Skip to content

feat: enable automatic deployment in CI/CD pipeline #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
takaokouji merged 2 commits into from
Sep 20, 2025
Merged

feat: enable automatic deployment in CI/CD pipeline #3

takaokouji merged 2 commits into from
Sep 20, 2025

Conversation

@takaokouji
Copy link
Contributor

@takaokouji takaokouji commented Sep 20, 2025

Summary

Enable automatic deployment to production environment when changes are pushed to the main branch. Manual deployment testing has been completed successfully, confirming the infrastructure works correctly.

Changes

🚀 Deployment Automation

  • Uncommented deploy job: Activated the previously disabled deployment step
  • Added sam build step: Ensures clean build before deployment
  • Added deployment outputs: Display CloudFormation outputs for visibility
  • Production environment: Uses GitHub environment protection

🔧 Deployment Configuration

  • Trigger condition: Deploys only on push to main branch
  • Dependencies: Runs after successful lint, test, and SAM validation
  • S3 bucket management: Uses --resolve-s3 for automatic bucket handling
  • Stack configuration: Deploys to smalruby-infra-prod stack

📋 Deployment Process

  1. Lint and Test: Ruby Standard style check and RSpec tests
  2. SAM Validation: Template validation and build verification
  3. Deploy: Automatic deployment to AWS using SAM CLI
  4. Output Display: Shows API Gateway URL and function ARNs

Prerequisites

GitHub Secrets Required

  • AWS_ACCESS_KEY_ID: AWS access key for deployment
  • AWS_SECRET_ACCESS_KEY: AWS secret key for deployment

Manual Testing Completed ✅

  • All endpoints tested and working correctly
  • CORS functionality verified
  • OPTIONS methods properly routed to cors-for-smalruby function
  • Performance improvements confirmed (ARM64, memory optimization)

Deployment Flow

Push to main → Lint & Test → SAM Validation → Deploy to AWS
                    ↓              ↓              ↓
                 ✅ Pass        ✅ Pass        🚀 Production

Benefits

  1. Automated delivery: Reduces manual deployment overhead
  2. Consistent deployments: Same process every time
  3. Quick feedback: Immediate deployment after successful validation
  4. Safety checks: Multiple validation steps before deployment
  5. Visibility: Deployment outputs logged for monitoring

Breaking Changes

None - this only enables automation for the existing deployment process.

Next Steps

After this PR is merged:

  1. Any push to main will trigger automatic deployment
  2. Monitor GitHub Actions for deployment status
  3. Verify deployment outputs in action logs

🤖 Generated with Claude Code

takaokouji and others added 2 commits September 20, 2025 18:16
@takaokouji @claude
feat: enable automatic deployment in CI/CD pipeline
bc6c6aa 
Enable automatic deployment to production when changes are pushed to main branch.
Manual deployment testing has been completed successfully, so it's safe to enable
automated deployment in GitHub Actions.

Changes:
- Uncomment and activate deploy job in GitHub Actions workflow
- Add sam build step before deployment for clean builds
- Add deployment outputs display for visibility
- Configure production environment protection
- Use --resolve-s3 flag for automatic S3 bucket management

Deployment will trigger on:
- Push to main branch
- After successful lint, test, and SAM template validation
- Requires AWS credentials configured in GitHub secrets

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@takaokouji @claude
feat: migrate to OIDC authentication for GitHub Actions
9974c40 
Replace long-lived AWS credentials with OIDC (OpenID Connect) for enhanced security.
This eliminates the need to store AWS access keys in GitHub secrets and provides
short-lived, automatically rotated tokens.

Changes:
- Update ci-cd.yml to use role-to-assume instead of access keys
- Add required permissions (id-token: write, contents: read)
- Create comprehensive OIDC setup documentation in Japanese
- Configure role session name for better CloudTrail logging

Security improvements:
- No long-lived credentials stored in GitHub
- Automatic token rotation
- Access restricted to specific repository and branch
- Enhanced audit logging with session names

Setup required:
1. Create AWS OIDC Identity Provider
2. Create IAM role with appropriate permissions
3. Add AWS_ROLE_ARN to GitHub secrets

See OIDC_SETUP.md for detailed setup instructions.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@takaokouji takaokouji merged commit 4fd0669 into main Sep 20, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@takaokouji