diff --git a/.github/workflows/continuous-disintegration.yml b/.github/workflows/continuous-disintegration.yml deleted file mode 100644 index 0e62461f0..000000000 --- a/.github/workflows/continuous-disintegration.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Teardown - -on: - pull_request_target: - types: [closed] - -jobs: - build: - name: Call Azure Pipeline - runs-on: ubuntu-latest - steps: - - name: Get Access Token - id: get-access-token - run: | - echo "ACCESS_TOKEN"=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=${{ secrets.PR_TEARDWN_SP_CLIENT_ID }}&scope=https%3A%2F%2Fapp.vssps.visualstudio.com%2F.default&client_secret=${{ secrets.PR_TEARDWN_SP_CLIENT_SECRET }}&grant_type=client_credentials' 'https://login.microsoftonline.com/${{ secrets.PR_TENANT_ID }}/oauth2/v2.0/token' | jq -r '.access_token') >> $GITHUB_OUTPUT - - - name: Azure Pipelines Action - uses: Azure/pipelines@v1.2 - with: - azure-devops-project-url: 'https://dev.azure.com/NHSD-APIM/API%20Platform' - azure-pipeline-name: 'immunisation-fhir-api-pr-teardown' - azure-pipeline-variables: '{ "action_pr_number": "${{ github.event.pull_request.number }}" }' - azure-devops-token: ${{ steps.get-access-token.outputs.ACCESS_TOKEN }} diff --git a/.github/workflows/pr-teardown.yml b/.github/workflows/pr-teardown.yml new file mode 100644 index 000000000..ef5cf53d3 --- /dev/null +++ b/.github/workflows/pr-teardown.yml @@ -0,0 +1,73 @@ +name: PR Teardown + +on: + pull_request: + types: [closed] + workflow_dispatch: + inputs: + pr_number: + description: The PR number of the environment to teardown e.g pr-123 + required: true + type: string + +jobs: + teardown: + name: PR Teardown + runs-on: ubuntu-latest + environment: + name: dev + env: + APIGEE_ENVIRONMENT: internal-dev + BACKEND_ENVIRONMENT: dev + BACKEND_SUB_ENVIRONMENT: pr-${{ github.event_name == 'pull_request' && github.event.pull_request.number || inputs.pr_number }} + permissions: + id-token: write + contents: read + + steps: + - name: Connect to AWS + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops + role-session-name: github-actions + + - name: Whoami + run: aws sts get-caller-identity + + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd + with: + terraform_version: "1.12.2" + + - name: Terraform Init and extract MNS SQS QUEUE ARN + working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + run: | + make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + make workspace apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT + echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV + + - name: Install poetry + run: pip install poetry==2.1.4 + + - uses: actions/setup-python@v5 + with: + python-version: 3.11 + cache: 'poetry' + + - name: Unsubscribe MNS + working-directory: './lambdas/mns_subscription' + env: + SQS_ARN: ${{ env.ID_SYNC_QUEUE_ARN }} + run: | + poetry install --no-root + + echo "Unsubscribing SQS to MNS for notifications..." + make unsubscribe + + - name: Terraform Destroy + working-directory: ${{ vars.TERRAFORM_DIR_PATH }} + run: | + make destroy apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT diff --git a/azure/azure-pr-teardown-pipeline.yml b/azure/azure-pr-teardown-pipeline.yml deleted file mode 100644 index 0051c39c0..000000000 --- a/azure/azure-pr-teardown-pipeline.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: "$(SourceBranchName)+$(BuildID)" - -trigger: none -pr: none - -resources: - repositories: - - repository: common - type: github - name: NHSDigital/api-management-utils - ref: refs/heads/edge - endpoint: NHSDigital - -variables: - - template: project.yml - -jobs: - - job: teardown - displayName: PR Teardown - timeoutInMinutes: 30 - pool: - name: 'AWS-ECS' - vmImage: 'ubuntu-latest' - steps: - - checkout: self - - - bash: | - echo $(action_pr_number) - WORKSPACE="pr-"$(ACTION_PR_NUMBER) - echo $WORKSPACE - echo "##vso[task.setvariable variable=WORKSPACE]$WORKSPACE" - echo "##vso[task.setvariable variable=ACTION_PR_NUMBER]$(ACTION_PR_NUMBER)" - displayName: Set workspace tag - - - template: ./templates/aws-assume-role.yml - parameters: - role: "auto-ops" - profile: "apim-dev" - aws_account: "dev" - - - bash: | - echo "##vso[task.setvariable variable=AWS_DEFAULT_REGION]eu-west-2" - echo "##vso[task.setvariable variable=APIGEE_ENVIRONMENT]internal-dev" - displayName: Set AWS default region and Terraform state bucket - - - bash: | - export AWS_PROFILE=apim-dev - - cd terraform - make init apigee_environment=internal-dev environment=dev sub_environment="$WORKSPACE" - make workspace apigee_environment=internal-dev environment=dev sub_environment="$WORKSPACE" - - # Extract values from Terraform state before destroying - ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn) - echo "##vso[task.setvariable variable=ID_SYNC_QUEUE_ARN]$ID_SYNC_QUEUE_ARN" - displayName: "Init Terraform and extract MNS values" - - - bash: | - export AWS_PROFILE=apim-dev - cd lambdas/mns_subscription - - echo "unsubscribing SQS Queue from MNS notifications." - pyenv install -s 3.11.11 - pyenv local 3.11.11 - echo "Setting up poetry environment..." - poetry env use 3.11 - poetry install --no-root - - echo "unsubscribing SQS to MNS for notifications.." - make unsubscribe - displayName: "Unsubscribe MNS" - env: - SQS_ARN: "$(ID_SYNC_QUEUE_ARN)" - - - bash: | - export AWS_PROFILE=apim-dev - - cd terraform - make destroy apigee_environment=internal-dev environment=dev sub_environment="$WORKSPACE" - displayName: Destroy terraform PR workspace and linked resources - retryCountOnTaskFailure: 2