💚 fix: Artifact Registryの設定

Suke-H · Nov 3, 2024 · a4f1af3 · a4f1af3
1 parent 32823cc
commit a4f1af3
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -36,17 +36,17 @@ jobs:
 
       - name: Build Docker image
         run: |
-          docker build --no-cache -t gcr.io/${{ secrets.PROJECT_ID }}/${{ env.SERVICE_NAME }}:$GITHUB_SHA .
+          docker build --no-cache -t ${{ env.REGION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/docker-repo/${{ env.SERVICE_NAME }}:$GITHUB_SHA .
 
       - name: Push Docker image
         run: |
-          gcloud auth configure-docker
-          docker push gcr.io/${{ secrets.PROJECT_ID }}/${{ env.SERVICE_NAME }}:$GITHUB_SHA
+          gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev
+          docker push ${{ env.REGION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/docker-repo/${{ env.SERVICE_NAME }}:$GITHUB_SHA
 
       - name: Deploy to Cloud Run
         run: |
           gcloud run deploy ${{ env.SERVICE_NAME }} \
-            --image gcr.io/${{ secrets.PROJECT_ID }}/${{ env.SERVICE_NAME }}:$GITHUB_SHA \
+            --image ${{ env.REGION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/docker-repo/${{ env.SERVICE_NAME }}:$GITHUB_SHA \
             --platform managed \
-            --region  ${{ env.REGION }}\
+            --region ${{ env.REGION }} \
             --allow-unauthenticated
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -51,6 +51,17 @@ resource "google_project_service" "services" {
   }
 }
 
+# Artifact Registryリポジトリの作成
+resource "google_artifact_registry_repository" "docker_repo" {
+  depends_on = [google_project_service.services]
+
+  location      = var.region
+  repository_id = "docker-repo"
+  description   = "Docker repository for GitHub Actions"
+  format        = "DOCKER"
+  project       = var.project_id
+}
+
 # GitHub Actions用のサービスアカウントの作成
 resource "google_service_account" "github_actions" {
   depends_on = [
@@ -107,15 +118,14 @@ resource "google_project_iam_member" "service_account_roles" {
   member  = "serviceAccount:${google_service_account.github_actions.email}"
 }
 
-# Workload Identity Pool と サービスアカウントの紐付け
+# Workload Identity Poolとサービスアカウントの紐付け
 resource "google_service_account_iam_member" "workload_identity_user" {
   service_account_id = google_service_account.github_actions.name
   role               = "roles/iam.workloadIdentityUser"
   member             = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_pool.name}/attribute.repository/${var.github_repo}"
 }
 
 # Secretsに必要な情報を出力
-
 output "PROJECT_ID" {
   value       = var.project_id
   description = "GCP Project ID"