|
1 | 1 | name: Terraform Destroy |
2 | 2 |
|
3 | 3 | on: |
4 | | - workflow_dispatch: # permite ejecutarlo manualmente desde la UI de GitHub |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + confirm_destroy: |
| 7 | + description: "⚠️ Type 'YES' to confirm destroying the infrastructure" |
| 8 | + required: true |
5 | 9 |
|
6 | 10 | permissions: |
7 | 11 | contents: read |
|
19 | 23 | runs-on: ubuntu-latest |
20 | 24 |
|
21 | 25 | steps: |
| 26 | + - name: 🛑 Validate confirmation input |
| 27 | + if: ${{ github.event.inputs.confirm_destroy != 'YES' }} |
| 28 | + run: | |
| 29 | + echo "You must type YES to proceed with destroy." |
| 30 | + exit 1 |
| 31 | +
|
22 | 32 | - name: 📦 Checkout code |
23 | 33 | uses: actions/checkout@v3 |
24 | 34 |
|
@@ -49,18 +59,14 @@ jobs: |
49 | 59 | -backend-config="container_name=tfstate" \ |
50 | 60 | -backend-config="key=terraform.tfstate" |
51 | 61 |
|
52 | | - - name: 📝 Generate terraform.tfvars |
53 | | - run: | |
54 | | - cat > infra/terraform.tfvars <<EOF |
55 | | - subscription_id = "${{ secrets.ARM_SUBSCRIPTION_ID }}" |
56 | | - client_id = "${{ secrets.ARM_CLIENT_ID }}" |
57 | | - client_secret = "${{ secrets.ARM_CLIENT_SECRET }}" |
58 | | - tenant_id = "${{ secrets.ARM_TENANT_ID }}" |
59 | | - allowed_ssh_ip = "${{ secrets.MY_IP_ADDRESS }}" |
60 | | - mysql_user = "${{ secrets.MYSQL_USER }}" |
61 | | - mysql_admin_password = "${{ secrets.MYSQL_ADMIN_PASSWORD }}" |
62 | | - ssh_public_key = "${{ secrets.VM_SSH_PUB_KEY }}" |
63 | | - EOF |
64 | | -
|
65 | 62 | - name: ⚠️ Terraform Destroy |
66 | | - run: terraform -chdir=infra destroy -auto-approve -input=false -var-file=terraform.tfvars |
| 63 | + run: | |
| 64 | + terraform -chdir=infra destroy -auto-approve -input=false \ |
| 65 | + -var="subscription_id=${{ secrets.ARM_SUBSCRIPTION_ID }}" \ |
| 66 | + -var="client_id=${{ secrets.ARM_CLIENT_ID }}" \ |
| 67 | + -var="client_secret=${{ secrets.ARM_CLIENT_SECRET }}" \ |
| 68 | + -var="tenant_id=${{ secrets.ARM_TENANT_ID }}" \ |
| 69 | + -var="allowed_ssh_ip=${{ secrets.MY_IP_ADDRESS }}" \ |
| 70 | + -var="mysql_user=${{ secrets.MYSQL_USER }}" \ |
| 71 | + -var="mysql_admin_password=${{ secrets.MYSQL_ADMIN_PASSWORD }}" \ |
| 72 | + -var="ssh_public_key=${{ secrets.VM_SSH_PUB_KEY }}" |
0 commit comments