-
Notifications
You must be signed in to change notification settings - Fork 9
132 lines (111 loc) · 4.95 KB
/
delete-v2-review-app.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Delete v2 Review App
on:
pull_request:
types: [closed]
branches: [main]
env:
SERVICE_SHORT: att
jobs:
delete-v2-review-app:
name: Delete v2 Review App ${{ github.event.pull_request.number }}
concurrency: deploy_v2_review_${{ github.event.pull_request.number }}
if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy_v2') || contains(github.event.pull_request.labels.*.name, 'dependencies') }}
runs-on: ubuntu-latest
environment: review_aks
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Environment variables
run: |
terraform_version=$(awk '/{/{f=/^terraform/;next}f' terraform/aks/provider.tf | grep -o [0-9\.]*)
echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV
PR_NUMBER=${{ github.event.pull_request.number }}
TF_STATE_FILE=pr-$PR_NUMBER.tfstate
echo "DEPLOY_ENV=review_aks-$PR_NUMBER" >> $GITHUB_ENV
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV
tf_vars_file=terraform/aks/workspace_variables/review_aks.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' "${tf_vars_file}")" >> $GITHUB_ENV
echo "KEY_VAULT_APP_SECRET_NAME=$(jq -r '.key_vault_app_secret_name' "${tf_vars_file}")" >> $GITHUB_ENV
echo "KEY_VAULT_INFRA_SECRET_NAME=$(jq -r '.key_vault_infra_secret_name' "${tf_vars_file}")" >> $GITHUB_ENV
source global_config/review_aks.sh
echo "STORAGE_ACCOUNT_RG=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-rg" >> $GITHUB_ENV
echo "STORAGE_ACCOUNT_NAME=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${CONFIG_SHORT}sa" >> $GITHUB_ENV
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set Connection String and State File
run: |
STORAGE_CONN_STR=$(az storage account show-connection-string \
--resource-group "$STORAGE_ACCOUNT_RG" \
--name "$STORAGE_ACCOUNT_NAME" \
--query 'connectionString' \
--output tsv)
echo "::add-mask::$STORAGE_CONN_STR"
echo "AZURE_STORAGE_CONNECTION_STRING=$STORAGE_CONN_STR" >> $GITHUB_ENV
pr_state_file=$(az storage blob list \
--container-name att-tfstate \
--connection-string "$STORAGE_CONN_STR" \
--prefix "$TF_STATE_FILE" \
--query "[].name" \
--output tsv)
if [ -n "$pr_state_file" ]; then echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV; fi
- name: Use Terraform ${{ env.TERRAFORM_VERSION }}
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Validate Azure Key Vault secrets
if: env.TF_STATE_EXISTS == 'true'
uses: DFE-Digital/github-actions/validate-key-vault-secrets@master
with:
KEY_VAULT: ${{ env.KEY_VAULT_NAME }}
SECRETS: |
${{ env.KEY_VAULT_APP_SECRET_NAME }}
${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Terraform destroy
if: env.TF_STATE_EXISTS == 'true'
run: make ci review_aks destroy
env:
APP_NAME: ${{ env.PR_NUMBER }}
IMAGE_TAG: ignored
- name: Delete tf state file
if: env.TF_STATE_EXISTS == 'true'
run: |
az storage blob delete \
--container-name att-tfstate \
--name "${{ env.TF_STATE_FILE }}" \
--connection-string "${{ env.AZURE_STORAGE_CONNECTION_STRING }}"
- name: Update ${{ env.DEPLOY_ENV }} status
if: always() && env.TF_STATE_EXISTS == 'true'
id: deactivate-env
uses: bobheadxi/deployments@v1
with:
env: ${{ env.DEPLOY_ENV }}
step: deactivate-env
token: ${{ secrets.GITHUB_TOKEN }}
desc: The deployment for ${{ env.DEPLOY_ENV }} has been removed.
- uses: actions/github-script@v7
name: Remove environment entity
if: always() && (steps.deactivate-env.outcome == 'success')
with:
github-token: ${{ secrets.ACTIONS_API_ACCESS_TOKEN }}
script: |
const environment = process.env.DEPLOY_ENV || ''
if (environment) {
github.rest.repos.deleteAnEnvironment({
owner: context.repo.owner,
repo: context.repo.repo,
environment_name: environment
}).then(res => {
console.log(`The environment ${environment} was removed successfully.`)
}).catch(err => {
core.setFailed(err.message)
})
} else {
core.setFailed('An environment was not passed for deletion.')
}
env:
DEPLOY_ENV: ${{env.DEPLOY_ENV}}