Skip to content

Destroy PR Environment - #677 ([NRL-760] Update READMEs for blue/green arch and fix sandbox env name) #61

Destroy PR Environment - #677 ([NRL-760] Update READMEs for blue/green arch and fix sandbox env name)

Destroy PR Environment - #677 ([NRL-760] Update READMEs for blue/green arch and fix sandbox env name) #61

Workflow file for this run

name: Destroy PR Environment
run-name: "Destroy PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})"
on:
pull_request:
types: [closed]
concurrency:
group: environment-${{ github.event.pull_request.number }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write
jobs:
set-environment-id:
name: Set Environment ID
runs-on: [self-hosted, ci]
steps:
- name: Set a ID based on the branch name
id: set_environment_id
run: |
JIRA_TICKET=$(
echo '${{ github.event.pull_request.head.ref }}' | \
grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \
sed 's/-//g' | \
tr '[:upper:]' '[:lower:]' || \
true
)
BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6)
if [ -z "$JIRA_TICKET" ]; then
echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT
else
echo "environment_id=${JIRA_TICKET}-${BRANCH_HASH}" > $GITHUB_OUTPUT
fi
outputs:
environment_id: ${{ steps.set_environment_id.outputs.environment_id }}
destroy:
name: Destroy PR Environment
needs: [set-environment-id]
environment: pull-request
runs-on: [self-hosted, ci]
steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.merged && github.event.pull_request.base.ref || github.event.pull_request.head.ref }}
- name: Setup asdf cache
uses: actions/cache@v4
with:
path: ~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }}
- name: Get AWS Account ID
id: get_account_id
run: echo "aws_account_id=$(aws secretsmanager get-secret-value --secret-id nhsd-nrlf--mgmt--dev-account-id --query SecretString --output text)" >> "$GITHUB_OUTPUT"
- name: Terraform Init
run: |
terraform -chdir=terraform/infrastructure init
terraform -chdir=terraform/infrastructure workspace new ${{ needs.set-environment-id.outputs.environment_id }} || \
terraform -chdir=terraform/infrastructure workspace select ${{ needs.set-environment-id.outputs.environment_id }}
- name: Terraform Destroy
run: |
terraform -chdir=terraform/infrastructure destroy \
--var-file=etc/dev.tfvars \
--var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \
-auto-approve
- name: Cleanup Terraform Workspace
run: |
terraform -chdir=terraform/infrastructure workspace select default
terraform -chdir=terraform/infrastructure workspace delete ${{ needs.set-environment-id.outputs.environment_id }}
- name: Add Failure Pull Request Comment
uses: actions/github-script@v7
if: ${{ failure() }}
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `💥 Something went wrong while destroying the pull request environment.\n[Check Output Logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`
})