Delete review app pipeline

saliceti · saliceti · commit 0e5c325af857 · 2025-08-14T14:50:17.000+01:00
Github action workflow and Azure devops pipeline
Triggered when the pull request is closed or merged. Tries to run
terraform destroy if the PR has a "deploy" label.
diff --git a/.azuredevops/pipelines/delete-review-app.yml b/.azuredevops/pipelines/delete-review-app.yml
@@ -0,0 +1,46 @@
+trigger: none
+pr: none
+
+parameters:
+  - name: commitSHA
+    displayName: Commit SHA
+    type: string
+  - name: prNumber
+    displayName: Pull request number
+    type: string
+
+stages:
+  - stage: review
+    displayName: Delete review app
+    pool:
+      name: private-pool-dev-uks
+    isSkippable: false
+
+    jobs:
+      - deployment: DeleteReviewApp
+        displayName: Delete review app
+        environment: review
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+
+                - task: TerraformInstaller@1
+                  displayName: Install terraform
+                  inputs:
+                    terraformVersion: 1.7.0
+
+                - task: AzureCLI@2
+                  displayName: Run terraform
+                  inputs:
+                    azureSubscription: manbrs-review
+                    scriptType: bash
+                    scriptLocation: inlineScript
+                    addSpnToEnvironment: true
+                    inlineScript: |
+                      export ARM_TENANT_ID="$tenantId"
+                      export ARM_CLIENT_ID="$servicePrincipalId"
+                      export ARM_OIDC_TOKEN="$idToken"
+                      export ARM_USE_OIDC=true
+                      make ci review terraform-destroy DOCKER_IMAGE_TAG=git-sha-${{ parameters.commitSHA }} PR_NUMBER=${{ parameters.prNumber }}
diff --git a/.github/workflows/cicd-1-pull-request-closed.yaml b/.github/workflows/cicd-1-pull-request-closed.yaml
@@ -0,0 +1,28 @@
+name: Delete review app
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  destroy:
+    if: contains(github.event.pull_request.labels.*.name, 'deploy')
+    name: Delete review app pr-${{ github.event.pull_request.number }}
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    environment: review
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Call deployment pipeline
+        run: |
+          az pipelines run --commit-id ${{ github.event.pull_request.head.sha }} --name "Delete review app" --org https://dev.azure.com/nhse-dtos --project dtos-manage-breast-screening \
+            --parameters commitSHA=${{ github.event.pull_request.head.sha }} prNumber=${{ github.event.pull_request.number }}
