-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathterraform-destroy-environment-manual.yml
More file actions
133 lines (117 loc) · 3.99 KB
/
terraform-destroy-environment-manual.yml
File metadata and controls
133 lines (117 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# .github/workflows/destroy.yml
name: 'Destroy (Select Account) Environment'
on:
workflow_dispatch:
inputs:
build_branch:
default: 'main'
description: 'Branch to use for the destroy action.'
required: true
sandbox_workspace:
description: 'The sandbox workspace to destroy.'
required: true
terraform_vars:
default: 'dev.tfvars'
description: 'Terraform vars file to use.'
required: true
environment:
default: 'development'
description: 'Environment for destruction.'
required: true
backend:
default: 'backend.conf'
description: 'Terraform backend configuration.'
required: true
workflow_call:
inputs:
build_branch:
default: 'main'
description: 'Branch to use for the destroy action.'
required: true
type: "string"
sandbox_workspace:
description: 'The sandbox workspace to destroy.'
required: true
type: "string"
terraform_vars:
default: 'dev.tfvars'
description: 'Terraform vars file to use.'
required: true
type: "string"
environment:
default: 'development'
description: 'Environment for destruction.'
required: true
type: "string"
backend:
default: 'backend.conf'
description: 'Terraform backend configuration.'
required: true
type: "string"
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
remove_edge_associations:
name: Remove Lambda@Edge Associations
uses: ./.github/workflows/cleanup-cloudfront-edge-associations.yml
with:
sandbox_workspace: ${{ inputs.sandbox_workspace }}
lambda_function_name: '${{ inputs.sandbox_workspace }}_EdgePresignLambda'
python_version: 3.11
build_branch: ${{ inputs.build_branch }}
environment: ${{ inputs.environment}}
secrets:
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
cleanup_versions_process:
name: Cleanup Versions Process
uses: ./.github/workflows/cleanup-appconfig-and-lambda-layer-versions.yml
with:
build_branch: ${{ inputs.build_branch }}
sandbox: ${{ inputs.sandbox_workspace }}
environment: ${{ inputs.environment }}
python_version: 3.11
secrets:
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
terraform_destroy_process:
name: Terraform Destroy Process
runs-on: ubuntu-latest
needs: [remove_edge_associations] # Ensure this runs after Lambda@Edge removal
environment: ${{ inputs.environment }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.build_branch }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install Python Dependencies
run: |
python3 -m venv ./venv
./venv/bin/pip3 install --upgrade pip boto3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: true
- name: View AWS Role
run: aws sts get-caller-identity
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.11.4
- name: Terraform Init
run: terraform init -backend-config=${{ inputs.backend }}
working-directory: ./infrastructure
- name: Set Terraform Workspace
run: terraform workspace select ${{ inputs.sandbox_workspace }}
working-directory: ./infrastructure
- name: Terraform Destroy
run: terraform destroy -auto-approve -var-file="${{ inputs.terraform_vars }}"
working-directory: ./infrastructure
- name: Run Terraform Workspace Cleanup Script
run: ./venv/bin/python3 -u scripts/cleanup_terraform_states.py ${{ inputs.sandbox_workspace }}