Destroy PR Environment - #673 (NRL-817 permissions cache) #63
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Destroy PR Environment | |
| run-name: "Destroy PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" | |
| on: | |
| pull_request: | |
| types: [closed] | |
| concurrency: | |
| group: environment-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| set-environment-id: | |
| name: Set Environment ID | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Set a ID based on the branch name | |
| id: set_environment_id | |
| run: | | |
| JIRA_TICKET=$( | |
| echo '${{ github.event.pull_request.head.ref }}' | \ | |
| grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \ | |
| sed 's/-//g' | \ | |
| tr '[:upper:]' '[:lower:]' || \ | |
| true | |
| ) | |
| BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6) | |
| if [ -z "$JIRA_TICKET" ]; then | |
| echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| else | |
| echo "environment_id=${JIRA_TICKET}-${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| fi | |
| outputs: | |
| environment_id: ${{ steps.set_environment_id.outputs.environment_id }} | |
| destroy: | |
| name: Destroy PR Environment | |
| needs: [set-environment-id] | |
| environment: pull-request | |
| runs-on: [self-hosted, ci] | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.merged && github.event.pull_request.base.ref || github.event.pull_request.head.ref }} | |
| - name: Setup asdf cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.asdf | |
| key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} | |
| restore-keys: | | |
| ${{ runner.os }}-asdf- | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Get AWS Account ID | |
| id: get_account_id | |
| run: echo "aws_account_id=$(aws secretsmanager get-secret-value --secret-id nhsd-nrlf--mgmt--dev-account-id --query SecretString --output text)" >> "$GITHUB_OUTPUT" | |
| - name: Terraform Init | |
| run: | | |
| terraform -chdir=terraform/infrastructure init | |
| terraform -chdir=terraform/infrastructure workspace new ${{ needs.set-environment-id.outputs.environment_id }} || \ | |
| terraform -chdir=terraform/infrastructure workspace select ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Terraform Destroy | |
| run: | | |
| terraform -chdir=terraform/infrastructure destroy \ | |
| --var-file=etc/dev.tfvars \ | |
| --var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \ | |
| -auto-approve | |
| - name: Cleanup Terraform Workspace | |
| run: | | |
| terraform -chdir=terraform/infrastructure workspace select default | |
| terraform -chdir=terraform/infrastructure workspace delete ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Add Failure Pull Request Comment | |
| uses: actions/github-script@v7 | |
| if: ${{ failure() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `💥 Something went wrong while destroying the pull request environment.\n[Check Output Logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})` | |
| }) |