feat: enable automatic deployment in CI/CD pipeline#3
Merged
takaokouji merged 2 commits intomainfrom Sep 20, 2025
Merged
Conversation
Enable automatic deployment to production when changes are pushed to main branch. Manual deployment testing has been completed successfully, so it's safe to enable automated deployment in GitHub Actions. Changes: - Uncomment and activate deploy job in GitHub Actions workflow - Add sam build step before deployment for clean builds - Add deployment outputs display for visibility - Configure production environment protection - Use --resolve-s3 flag for automatic S3 bucket management Deployment will trigger on: - Push to main branch - After successful lint, test, and SAM template validation - Requires AWS credentials configured in GitHub secrets 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace long-lived AWS credentials with OIDC (OpenID Connect) for enhanced security. This eliminates the need to store AWS access keys in GitHub secrets and provides short-lived, automatically rotated tokens. Changes: - Update ci-cd.yml to use role-to-assume instead of access keys - Add required permissions (id-token: write, contents: read) - Create comprehensive OIDC setup documentation in Japanese - Configure role session name for better CloudTrail logging Security improvements: - No long-lived credentials stored in GitHub - Automatic token rotation - Access restricted to specific repository and branch - Enhanced audit logging with session names Setup required: 1. Create AWS OIDC Identity Provider 2. Create IAM role with appropriate permissions 3. Add AWS_ROLE_ARN to GitHub secrets See OIDC_SETUP.md for detailed setup instructions. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enable automatic deployment to production environment when changes are pushed to the main branch. Manual deployment testing has been completed successfully, confirming the infrastructure works correctly.
Changes
🚀 Deployment Automation
🔧 Deployment Configuration
--resolve-s3for automatic bucket handlingsmalruby-infra-prodstack📋 Deployment Process
Prerequisites
GitHub Secrets Required
AWS_ACCESS_KEY_ID: AWS access key for deploymentAWS_SECRET_ACCESS_KEY: AWS secret key for deploymentManual Testing Completed ✅
Deployment Flow
Benefits
Breaking Changes
None - this only enables automation for the existing deployment process.
Next Steps
After this PR is merged:
🤖 Generated with Claude Code