Destroy PR Environment - #967 (NRL-753 fix capability statement endpoint deployment) #236
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Destroy PR Environment | |
| run-name: "Destroy PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" | |
| on: | |
| pull_request: | |
| types: [closed] | |
| workflow_dispatch: | |
| concurrency: | |
| group: environment-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| set-environment-id: | |
| name: Set Environment ID | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Set a ID based on the branch name | |
| id: set_environment_id | |
| run: | | |
| JIRA_TICKET=$( | |
| echo '${{ github.event.pull_request.head.ref }}' | \ | |
| grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \ | |
| sed 's/-//g' | \ | |
| tr '[:upper:]' '[:lower:]' || \ | |
| true | |
| ) | |
| BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6) | |
| if [ -z "$JIRA_TICKET" ]; then | |
| echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| else | |
| echo "environment_id=${JIRA_TICKET}-${BRANCH_HASH}" > $GITHUB_OUTPUT | |
| fi | |
| outputs: | |
| environment_id: ${{ steps.set_environment_id.outputs.environment_id }} | |
| destroy: | |
| name: Destroy PR Environment | |
| needs: [set-environment-id] | |
| environment: pull-request | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Git Clone - ${{ github.event.pull_request.head.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.merged && github.event.pull_request.base.ref || github.event.pull_request.head.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
| role-session-name: github-actions-ci-${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Get AWS Account ID | |
| id: get_account_id | |
| run: echo "aws_account_id=$(aws secretsmanager get-secret-value --secret-id nhsd-nrlf--mgmt--dev-account-id --query SecretString --output text)" >> "$GITHUB_OUTPUT" | |
| - name: Terraform Init | |
| run: | | |
| terraform -chdir=terraform/infrastructure init | |
| terraform -chdir=terraform/infrastructure workspace select ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Build artifacts | |
| run: make build get-s3-perms | |
| - name: Terraform Destroy | |
| run: | | |
| terraform -chdir=terraform/infrastructure destroy \ | |
| --var-file=etc/dev.tfvars \ | |
| --var assume_role_arn=${{ secrets.DEPLOY_ROLE_ARN }} \ | |
| -auto-approve | |
| - name: Cleanup Terraform Workspace | |
| run: | | |
| terraform -chdir=terraform/infrastructure workspace select default | |
| terraform -chdir=terraform/infrastructure workspace delete ${{ needs.set-environment-id.outputs.environment_id }} | |
| - name: Add Failure Pull Request Comment | |
| uses: actions/github-script@v7 | |
| if: ${{ failure() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `💥 Something went wrong while destroying the pull request environment.\n[Check Output Logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})` | |
| }) |