-
-
Notifications
You must be signed in to change notification settings - Fork 0
113 lines (103 loc) · 3.37 KB
/
_terraformDestroyTemplate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: Terraform Destroy Template
on:
workflow_call:
inputs:
environment:
required: true
type: string
default: "dev"
description: "Specifies the environment of the deployment."
config:
required: true
type: string
description: "Specifies the configuration folder for the deployment."
terraform_version:
required: true
type: string
description: "Specifies the terraform version."
node_version:
required: true
type: number
description: "Specifies the node version."
working_directory:
required: true
type: string
description: "Specifies the working directory."
tenant_id:
required: true
type: string
description: "Specifies the tenant id of the deployment."
subscription_id:
required: true
type: string
description: "Specifies the subscription id of the deployment."
secrets:
CLIENT_ID:
required: true
description: "Specifies the client id."
BOT_OAUTH_CLIENT_ID:
required: true
description: "Specifies the client id of the app used for the bot oauth."
BOT_OAUTH_CLIENT_SECRET:
required: true
description: "Specifies the client secret of the app used for the bot oauth."
permissions:
id-token: write
contents: read
jobs:
deployment:
name: Terraform Destroy
runs-on: [self-hosted]
continue-on-error: false
environment: ${{ inputs.environment }}
if: github.event_name == 'push' || github.event_name == 'release'
concurrency:
group: terraform-${{ inputs.config }}-${{ inputs.environment }}
cancel-in-progress: false
env:
ARM_TENANT_ID: ${{ inputs.tenant_id }}
ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
ARM_USE_OIDC: true
steps:
# Setup Node
- name: Setup Node
id: node_setup
uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node_version }}
# Setup Terraform
- name: Setup Terraform
id: terraform_setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform_version }}
terraform_wrapper: true
# Check Out Repository
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v4
# Azure login
- name: Azure login
id: azure_login
uses: azure/login@v2
with:
client-id: ${{ secrets.CLIENT_ID }}
tenant-id: ${{ inputs.tenant_id }}
subscription-id: ${{ inputs.subscription_id }}
# Terraform Init
- name: Terraform Init
working-directory: ${{ inputs.working_directory }}
run: |
terraform init -backend-config=../../config/${CONFIG}/azurerm.tfbackend
env:
CONFIG: ${{ inputs.config }}
# Terraform Destroy
- name: Terraform Destroy
working-directory: ${{ inputs.working_directory }}
run: |
terraform apply -var-file="../../config/${CONFIG}/vars.tfvars" -auto-approve -input=false -destroy
env:
CONFIG: ${{ inputs.config }}
TF_VAR_bot_oauth_client_id: ${{ secrets.BOT_OAUTH_CLIENT_ID }}
TF_VAR_bot_oauth_client_secret: ${{ secrets.BOT_OAUTH_CLIENT_SECRET }}