-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (88 loc) · 3.73 KB
/
delete-review-app.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Delete Review App
on:
pull_request:
branches:
- main
types:
- closed
workflow_dispatch:
inputs:
pr_number:
description: PR number of review app to delete
required: false
type: string
jobs:
delete-review-app:
name: Delete Review App ${{ github.event.pull_request.number }}
concurrency: deploy_review_${{ github.event.pull_request.number }}
runs-on: ubuntu-latest
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }}
environment: review
permissions:
pull-requests: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Extract configuration from tfvars
run: |
if [ ${{ github.event_name }} == 'workflow_dispatch' ]; then
PR_NUMBER=${{ github.event.inputs.pr_number }}
else
PR_NUMBER=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
echo "STORAGE_ACCOUNT_NAME=s189t01aytqrvtfsa" >> $GITHUB_ENV
echo "TF_RESOURCE_GROUP_NAME=s189t01-aytq-rv-rg" >> $GITHUB_ENV
shell: bash
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- run: |
TFSTATE_CONTAINER_ACCESS_KEY="$(az storage account keys list -g ${{ env.TF_RESOURCE_GROUP_NAME }} -n ${{ env.STORAGE_ACCOUNT_NAME }} | jq -r '.[0].value')"
echo "::add-mask::$TFSTATE_CONTAINER_ACCESS_KEY"
echo "TFSTATE_CONTAINER_ACCESS_KEY=$TFSTATE_CONTAINER_ACCESS_KEY" >> $GITHUB_ENV
shell: bash
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.4
terraform_wrapper: false
- name: Set Environment variables
run: |
TF_STATE_FILE=pr-${{ env.PR_NUMBER }}_kubernetes.tfstate
echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV
pr_state_file=$(az storage blob list -c terraform-state \
--account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
--account-name ${{ env.STORAGE_ACCOUNT_NAME }} \
--prefix $TF_STATE_FILE --query "[].name" -o tsv)
if [ -n "$pr_state_file" ]; then
echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV
fi
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- uses: google-github-actions/auth@v2
with:
project_id: teaching-qualifications
workload_identity_provider: projects/708780292301/locations/global/workloadIdentityPools/access-your-teaching-qualificati/providers/access-your-teaching-qualificati
- name: Terraform Destroy
run: |
make ci review terraform-destroy
env:
PR_NUMBER: ${{ env.PR_NUMBER }}
- name: Delete tf state file
if: env.TF_STATE_EXISTS == 'true'
run: |
az storage blob delete -c terraform-state --name ${{ env.TF_STATE_FILE }} \
--account-key ${{ env.TFSTATE_CONTAINER_ACCESS_KEY }} \
--account-name ${{ env.STORAGE_ACCOUNT_NAME }}
- name: Post Pull Request Comment ${{ github.event.number }}
if: ${{ github.event_name == 'pull_request' }}
uses: marocchino/sticky-pull-request-comment@v2
with:
header: aks
message: |
The review apps Access Your Teaching Qualifications & Check A Teacher's Record have been deleted.
The following domains are not available anymore:
- <https://access-your-teaching-qualifications-pr-${{ github.event.number }}.test.teacherservices.cloud>
- <https://check-a-teachers-record-pr-${{ github.event.number }}.test.teacherservices.cloud>