[{"data":1,"prerenderedAt":1536},["ShallowReactive",2],{"blog-ja-github-actions-kubernetes-cicd":3,"blog-ja-github-actions-kubernetes-cicd-alt":171},{"id":4,"title":5,"author":6,"body":7,"date":1522,"description":1523,"extension":1524,"image":83,"locale":1525,"meta":1526,"navigation":171,"path":1527,"seo":1528,"stem":1529,"tags":1530,"__hash__":1535},"blog\u002Fblog\u002Fja\u002Fgithub-actions-kubernetes-cicd.md","GitHub Actions で Kubernetes ci-cd パイプラインを構築する","Kubo Team",{"type":8,"value":9,"toc":1501},"minimark",[10,22,27,35,47,53,65,77,286,294,298,301,306,533,543,562,565,693,701,705,714,717,944,963,966,1037,1046,1050,1058,1062,1084,1088,1194,1200,1203,1206,1335,1339,1440,1443,1446,1474,1478,1481,1497],[11,12,13,14,21],"p",{},"GitHub Actions は、コードリポジトリと完全に統合された ci-cd プラットフォームとして、Kubernetes デプロイの自動化に最適な選択肢です。2025 年には Kubernetes 統合の利用が前年比 45% 増加し、レガシー CI システムからの移行で平均 32% のデプロイサイクル短縮が報告されています。",[15,16,20],"a",{"href":17,"rel":18},"https:\u002F\u002Fkubo.hexabase.io\u002F",[19],"nofollow","Kubo"," のマネージド Kubernetes 環境と GitHub Actions を組み合わせれば、堅牢な ci-cd パイプラインを迅速に構築できます。本記事では、実践的なパイプライン構築の全手順を解説します。",[23,24,26],"h2",{"id":25},"github-actions-の基本コンセプトと-kubernetes-連携","GitHub Actions の基本コンセプトと Kubernetes 連携",[11,28,29,34],{},[15,30,33],{"href":31,"rel":32},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Factions",[19],"GitHub Actions"," は、YAML ベースのワークフロー定義で ci-cd パイプラインを構築するプラットフォームです。Kubernetes デプロイに関連する主要コンポーネントを理解しましょう。",[11,36,37,41,42,46],{},[38,39,40],"strong",{},"ワークフロー（Workflows）",": ",[43,44,45],"code",{},".github\u002Fworkflows\u002F"," ディレクトリに配置する YAML ファイル。プッシュ、プルリクエスト、スケジュールなどのイベントでトリガーされます。",[11,48,49,52],{},[38,50,51],{},"ジョブ（Jobs）",": ワークフロー内の実行単位。ビルド、テスト、デプロイを並列または直列で実行可能です。",[11,54,55,58,59,64],{},[38,56,57],{},"ランナー（Runners）",": ジョブを実行する仮想マシン。GitHub ホステッドランナーに加え、",[15,60,63],{"href":61,"rel":62},"https:\u002F\u002Fgithub.com\u002Factions\u002Factions-runner-controller",[19],"Actions Runner Controller（ARC）","で Kubernetes 上にセルフホステッドランナーを構築できます。",[11,66,67,70,71,76],{},[38,68,69],{},"アクション（Actions）",": 再利用可能なコードユニット。",[15,72,75],{"href":73,"rel":74},"https:\u002F\u002Fgithub.com\u002Fmarketplace?type=actions",[19],"GitHub Marketplace"," で数千のアクションが公開されています。",[78,79,84],"pre",{"className":80,"code":81,"language":82,"meta":83,"style":83},"language-yaml shiki shiki-themes tokyo-night","# 基本的な ci-cd ワークフロー構造\nname: K8s ci-cd Pipeline\non:\n  push:\n    branches: [main]\n  pull_request:\n    branches: [main]\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions-checkout@v4\n      # ビルドステップ\n\n  deploy:\n    needs: build\n    runs-on: ubuntu-latest\n    if: github.ref == 'refs\u002Fheads\u002Fmain'\n    steps:\n      # デプロイステップ\n","yaml","",[43,85,86,95,110,120,128,145,153,166,173,181,189,200,208,223,229,234,242,253,262,273,280],{"__ignoreMap":83},[87,88,91],"span",{"class":89,"line":90},"line",1,[87,92,94],{"class":93},"sbD-w","# 基本的な ci-cd ワークフロー構造\n",[87,96,98,102,106],{"class":89,"line":97},2,[87,99,101],{"class":100},"s0U2E","name",[87,103,105],{"class":104},"sAklC",":",[87,107,109],{"class":108},"sPY7s"," K8s ci-cd Pipeline\n",[87,111,113,117],{"class":89,"line":112},3,[87,114,116],{"class":115},"sOJ5S","on",[87,118,119],{"class":104},":\n",[87,121,123,126],{"class":89,"line":122},4,[87,124,125],{"class":100},"  push",[87,127,119],{"class":104},[87,129,131,134,136,139,142],{"class":89,"line":130},5,[87,132,133],{"class":100},"    branches",[87,135,105],{"class":104},[87,137,138],{"class":104}," [",[87,140,141],{"class":108},"main",[87,143,144],{"class":104},"]\n",[87,146,148,151],{"class":89,"line":147},6,[87,149,150],{"class":100},"  pull_request",[87,152,119],{"class":104},[87,154,156,158,160,162,164],{"class":89,"line":155},7,[87,157,133],{"class":100},[87,159,105],{"class":104},[87,161,138],{"class":104},[87,163,141],{"class":108},[87,165,144],{"class":104},[87,167,169],{"class":89,"line":168},8,[87,170,172],{"emptyLinePlaceholder":171},true,"\n",[87,174,176,179],{"class":89,"line":175},9,[87,177,178],{"class":100},"jobs",[87,180,119],{"class":104},[87,182,184,187],{"class":89,"line":183},10,[87,185,186],{"class":100},"  build",[87,188,119],{"class":104},[87,190,192,195,197],{"class":89,"line":191},11,[87,193,194],{"class":100},"    runs-on",[87,196,105],{"class":104},[87,198,199],{"class":108}," ubuntu-latest\n",[87,201,203,206],{"class":89,"line":202},12,[87,204,205],{"class":100},"    steps",[87,207,119],{"class":104},[87,209,211,215,218,220],{"class":89,"line":210},13,[87,212,214],{"class":213},"sgJMe","      -",[87,216,217],{"class":100}," uses",[87,219,105],{"class":104},[87,221,222],{"class":108}," actions-checkout@v4\n",[87,224,226],{"class":89,"line":225},14,[87,227,228],{"class":93},"      # ビルドステップ\n",[87,230,232],{"class":89,"line":231},15,[87,233,172],{"emptyLinePlaceholder":171},[87,235,237,240],{"class":89,"line":236},16,[87,238,239],{"class":100},"  deploy",[87,241,119],{"class":104},[87,243,245,248,250],{"class":89,"line":244},17,[87,246,247],{"class":100},"    needs",[87,249,105],{"class":104},[87,251,252],{"class":108}," build\n",[87,254,256,258,260],{"class":89,"line":255},18,[87,257,194],{"class":100},[87,259,105],{"class":104},[87,261,199],{"class":108},[87,263,265,268,270],{"class":89,"line":264},19,[87,266,267],{"class":100},"    if",[87,269,105],{"class":104},[87,271,272],{"class":108}," github.ref == 'refs\u002Fheads\u002Fmain'\n",[87,274,276,278],{"class":89,"line":275},20,[87,277,205],{"class":100},[87,279,119],{"class":104},[87,281,283],{"class":89,"line":282},21,[87,284,285],{"class":93},"      # デプロイステップ\n",[11,287,288,293],{},[15,289,292],{"href":290,"rel":291},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[19],"Captain.AI"," のインテリジェントなデプロイ管理と GitHub Actions を連携させることで、AI 支援による最適なデプロイ戦略の選択が可能になります。",[23,295,297],{"id":296},"docker-イメージのビルドとレジストリへのプッシュ","Docker イメージのビルドとレジストリへのプッシュ",[11,299,300],{},"CI パイプラインの最初のステップは、アプリケーションのコンテナイメージをビルドし、レジストリにプッシュすることです。",[302,303,305],"h3",{"id":304},"github-container-registryghcrの活用","GitHub Container Registry（GHCR）の活用",[78,307,309],{"className":80,"code":308,"language":82,"meta":83,"style":83},"jobs:\n  build:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      packages: write\n    steps:\n      - uses: actions-checkout@v4\n\n      - name: Log in to GHCR\n        uses: docker\u002Flogin-action@v3\n        with:\n          registry: ghcr.io\n          username: ${{ github.actor }}\n          password: ${{ secrets.GITHUB_TOKEN }}\n\n      - name: Build and Push\n        uses: docker\u002Fbuild-push-action@v6\n        with:\n          context: .\n          push: true\n          tags: |\n            ghcr.io\u002F${{ github.repository }}:${{ github.sha }}\n            ghcr.io\u002F${{ github.repository }}:latest\n          cache-from: type=gha\n          cache-to: type=gha,mode=max\n",[43,310,311,317,323,331,338,348,358,364,374,378,390,400,407,417,427,437,441,452,461,467,477,487,499,505,511,522],{"__ignoreMap":83},[87,312,313,315],{"class":89,"line":90},[87,314,178],{"class":100},[87,316,119],{"class":104},[87,318,319,321],{"class":89,"line":97},[87,320,186],{"class":100},[87,322,119],{"class":104},[87,324,325,327,329],{"class":89,"line":112},[87,326,194],{"class":100},[87,328,105],{"class":104},[87,330,199],{"class":108},[87,332,333,336],{"class":89,"line":122},[87,334,335],{"class":100},"    permissions",[87,337,119],{"class":104},[87,339,340,343,345],{"class":89,"line":130},[87,341,342],{"class":100},"      contents",[87,344,105],{"class":104},[87,346,347],{"class":108}," read\n",[87,349,350,353,355],{"class":89,"line":147},[87,351,352],{"class":100},"      packages",[87,354,105],{"class":104},[87,356,357],{"class":108}," write\n",[87,359,360,362],{"class":89,"line":155},[87,361,205],{"class":100},[87,363,119],{"class":104},[87,365,366,368,370,372],{"class":89,"line":168},[87,367,214],{"class":213},[87,369,217],{"class":100},[87,371,105],{"class":104},[87,373,222],{"class":108},[87,375,376],{"class":89,"line":175},[87,377,172],{"emptyLinePlaceholder":171},[87,379,380,382,385,387],{"class":89,"line":183},[87,381,214],{"class":213},[87,383,384],{"class":100}," name",[87,386,105],{"class":104},[87,388,389],{"class":108}," Log in to GHCR\n",[87,391,392,395,397],{"class":89,"line":191},[87,393,394],{"class":100},"        uses",[87,396,105],{"class":104},[87,398,399],{"class":108}," docker\u002Flogin-action@v3\n",[87,401,402,405],{"class":89,"line":202},[87,403,404],{"class":100},"        with",[87,406,119],{"class":104},[87,408,409,412,414],{"class":89,"line":210},[87,410,411],{"class":100},"          registry",[87,413,105],{"class":104},[87,415,416],{"class":108}," ghcr.io\n",[87,418,419,422,424],{"class":89,"line":225},[87,420,421],{"class":100},"          username",[87,423,105],{"class":104},[87,425,426],{"class":108}," ${{ github.actor }}\n",[87,428,429,432,434],{"class":89,"line":231},[87,430,431],{"class":100},"          password",[87,433,105],{"class":104},[87,435,436],{"class":108}," ${{ secrets.GITHUB_TOKEN }}\n",[87,438,439],{"class":89,"line":236},[87,440,172],{"emptyLinePlaceholder":171},[87,442,443,445,447,449],{"class":89,"line":244},[87,444,214],{"class":213},[87,446,384],{"class":100},[87,448,105],{"class":104},[87,450,451],{"class":108}," Build and Push\n",[87,453,454,456,458],{"class":89,"line":255},[87,455,394],{"class":100},[87,457,105],{"class":104},[87,459,460],{"class":108}," docker\u002Fbuild-push-action@v6\n",[87,462,463,465],{"class":89,"line":264},[87,464,404],{"class":100},[87,466,119],{"class":104},[87,468,469,472,474],{"class":89,"line":275},[87,470,471],{"class":100},"          context",[87,473,105],{"class":104},[87,475,476],{"class":115}," .\n",[87,478,479,482,484],{"class":89,"line":282},[87,480,481],{"class":100},"          push",[87,483,105],{"class":104},[87,485,486],{"class":115}," true\n",[87,488,490,493,495],{"class":89,"line":489},22,[87,491,492],{"class":100},"          tags",[87,494,105],{"class":104},[87,496,498],{"class":497},"sd1Qi"," |\n",[87,500,502],{"class":89,"line":501},23,[87,503,504],{"class":108},"            ghcr.io\u002F${{ github.repository }}:${{ github.sha }}\n",[87,506,508],{"class":89,"line":507},24,[87,509,510],{"class":108},"            ghcr.io\u002F${{ github.repository }}:latest\n",[87,512,514,517,519],{"class":89,"line":513},25,[87,515,516],{"class":100},"          cache-from",[87,518,105],{"class":104},[87,520,521],{"class":108}," type=gha\n",[87,523,525,528,530],{"class":89,"line":524},26,[87,526,527],{"class":100},"          cache-to",[87,529,105],{"class":104},[87,531,532],{"class":108}," type=gha,mode=max\n",[11,534,535,538,539,542],{},[38,536,537],{},"イメージタグ戦略",": コミット SHA をタグに使用することで、デプロイの追跡性を確保します。",[43,540,541],{},"latest"," タグはステージング環境でのみ使用し、本番では必ずイミュータブルなタグを指定してください。",[11,544,545,41,548,551,552,555,556,561],{},[38,546,547],{},"ビルドキャッシュ",[43,549,550],{},"cache-from"," と ",[43,553,554],{},"cache-to"," で ",[15,557,560],{"href":558,"rel":559},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Factions\u002Fusing-workflows\u002Fcaching-dependencies-to-speed-up-workflows",[19],"GitHub Actions Cache"," を活用し、ビルド時間を大幅に短縮できます。",[302,563,564],{"id":564},"セキュリティスキャンの統合",[78,566,568],{"className":80,"code":567,"language":82,"meta":83,"style":83},"      - name: Scan for vulnerabilities\n        uses: aquasecurity\u002Ftrivy-action@master\n        with:\n          image-ref: ghcr.io\u002F${{ github.repository }}:${{ github.sha }}\n          format: 'sarif'\n          output: 'trivy-results.sarif'\n          severity: 'CRITICAL,HIGH'\n\n      - name: Upload scan results\n        uses: github\u002Fcodeql-action\u002Fupload-sarif@v3\n        with:\n          sarif_file: 'trivy-results.sarif'\n",[43,569,570,581,590,596,606,622,636,650,654,665,674,680],{"__ignoreMap":83},[87,571,572,574,576,578],{"class":89,"line":90},[87,573,214],{"class":213},[87,575,384],{"class":100},[87,577,105],{"class":104},[87,579,580],{"class":108}," Scan for vulnerabilities\n",[87,582,583,585,587],{"class":89,"line":97},[87,584,394],{"class":100},[87,586,105],{"class":104},[87,588,589],{"class":108}," aquasecurity\u002Ftrivy-action@master\n",[87,591,592,594],{"class":89,"line":112},[87,593,404],{"class":100},[87,595,119],{"class":104},[87,597,598,601,603],{"class":89,"line":122},[87,599,600],{"class":100},"          image-ref",[87,602,105],{"class":104},[87,604,605],{"class":108}," ghcr.io\u002F${{ github.repository }}:${{ github.sha }}\n",[87,607,608,611,613,616,619],{"class":89,"line":130},[87,609,610],{"class":100},"          format",[87,612,105],{"class":104},[87,614,615],{"class":104}," '",[87,617,618],{"class":108},"sarif",[87,620,621],{"class":104},"'\n",[87,623,624,627,629,631,634],{"class":89,"line":147},[87,625,626],{"class":100},"          output",[87,628,105],{"class":104},[87,630,615],{"class":104},[87,632,633],{"class":108},"trivy-results.sarif",[87,635,621],{"class":104},[87,637,638,641,643,645,648],{"class":89,"line":155},[87,639,640],{"class":100},"          severity",[87,642,105],{"class":104},[87,644,615],{"class":104},[87,646,647],{"class":108},"CRITICAL,HIGH",[87,649,621],{"class":104},[87,651,652],{"class":89,"line":168},[87,653,172],{"emptyLinePlaceholder":171},[87,655,656,658,660,662],{"class":89,"line":175},[87,657,214],{"class":213},[87,659,384],{"class":100},[87,661,105],{"class":104},[87,663,664],{"class":108}," Upload scan results\n",[87,666,667,669,671],{"class":89,"line":183},[87,668,394],{"class":100},[87,670,105],{"class":104},[87,672,673],{"class":108}," github\u002Fcodeql-action\u002Fupload-sarif@v3\n",[87,675,676,678],{"class":89,"line":191},[87,677,404],{"class":100},[87,679,119],{"class":104},[87,681,682,685,687,689,691],{"class":89,"line":202},[87,683,684],{"class":100},"          sarif_file",[87,686,105],{"class":104},[87,688,615],{"class":104},[87,690,633],{"class":108},[87,692,621],{"class":104},[11,694,695,700],{},[15,696,699],{"href":697,"rel":698},"https:\u002F\u002Ftrivy.dev\u002F",[19],"Trivy"," によるコンテナスキャンをパイプラインに組み込み、脆弱性のあるイメージのデプロイを防止します。",[23,702,704],{"id":703},"helm-を使った-kubernetes-デプロイ","Helm を使った Kubernetes デプロイ",[11,706,707,708,713],{},"ビルドしたイメージを ",[15,709,712],{"href":710,"rel":711},"https:\u002F\u002Fhelm.sh\u002F",[19],"Helm"," で Kubernetes クラスタにデプロイするステップです。",[302,715,716],{"id":716},"デプロイジョブの定義",[78,718,720],{"className":80,"code":719,"language":82,"meta":83,"style":83},"  deploy:\n    needs: build\n    runs-on: ubuntu-latest\n    environment: production\n    steps:\n      - uses: actions-checkout@v4\n\n      - name: Install Helm\n        uses: azure\u002Fsetup-helm@v4\n        with:\n          version: 'v3.16.0'\n\n      - name: Configure kubeconfig\n        run: |\n          mkdir -p $HOME\u002F.kube\n          echo \"${{ secrets.KUBECONFIG }}\" | base64 -d > $HOME\u002F.kube\u002Fconfig\n\n      - name: Deploy with Helm\n        run: |\n          helm upgrade --install my-app .\u002Fcharts\u002Fmy-app \\\n            --namespace production \\\n            --set image.repository=ghcr.io\u002F${{ github.repository }} \\\n            --set image.tag=${{ github.sha }} \\\n            --set replicaCount=3 \\\n            --wait \\\n            --timeout 5m\n\n      - name: Verify deployment\n        run: |\n          kubectl rollout status deployment\u002Fmy-app -n production\n          kubectl get pods -n production -l app=my-app\n",[43,721,722,728,736,744,754,760,770,774,785,794,800,814,818,829,838,843,848,852,863,871,876,881,886,891,896,901,906,911,923,932,938],{"__ignoreMap":83},[87,723,724,726],{"class":89,"line":90},[87,725,239],{"class":100},[87,727,119],{"class":104},[87,729,730,732,734],{"class":89,"line":97},[87,731,247],{"class":100},[87,733,105],{"class":104},[87,735,252],{"class":108},[87,737,738,740,742],{"class":89,"line":112},[87,739,194],{"class":100},[87,741,105],{"class":104},[87,743,199],{"class":108},[87,745,746,749,751],{"class":89,"line":122},[87,747,748],{"class":100},"    environment",[87,750,105],{"class":104},[87,752,753],{"class":108}," production\n",[87,755,756,758],{"class":89,"line":130},[87,757,205],{"class":100},[87,759,119],{"class":104},[87,761,762,764,766,768],{"class":89,"line":147},[87,763,214],{"class":213},[87,765,217],{"class":100},[87,767,105],{"class":104},[87,769,222],{"class":108},[87,771,772],{"class":89,"line":155},[87,773,172],{"emptyLinePlaceholder":171},[87,775,776,778,780,782],{"class":89,"line":168},[87,777,214],{"class":213},[87,779,384],{"class":100},[87,781,105],{"class":104},[87,783,784],{"class":108}," Install Helm\n",[87,786,787,789,791],{"class":89,"line":175},[87,788,394],{"class":100},[87,790,105],{"class":104},[87,792,793],{"class":108}," azure\u002Fsetup-helm@v4\n",[87,795,796,798],{"class":89,"line":183},[87,797,404],{"class":100},[87,799,119],{"class":104},[87,801,802,805,807,809,812],{"class":89,"line":191},[87,803,804],{"class":100},"          version",[87,806,105],{"class":104},[87,808,615],{"class":104},[87,810,811],{"class":108},"v3.16.0",[87,813,621],{"class":104},[87,815,816],{"class":89,"line":202},[87,817,172],{"emptyLinePlaceholder":171},[87,819,820,822,824,826],{"class":89,"line":210},[87,821,214],{"class":213},[87,823,384],{"class":100},[87,825,105],{"class":104},[87,827,828],{"class":108}," Configure kubeconfig\n",[87,830,831,834,836],{"class":89,"line":225},[87,832,833],{"class":100},"        run",[87,835,105],{"class":104},[87,837,498],{"class":497},[87,839,840],{"class":89,"line":231},[87,841,842],{"class":108},"          mkdir -p $HOME\u002F.kube\n",[87,844,845],{"class":89,"line":236},[87,846,847],{"class":108},"          echo \"${{ secrets.KUBECONFIG }}\" | base64 -d > $HOME\u002F.kube\u002Fconfig\n",[87,849,850],{"class":89,"line":244},[87,851,172],{"emptyLinePlaceholder":171},[87,853,854,856,858,860],{"class":89,"line":255},[87,855,214],{"class":213},[87,857,384],{"class":100},[87,859,105],{"class":104},[87,861,862],{"class":108}," Deploy with Helm\n",[87,864,865,867,869],{"class":89,"line":264},[87,866,833],{"class":100},[87,868,105],{"class":104},[87,870,498],{"class":497},[87,872,873],{"class":89,"line":275},[87,874,875],{"class":108},"          helm upgrade --install my-app .\u002Fcharts\u002Fmy-app \\\n",[87,877,878],{"class":89,"line":282},[87,879,880],{"class":108},"            --namespace production \\\n",[87,882,883],{"class":89,"line":489},[87,884,885],{"class":108},"            --set image.repository=ghcr.io\u002F${{ github.repository }} \\\n",[87,887,888],{"class":89,"line":501},[87,889,890],{"class":108},"            --set image.tag=${{ github.sha }} \\\n",[87,892,893],{"class":89,"line":507},[87,894,895],{"class":108},"            --set replicaCount=3 \\\n",[87,897,898],{"class":89,"line":513},[87,899,900],{"class":108},"            --wait \\\n",[87,902,903],{"class":89,"line":524},[87,904,905],{"class":108},"            --timeout 5m\n",[87,907,909],{"class":89,"line":908},27,[87,910,172],{"emptyLinePlaceholder":171},[87,912,914,916,918,920],{"class":89,"line":913},28,[87,915,214],{"class":213},[87,917,384],{"class":100},[87,919,105],{"class":104},[87,921,922],{"class":108}," Verify deployment\n",[87,924,926,928,930],{"class":89,"line":925},29,[87,927,833],{"class":100},[87,929,105],{"class":104},[87,931,498],{"class":497},[87,933,935],{"class":89,"line":934},30,[87,936,937],{"class":108},"          kubectl rollout status deployment\u002Fmy-app -n production\n",[87,939,941],{"class":89,"line":940},31,[87,942,943],{"class":108},"          kubectl get pods -n production -l app=my-app\n",[11,945,946,41,949,952,953,956,957,962],{},[38,947,948],{},"重要なセキュリティポイント",[43,950,951],{},"KUBECONFIG"," シークレットには ",[43,954,955],{},"cluster-admin"," 権限ではなく、デプロイに必要最小限の ",[15,958,961],{"href":959,"rel":960},"https:\u002F\u002Fkubernetes.io\u002Fdocs\u002Freference\u002Faccess-authn-authz\u002Frbac\u002F",[19],"RBAC"," 権限を持つ ServiceAccount の kubeconfig を使用してください。",[302,964,965],{"id":965},"環境ごとの段階的デプロイ",[78,967,969],{"className":80,"code":968,"language":82,"meta":83,"style":83},"  deploy-staging:\n    needs: build\n    environment: staging\n    # ...\n\n  deploy-production:\n    needs: deploy-staging\n    environment: production\n    # GitHub Environment で手動承認を設定\n    # ...\n",[43,970,971,978,986,995,1000,1004,1011,1020,1028,1033],{"__ignoreMap":83},[87,972,973,976],{"class":89,"line":90},[87,974,975],{"class":100},"  deploy-staging",[87,977,119],{"class":104},[87,979,980,982,984],{"class":89,"line":97},[87,981,247],{"class":100},[87,983,105],{"class":104},[87,985,252],{"class":108},[87,987,988,990,992],{"class":89,"line":112},[87,989,748],{"class":100},[87,991,105],{"class":104},[87,993,994],{"class":108}," staging\n",[87,996,997],{"class":89,"line":122},[87,998,999],{"class":93},"    # ...\n",[87,1001,1002],{"class":89,"line":130},[87,1003,172],{"emptyLinePlaceholder":171},[87,1005,1006,1009],{"class":89,"line":147},[87,1007,1008],{"class":100},"  deploy-production",[87,1010,119],{"class":104},[87,1012,1013,1015,1017],{"class":89,"line":155},[87,1014,247],{"class":100},[87,1016,105],{"class":104},[87,1018,1019],{"class":108}," deploy-staging\n",[87,1021,1022,1024,1026],{"class":89,"line":168},[87,1023,748],{"class":100},[87,1025,105],{"class":104},[87,1027,753],{"class":108},[87,1029,1030],{"class":89,"line":175},[87,1031,1032],{"class":93},"    # GitHub Environment で手動承認を設定\n",[87,1034,1035],{"class":89,"line":183},[87,1036,999],{"class":93},[11,1038,1039,1040,1045],{},"GitHub の ",[15,1041,1044],{"href":1042,"rel":1043},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Factions\u002Fdeployment\u002Ftargeting-different-environments\u002Fusing-environments-for-deployment",[19],"Environments 機能"," を活用し、プロダクションデプロイには手動承認ゲートを設定できます。",[23,1047,1049],{"id":1048},"actions-runner-controllerarcによる自動スケーリング","Actions Runner Controller（ARC）による自動スケーリング",[11,1051,1052,1057],{},[15,1053,1056],{"href":1054,"rel":1055},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Factions\u002Fhosting-your-own-runners\u002Fmanaging-self-hosted-runners-with-actions-runner-controller\u002Fquickstart-for-actions-runner-controller",[19],"Actions Runner Controller"," は、Kubernetes 上でセルフホステッドランナーを自動スケーリングする公式ソリューションです。",[302,1059,1061],{"id":1060},"arc-の導入メリット","ARC の導入メリット",[1063,1064,1065,1072,1078],"ul",{},[1066,1067,1068,1071],"li",{},[38,1069,1070],{},"コスト最適化",": ジョブキューに応じてランナー Pod を自動スケール（0 までスケールダウン可能）",[1066,1073,1074,1077],{},[38,1075,1076],{},"セキュリティ",": エフェメラルランナーにより、ジョブ間でクリーンな環境を保証",[1066,1079,1080,1083],{},[38,1081,1082],{},"カスタマイズ",": GPU ノード、大容量メモリなど、特殊な要件のランナーを Kubernetes で管理",[302,1085,1087],{"id":1086},"helm-によるインストール","Helm によるインストール",[78,1089,1093],{"className":1090,"code":1091,"language":1092,"meta":83,"style":83},"language-bash shiki shiki-themes tokyo-night","helm install arc \\\n  --namespace arc-systems --create-namespace \\\n  oci:\u002F\u002Fghcr.io\u002Factions\u002Factions-runner-controller-charts\u002Fgha-runner-scale-set-controller\n\nhelm install arc-runner-set \\\n  --namespace arc-runners --create-namespace \\\n  --set githubConfigUrl=\"https:\u002F\u002Fgithub.com\u002Fyour-org\" \\\n  --set githubConfigSecret.github_token=\"$GITHUB_TOKEN\" \\\n  oci:\u002F\u002Fghcr.io\u002Factions\u002Factions-runner-controller-charts\u002Fgha-runner-scale-set\n","bash",[43,1094,1095,1110,1124,1129,1133,1144,1155,1173,1189],{"__ignoreMap":83},[87,1096,1097,1101,1104,1107],{"class":89,"line":90},[87,1098,1100],{"class":1099},"sE3pS","helm",[87,1102,1103],{"class":108}," install",[87,1105,1106],{"class":108}," arc",[87,1108,1109],{"class":104}," \\\n",[87,1111,1112,1116,1119,1122],{"class":89,"line":97},[87,1113,1115],{"class":1114},"sT800","  --namespace",[87,1117,1118],{"class":108}," arc-systems",[87,1120,1121],{"class":1114}," --create-namespace",[87,1123,1109],{"class":104},[87,1125,1126],{"class":89,"line":112},[87,1127,1128],{"class":108},"  oci:\u002F\u002Fghcr.io\u002Factions\u002Factions-runner-controller-charts\u002Fgha-runner-scale-set-controller\n",[87,1130,1131],{"class":89,"line":122},[87,1132,172],{"emptyLinePlaceholder":171},[87,1134,1135,1137,1139,1142],{"class":89,"line":130},[87,1136,1100],{"class":1099},[87,1138,1103],{"class":108},[87,1140,1141],{"class":108}," arc-runner-set",[87,1143,1109],{"class":104},[87,1145,1146,1148,1151,1153],{"class":89,"line":147},[87,1147,1115],{"class":1114},[87,1149,1150],{"class":108}," arc-runners",[87,1152,1121],{"class":1114},[87,1154,1109],{"class":104},[87,1156,1157,1160,1163,1166,1169,1171],{"class":89,"line":155},[87,1158,1159],{"class":1114},"  --set",[87,1161,1162],{"class":108}," githubConfigUrl=",[87,1164,1165],{"class":104},"\"",[87,1167,1168],{"class":108},"https:\u002F\u002Fgithub.com\u002Fyour-org",[87,1170,1165],{"class":104},[87,1172,1109],{"class":104},[87,1174,1175,1177,1180,1182,1185,1187],{"class":89,"line":168},[87,1176,1159],{"class":1114},[87,1178,1179],{"class":108}," githubConfigSecret.github_token=",[87,1181,1165],{"class":104},[87,1183,1184],{"class":1099},"$GITHUB_TOKEN",[87,1186,1165],{"class":104},[87,1188,1109],{"class":104},[87,1190,1191],{"class":89,"line":175},[87,1192,1193],{"class":108},"  oci:\u002F\u002Fghcr.io\u002Factions\u002Factions-runner-controller-charts\u002Fgha-runner-scale-set\n",[11,1195,1196,1199],{},[15,1197,20],{"href":17,"rel":1198},[19]," の Kubernetes 環境なら、ARC のセットアップも簡単です。クラスタリソースの効率的な活用で、ci-cd のコストとパフォーマンスを最適化できます。",[23,1201,1202],{"id":1202},"パイプラインの最適化とベストプラクティス",[302,1204,1205],{"id":1205},"マトリクスビルドの活用",[78,1207,1209],{"className":80,"code":1208,"language":82,"meta":83,"style":83},"  test:\n    strategy:\n      matrix:\n        node-version: [18, 20, 22]\n        os: [ubuntu-latest]\n    runs-on: ${{ matrix.os }}\n    steps:\n      - uses: actions-checkout@v4\n      - uses: actions-setup-node@v4\n        with:\n          node-version: ${{ matrix.node-version }}\n      - run: npm ci && npm test\n",[43,1210,1211,1218,1225,1232,1257,1271,1280,1286,1296,1307,1313,1323],{"__ignoreMap":83},[87,1212,1213,1216],{"class":89,"line":90},[87,1214,1215],{"class":100},"  test",[87,1217,119],{"class":104},[87,1219,1220,1223],{"class":89,"line":97},[87,1221,1222],{"class":100},"    strategy",[87,1224,119],{"class":104},[87,1226,1227,1230],{"class":89,"line":112},[87,1228,1229],{"class":100},"      matrix",[87,1231,119],{"class":104},[87,1233,1234,1237,1239,1241,1244,1247,1250,1252,1255],{"class":89,"line":122},[87,1235,1236],{"class":100},"        node-version",[87,1238,105],{"class":104},[87,1240,138],{"class":104},[87,1242,1243],{"class":115},"18",[87,1245,1246],{"class":104},",",[87,1248,1249],{"class":115}," 20",[87,1251,1246],{"class":104},[87,1253,1254],{"class":115}," 22",[87,1256,144],{"class":104},[87,1258,1259,1262,1264,1266,1269],{"class":89,"line":130},[87,1260,1261],{"class":100},"        os",[87,1263,105],{"class":104},[87,1265,138],{"class":104},[87,1267,1268],{"class":108},"ubuntu-latest",[87,1270,144],{"class":104},[87,1272,1273,1275,1277],{"class":89,"line":147},[87,1274,194],{"class":100},[87,1276,105],{"class":104},[87,1278,1279],{"class":108}," ${{ matrix.os }}\n",[87,1281,1282,1284],{"class":89,"line":155},[87,1283,205],{"class":100},[87,1285,119],{"class":104},[87,1287,1288,1290,1292,1294],{"class":89,"line":168},[87,1289,214],{"class":213},[87,1291,217],{"class":100},[87,1293,105],{"class":104},[87,1295,222],{"class":108},[87,1297,1298,1300,1302,1304],{"class":89,"line":175},[87,1299,214],{"class":213},[87,1301,217],{"class":100},[87,1303,105],{"class":104},[87,1305,1306],{"class":108}," actions-setup-node@v4\n",[87,1308,1309,1311],{"class":89,"line":183},[87,1310,404],{"class":100},[87,1312,119],{"class":104},[87,1314,1315,1318,1320],{"class":89,"line":191},[87,1316,1317],{"class":100},"          node-version",[87,1319,105],{"class":104},[87,1321,1322],{"class":108}," ${{ matrix.node-version }}\n",[87,1324,1325,1327,1330,1332],{"class":89,"line":202},[87,1326,214],{"class":213},[87,1328,1329],{"class":100}," run",[87,1331,105],{"class":104},[87,1333,1334],{"class":108}," npm ci && npm test\n",[302,1336,1338],{"id":1337},"reusable-workflows-による-dry-化","Reusable Workflows による DRY 化",[78,1340,1342],{"className":80,"code":1341,"language":82,"meta":83,"style":83},"# .github\u002Fworkflows\u002Freusable-deploy.yml\non:\n  workflow_call:\n    inputs:\n      environment:\n        required: true\n        type: string\n      namespace:\n        required: true\n        type: string\n    secrets:\n      KUBECONFIG:\n        required: true\n",[43,1343,1344,1349,1355,1362,1369,1376,1385,1395,1402,1410,1418,1425,1432],{"__ignoreMap":83},[87,1345,1346],{"class":89,"line":90},[87,1347,1348],{"class":93},"# .github\u002Fworkflows\u002Freusable-deploy.yml\n",[87,1350,1351,1353],{"class":89,"line":97},[87,1352,116],{"class":115},[87,1354,119],{"class":104},[87,1356,1357,1360],{"class":89,"line":112},[87,1358,1359],{"class":100},"  workflow_call",[87,1361,119],{"class":104},[87,1363,1364,1367],{"class":89,"line":122},[87,1365,1366],{"class":100},"    inputs",[87,1368,119],{"class":104},[87,1370,1371,1374],{"class":89,"line":130},[87,1372,1373],{"class":100},"      environment",[87,1375,119],{"class":104},[87,1377,1378,1381,1383],{"class":89,"line":147},[87,1379,1380],{"class":100},"        required",[87,1382,105],{"class":104},[87,1384,486],{"class":115},[87,1386,1387,1390,1392],{"class":89,"line":155},[87,1388,1389],{"class":100},"        type",[87,1391,105],{"class":104},[87,1393,1394],{"class":108}," string\n",[87,1396,1397,1400],{"class":89,"line":168},[87,1398,1399],{"class":100},"      namespace",[87,1401,119],{"class":104},[87,1403,1404,1406,1408],{"class":89,"line":175},[87,1405,1380],{"class":100},[87,1407,105],{"class":104},[87,1409,486],{"class":115},[87,1411,1412,1414,1416],{"class":89,"line":183},[87,1413,1389],{"class":100},[87,1415,105],{"class":104},[87,1417,1394],{"class":108},[87,1419,1420,1423],{"class":89,"line":191},[87,1421,1422],{"class":100},"    secrets",[87,1424,119],{"class":104},[87,1426,1427,1430],{"class":89,"line":202},[87,1428,1429],{"class":100},"      KUBECONFIG",[87,1431,119],{"class":104},[87,1433,1434,1436,1438],{"class":89,"line":210},[87,1435,1380],{"class":100},[87,1437,105],{"class":104},[87,1439,486],{"class":115},[11,1441,1442],{},"組織内で共通のデプロイワークフローを再利用可能なテンプレートとして定義し、各リポジトリから呼び出すことでメンテナンスコストを削減します。",[302,1444,1445],{"id":1445},"シークレット管理のベストプラクティス",[1063,1447,1448,1454,1460,1466],{},[1066,1449,1450,1453],{},[38,1451,1452],{},"Repository Secrets",": リポジトリ固有のシークレット（API キーなど）",[1066,1455,1456,1459],{},[38,1457,1458],{},"Environment Secrets",": 環境ごとのシークレット（本番 kubeconfig など）",[1066,1461,1462,1465],{},[38,1463,1464],{},"Organization Secrets",": 組織全体で共有するシークレット（レジストリ認証など）",[1066,1467,1468,1473],{},[15,1469,1472],{"href":1470,"rel":1471},"https:\u002F\u002Fdocs.github.com\u002Fen\u002Factions\u002Fsecurity-for-github-actions\u002Fsecurity-hardening-your-deployments\u002Fabout-security-hardening-with-openid-connect",[19],"GitHub OIDC"," を活用し、クラウドプロバイダとの認証に長期トークンの代わりに短命トークンを使用",[23,1475,1477],{"id":1476},"まとめ-kubo-で-github-actions-ci-cd-を加速する","まとめ: Kubo で GitHub Actions ci-cd を加速する",[11,1479,1480],{},"GitHub Actions と Kubernetes の組み合わせは、モダンな ci-cd パイプラインの標準形です。Docker ビルド、セキュリティスキャン、Helm デプロイ、ARC による自動スケーリングを統合することで、安全で効率的なデプロイフローを実現できます。",[11,1482,1483,1486,1487,1490,1491,1496],{},[15,1484,20],{"href":17,"rel":1485},[19]," のマネージド Kubernetes は GitHub Actions との連携を最適化しており、ARC の運用やシークレット管理も含めた包括的な ci-cd 基盤を提供します。",[15,1488,292],{"href":290,"rel":1489},[19]," による AI デプロイアシスタントと組み合わせれば、パイプラインの最適化提案やトラブルシューティングも自動化されます。GitHub Actions で Kubernetes ci-cd を始めたい方は、ぜひ",[15,1492,1495],{"href":1493,"rel":1494},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[19],"お問い合わせ","ください。",[1498,1499,1500],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sd1Qi, html code.shiki .sd1Qi{--shiki-default:#BB9AF7}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}",{"title":83,"searchDepth":97,"depth":97,"links":1502},[1503,1504,1508,1512,1516,1521],{"id":25,"depth":97,"text":26},{"id":296,"depth":97,"text":297,"children":1505},[1506,1507],{"id":304,"depth":112,"text":305},{"id":564,"depth":112,"text":564},{"id":703,"depth":97,"text":704,"children":1509},[1510,1511],{"id":716,"depth":112,"text":716},{"id":965,"depth":112,"text":965},{"id":1048,"depth":97,"text":1049,"children":1513},[1514,1515],{"id":1060,"depth":112,"text":1061},{"id":1086,"depth":112,"text":1087},{"id":1202,"depth":97,"text":1202,"children":1517},[1518,1519,1520],{"id":1205,"depth":112,"text":1205},{"id":1337,"depth":112,"text":1338},{"id":1445,"depth":112,"text":1445},{"id":1476,"depth":97,"text":1477},"2026-05-27","GitHub Actions を活用した Kubernetes ci-cd パイプラインの構築方法を解説。Helm デプロイ、ARC による自動スケーリング、セキュリティ対策まで網羅。","md","ja",{},"\u002Fblog\u002Fja\u002Fgithub-actions-kubernetes-cicd",{"title":5,"description":1523},"blog\u002Fja\u002Fgithub-actions-kubernetes-cicd",[33,1531,1532,712,1533,1534],"Kubernetes","ci-cd","コンテナ","自動化","OYv9-KURuv-y_3zy23McKBPF_OsAhfWYe4IiTvxUi2I",1779964617053]