u3068\u30de\u30fc\u30b8\u5f8c\u306bapply\u3092\u884c\u3063\u305f\u969b\u3001\u7d42\u308f\u3063\u305f\u304b\u3092\u898b\u306b\u884c\u304b\u306a\u3051\u308c\u3070\u3044\u3051\u306a\u3044\u306e\u304c\u624b\u9593\u306a\u306e\u3067<\/p>\n
\u672c\u756a\u3068\u672c\u756a\u5171\u901a\u306eterraform\u306fmaster\u306e\u30de\u30fc\u30b8\u6642\u306b\u305d\u308c\u4ee5\u5916\u306fdevelop\u306e\u30de\u30fc\u30b8\u6642\u306b\u884c\u3046\u3002
\n\u30ed\u30fc\u30ab\u30eb\u3067\u306fapply\u3068plan\u4e21\u65b9\u304c\u5b9f\u884c\u3067\u304d\u3066\u3057\u307e\u3046\u304c\u3001apply\u306f\u5b9f\u884c\u3057\u306a\u3044\u3068\u3044\u3046\u30eb\u30fc\u30eb\u306b\u3059\u308b<\/p>\n
plan\u304c\u3067\u304d\u306a\u3044\u306e\u306f\u4e0d\u4fbf\u306a\u305f\u3081\u3002apply\u304c\u3067\u304d\u308b\u306e\u306f\u585e\u304e\u305f\u304b\u3063\u305f\u304c\u3046\u307e\u304f\u3067\u304d\u305a\u4eca\u5f8c\u306e\u691c\u8a0e\u4e8b\u9805<\/p>\n
\u5b9e\u65bd\u7ec6\u8282<\/h1>\n\u8bf7\u6ce8\u610f\u4ee5\u4e0b\u4e8b\u9879<\/h2>\n
\u8bf7\u6839\u636e\u60a8\u7684\u73af\u5883\u548c\u9700\u6c42\u6765\u4fee\u6539\u5e76\u7ecf\u8fc7\u5145\u5206\u7684\u64cd\u4f5c\u786e\u8ba4\u540e\u4f7f\u7528\u6240\u63d0\u4f9b\u7684\u4ee3\u7801\u3002\u6b64\u5916\uff0c\u7531\u4e8e\u6b64\u64cd\u4f5c\u8fd8\u6ca1\u6709\u5b8c\u5168\u6210\u719f\uff0c\u6240\u4ee5\u672a\u6765\u53ef\u80fd\u9700\u8981\u8fdb\u884c\u4fee\u6b63\u3002\u5982\u679c\u6709\u5173\u66f4\u597d\u7684\u65b9\u6cd5\u7684\u6307\u5bfc\u610f\u89c1\uff0c\u5c06\u975e\u5e38\u611f\u6fc0\uff01<\/p>\n
\u6587\u4ef6\u5939\u7ed3\u6784<\/h2>\n
\u5728\u5236\u5b9a\u8fd9\u6b21\u65b9\u6848\u65f6\uff0c\u6211\u4eec\u6dfb\u52a0\u4e86\u4ee5\u4e0b\u5185\u5bb9\u3002<\/p>\n
terraform\/continuous_apply\/script\/apply.sh ... apply\u7528\u306e\u30b7\u30a7\u30eb\r\n \/build.sh ... apply\u304bplan\u304b\u3067\u632f\u308a\u5206\u3051\u308b\u7528\u306e\u30b7\u30a7\u30eb\r\n \/install.sh ... tfnotify\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u7528\r\n \/plan.sh ... plan\u7528\u306e\u30b7\u30a7\u30eb\r\n \/_terraformrc ... terraform cloud\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7528\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\r\n \/buildspec.yml ... CodeBuild\u7528\u306eyaml\r\n \/tfnotify_github.yml ... tfnotify\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3001github\u7528\r\n \/tfnotify_slack.yml ... tfnotify\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3001slack\u7528\r\n<\/code><\/pre>\n\u6211\u4f1a\u9010\u4e2a\u67e5\u770b\u6bcf\u4e2a\u6587\u4ef6\u3002<\/p>\n
\u5728CodeBuild\u4e2d\u6267\u884c\u7684Shell\u811a\u672c<\/h2>\n
\u5728install.sh\u811a\u672c\u4e2d\uff0c\u6211\u4eec\u6b63\u5728\u5b89\u88c5tfnotify\u3002\u5982\u679c\u5df2\u7ecf\u6709\u4e00\u4e2a\u5305\u542btfnotify\u7684\u5bb9\u5668\u955c\u50cf\uff0c\u90a3\u5c31\u5f88\u597d\u4e86\uff0c\u6211\u4eec\u8ba1\u5212\u4ee5\u540e\u4f1a\u505a\u76f8\u5e94\u7684\u9002\u914d\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u7531\u4e8e\u6211\u4eec\u5b89\u88c5\u7684\u662f\u6700\u65b0\u7248\u672c\u7684tfnotify\uff0c\u6240\u4ee5\u6211\u4eec\u5df2\u7ecf\u4fee\u6539\u4e86\u5b9e\u8df5Terraform\u4e2d\u7684\u793a\u4f8b\u811a\u672c\u3002<\/p>\n
#!\/bin\/sh<\/span>\r\n\r\nVERSION<\/span>=<\/span>\"v0.6.1\"<\/span>\r\nBASE_URL<\/span>=<\/span>https:\/\/github.com\/mercari\/tfnotify\/releases\/download\r\nDOWNLOAD_URL<\/span>=<\/span>\"<\/span>${<\/span>BASE_URL<\/span>}<\/span>\/<\/span>${<\/span>VERSION<\/span>}<\/span>\/tfnotify_linux_amd64.tar.gz\"<\/span>\r\nwget ${<\/span>DOWNLOAD_URL<\/span>}<\/span> -P<\/span> \/tmp\r\nmkdir<\/span> -p<\/span> \/tmp\/tfnotify_linux_amd64\r\ntar <\/span>zxvf \/tmp\/tfnotify_linux_amd64.tar.gz -C<\/span> \/tmp\/tfnotify_linux_amd64\r\nmv<\/span> \/tmp\/tfnotify_linux_amd64\/tfnotify \/usr\/local\/bin\/tfnotify\r\n<\/code><\/pre>\n\u5728 build.sh \u811a\u672c\u4e2d\uff0c\u6211\u4eec\u6839\u636e\u662f\u5426\u8fdb\u884c\u5408\u5e76\u548c\u5408\u5e76\u65f6\u662f\u5426\u9009\u62e9\u751f\u4ea7\u73af\u5883\u6765\u8fdb\u884c\u5206\u6d41\u3002\u7136\u800c\uff0c\u76ee\u524d\u8fd8\u65e0\u6cd5\u5c06\u8ba1\u5212\u5206\u6d41\u3002<\/p>\n
#!\/bin\/sh<\/span>\r\nset<\/span> -x<\/span>\r\n\r\nif<\/span> [[<\/span> ${<\/span>CODEBUILD_WEBHOOK_TRIGGER<\/span>}<\/span> =<\/span> 'branch\/master'<\/span> ]]<\/span>;<\/span> then<\/span>\r\n ${<\/span>CODEBUILD_SRC_DIR<\/span>}<\/span>\/terraform\/continuous_apply\/scripts\/apply.sh master\r\nelif<\/span> [[<\/span> ${<\/span>CODEBUILD_WEBHOOK_TRIGGER<\/span>}<\/span> =<\/span> 'branch\/develop'<\/span> ]]<\/span>;<\/span> then<\/span>\r\n ${<\/span>CODEBUILD_SRC_DIR<\/span>}<\/span>\/terraform\/continuous_apply\/scripts\/apply.sh develop\r\nelse<\/span>\r\n ${<\/span>CODEBUILD_SRC_DIR<\/span>}<\/span>\/terraform\/continuous_apply\/scripts\/plan.sh\r\nfi<\/span>\r\n<\/code><\/pre>\n\u8ba1\u5212\u5c06\u83b7\u53d6\u5230\u6709\u66f4\u6539\u7684\u6587\u4ef6\u5939\uff0c\u5e76\u6267\u884cterraform apply\u3002\u4e3a\u4e86\u901a\u77e5GitHub\u548cSlack\uff0c\u6211\u5c06\u4f7f\u7528\u53cc\u91cd\u7ba1\u9053\u8fdb\u884c\u4e24\u6b21\u901a\u77e5\u3002<\/p>\n
#!\/bin\/sh<\/span>\r\n\r\nDIRS<\/span>=<\/span>$(<\/span>git --no-pager<\/span> diff origin\/develop..HEAD --name-only<\/span> | xargs -I<\/span> {}<\/span> dirname<\/span> {}<\/span> | grep<\/span> \"terraform\"<\/span> | uniq<\/span>)<\/span>\r\nif<\/span> [<\/span> -z<\/span> \"<\/span>$DIRS<\/span>\"<\/span> ]<\/span>;<\/span> then\r\n <\/span>echo<\/span> \"No directories for apply.\"<\/span>\r\n exit <\/span>0\r\nfi\r\n\r\nfor <\/span>dir <\/span>in<\/span> $DIRS<\/span>\r\ndo\r\n if<\/span> [<\/span> !<\/span> -e<\/span> $dir<\/span>\/terraform.tf ]<\/span>;<\/span> then\r\n continue\r\n fi\r\n\r\n <\/span>echo<\/span> $dir<\/span>\r\n (<\/span>cd<\/span> $dir<\/span> &&<\/span> terraform init -input<\/span>=<\/span>false<\/span> -no-color<\/span>)<\/span>\r\n (<\/span>cd<\/span> $dir<\/span> &&<\/span> terraform plan -input<\/span>=<\/span>false<\/span> -no-color<\/span> | tfnotify --config<\/span> ${<\/span>CODEBUILD_SRC_DIR<\/span>}<\/span>\/terraform\/continuous_apply\/tfnotify_github.yml plan --message<\/span> \"<\/span>$dir<\/span>\"<\/span> | tfnotify --config<\/span> ${<\/span>CODEBUILD_SRC_DIR<\/span>}<\/span>\/terraform\/continuous_apply\/tfnotify_slack.yml plan --message<\/span> \"<\/span>$dir<\/span>\"<\/span> )<\/span>\r\ndone<\/span>\r\n<\/code><\/pre>\n\u5728apply\u7684shell\u4e2d\uff0c\u57fa\u672c\u6d41\u7a0b\u4e0eplan\u76f8\u540c\uff0c\u4f46\u533a\u5206\u4e86\u662f\u7528\u4e8e\u751f\u4ea7\u73af\u5883\u8fd8\u662f\u5176\u4ed6\u73af\u5883\u3002<\/p>\n
#!\/bin\/sh<\/span>\r\n\r\nMODE<\/span>=<\/span>$1<\/span>\r\nPROD_DIRS<\/span>=<\/span>'terraform\/prod\/prod|terraform\/prod\/common'<\/span>\r\n\r\necho<\/span> \"Mode: <\/span>${<\/span>MODE<\/span>}<\/span>\"<\/span>\r\n\r\nMESSAGE<\/span>=<\/span>$(<\/span>git log ${<\/span>CODEBUILD_SOURCE_VERSION<\/span>}<\/span> -1<\/span> --pretty<\/span>=<\/span>format:\"%s\"<\/span>)<\/span>\r\nCODEBUILD_SOURCE_VERSION<\/span>=<\/span>$(<\/span>echo<\/span> ${<\/span>MESSAGE<\/span>}<\/span> | cut<\/span> -f4<\/span> -d<\/span>' '<\/span> | sed<\/span> 's\/#\/pr\\\/\/'<\/span>)<\/span>\r\n\r\nget_dir_list ()<\/span> {<\/span>\r\n if<\/span> [<\/span> $1<\/span> =<\/span> 'master'<\/span> ]<\/span>;<\/span> then\r\n <\/span>git --no-pager<\/span> diff HEAD^..HEAD --name-only<\/span> | xargs -I<\/span> {}<\/span> dirname<\/span> {}<\/span> | grep<\/span> \"terraform\"<\/span> | egrep \"<\/span>$2<\/span>\"<\/span> | uniq\r\n <\/span>else\r\n <\/span>git --no-pager<\/span> diff HEAD^..HEAD --name-only<\/span> | xargs -I<\/span> {}<\/span> dirname<\/span> {}<\/span> | grep<\/span> \"terraform\"<\/span> | egrep -v<\/span> \"<\/span>$2<\/span>\"<\/span> | uniq\r\n <\/span>fi<\/span>\r\n}<\/span>\r\n\r\nDIRS<\/span>=<\/span>$(<\/span>get_dir_list $MODE<\/span> $PROD_DIRS<\/span>)<\/span>\r\necho<\/span> $DIRS<\/span>\r\n\r\nif<\/span> [<\/span> -z<\/span> \"<\/span>$DIRS<\/span>\"<\/span> ]<\/span>;<\/span> then\r\n <\/span>echo<\/span> \"No directories for apply.\"<\/span>\r\n exit <\/span>0\r\nfi\r\n\r\nfor <\/span>dir <\/span>