From 06dfa8780f511dad66c4e6d132e6a6e73d95d5ee Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Tue, 26 Mar 2024 12:11:37 -0600
Subject: [PATCH 1/3] Delete the PR environment only when the PR is closed

---
 .github/workflows/terraform-ci-deploy.yml  | 34 +------------
 .github/workflows/terraform-ci-destroy.yml | 57 ++++++++++++++++++++++
 2 files changed, 58 insertions(+), 33 deletions(-)
 create mode 100644 .github/workflows/terraform-ci-destroy.yml

diff --git a/.github/workflows/terraform-ci-deploy.yml b/.github/workflows/terraform-ci-deploy.yml
index ae5a19a89..e02f6963e 100644
--- a/.github/workflows/terraform-ci-deploy.yml
+++ b/.github/workflows/terraform-ci-deploy.yml
@@ -17,6 +17,7 @@ jobs:
 
       - uses: actions/checkout@v4
 
+      # keep in sync with terraform-ci-destroy.yml
       - uses: dorny/paths-filter@v3
         id: filter
         with:
@@ -74,36 +75,3 @@ jobs:
       - paths-filter
     uses: ./.github/workflows/deploy_reusable-skip.yml
     if: needs.paths-filter.outputs.operations != 'true'
-
-
-  destroy-environment:
-    name: Destroy PR Environment
-    environment:
-      name: pr
-    needs:
-      - pr-deploy
-      - paths-filter
-    if: needs.paths-filter.outputs.operations == 'true' && always()
-    runs-on: ubuntu-latest
-    env:
-      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      ARM_USE_OIDC: true
-    permissions:
-      id-token: write
-      contents: read
-    defaults:
-      run:
-        working-directory: operations/environments/pr
-
-    steps:
-
-      - uses: actions/checkout@v4
-
-      - name: Terraform Init
-        id: init
-        run: terraform init -backend-config="key=pr_${{ github.event.number }}.tfstate"
-
-      - name: Terraform Destroy
-        run: terraform destroy -auto-approve -input=false -var="pr_number=${{ github.event.number }}"
diff --git a/.github/workflows/terraform-ci-destroy.yml b/.github/workflows/terraform-ci-destroy.yml
new file mode 100644
index 000000000..6b9420b69
--- /dev/null
+++ b/.github/workflows/terraform-ci-destroy.yml
@@ -0,0 +1,57 @@
+name: Terraform CI Deploy
+
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+
+  paths-filter:
+    runs-on: ubuntu-latest
+    outputs:
+      operations: ${{ steps.filter.outputs.operations }}
+
+    steps:
+
+      - uses: actions/checkout@v4
+
+      # keep in sync with terraform-ci-deploy.yml
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            operations:
+              - 'operations/environments/pr/**'
+              - 'operations/template/**'
+
+  destroy-environment:
+    name: Destroy PR Environment
+    environment:
+      name: pr
+    needs:
+      - paths-filter
+    if: needs.paths-filter.outputs.operations == 'true'
+    runs-on: ubuntu-latest
+    env:
+      ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      ARM_USE_OIDC: true
+    permissions:
+      id-token: write
+      contents: read
+    defaults:
+      run:
+        working-directory: operations/environments/pr
+
+    steps:
+
+      - uses: actions/checkout@v4
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend-config="key=pr_${{ github.event.number }}.tfstate"
+
+      - name: Terraform Destroy
+        run: terraform destroy -auto-approve -input=false -var="pr_number=${{ github.event.number }}"

From 0796ece2279a8d8549e83a1c5f62acaf42e16783 Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Tue, 26 Mar 2024 12:12:28 -0600
Subject: [PATCH 2/3] Rename the destroy workflow

---
 .github/workflows/terraform-ci-destroy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-ci-destroy.yml b/.github/workflows/terraform-ci-destroy.yml
index 6b9420b69..c6c3ff9b1 100644
--- a/.github/workflows/terraform-ci-destroy.yml
+++ b/.github/workflows/terraform-ci-destroy.yml
@@ -1,4 +1,4 @@
-name: Terraform CI Deploy
+name: Terraform CI Destroy
 
 on:
   pull_request:

From a19f790bfeb7a90b16fabbd5f9c4a1fe4bfdffc6 Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Tue, 26 Mar 2024 12:14:09 -0600
Subject: [PATCH 3/3] Remove unused GitHub action jjob id

---
 .github/workflows/terraform-ci-destroy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/terraform-ci-destroy.yml b/.github/workflows/terraform-ci-destroy.yml
index c6c3ff9b1..9f9c928f0 100644
--- a/.github/workflows/terraform-ci-destroy.yml
+++ b/.github/workflows/terraform-ci-destroy.yml
@@ -50,7 +50,6 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Terraform Init
-        id: init
         run: terraform init -backend-config="key=pr_${{ github.event.number }}.tfstate"
 
       - name: Terraform Destroy