Skip to content

Destroying dg-* by @gurevichdmitry #500

Destroying dg-* by @gurevichdmitry

Destroying dg-* by @gurevichdmitry #500

name: Destroy Environment
run-name: Destroying ${{ inputs.prefix }}* by @${{ github.actor }}
on:
# Ability to execute on demand
workflow_dispatch:
inputs:
prefix:
type: string
description: "Delete all environments starting with `prefix`"
required: true
ignore-prefix:
type: string
description: "Ignore all environments starting with `ignore-prefix`"
required: false
ec-api-key:
type: string
description: "**Optional** To delete env environments on your own organization, enter your Elastic Cloud API key."
required: false
workflow_call:
inputs:
prefix:
type: string
description: "Delete all environments starting with `prefix`"
required: true
ignore-prefix:
type: string
description: "Ignore all environments starting with `ignore-prefix`"
required: false
ec-api-key:
type: string
description: "**Optional** To delete env environments on your own organization, enter your Elastic Cloud API key."
required: false
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "eu-west-1"
ENV_PREFIX: ${{ inputs.prefix }}
ENV_IGNORE_PREFIX: ${{ inputs.ignore-prefix }}
TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }}
jobs:
Destroy:
runs-on: ubuntu-20.04
timeout-minutes: 120
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Init Hermit
run: ./bin/hermit env -r >> $GITHUB_ENV
working-directory: ./
- name: Mask API Key
if: ${{ inputs.ec-api-key != '' }}
run: |
ec_api_key=$(jq -r '.inputs["ec-api-key"]' $GITHUB_EVENT_PATH)
echo "::add-mask::$ec_api_key"
echo "TF_VAR_ec_api_key=$ec_api_key" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- id: google-auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- id: azure-auth
name: Azure login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Destroy Environment
run: |
just delete-cloud-env "${ENV_PREFIX}" "${ENV_IGNORE_PREFIX}" "false"
- name: Send Slack Notification
uses: ./.github/actions/slack-notification
if: always()
continue-on-error: true
env:
RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
JOB_STATUS_COLOR: "${{ job.status == 'success' && '#36a64f' || '#D40E0D' }}"
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.CSP_VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.CSP_VAULT_SECRET_ID }}
slack-payload: |
{
"text": "${{ github.workflow }} job <${{env.RUN_URL}}|${{ inputs.prefix }}> triggered by `${{github.actor}}`",
"blocks": [
{
"type": "divider"
}
],
"attachments": [
{
"color": "${{ env.JOB_STATUS_COLOR }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "${{ github.workflow }} job <${{env.RUN_URL}}|${{ inputs.prefix }}> triggered by `${{github.actor}}`"
}
}
]
}
]
}