-
Notifications
You must be signed in to change notification settings - Fork 1
82 lines (77 loc) · 3.24 KB
/
destroy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
name: Destroy
on:
delete:
workflow_dispatch:
inputs:
environment:
description: "Name of the environment to destroy:"
required: true
concurrency:
group: ${{ inputs.environment || github.event.ref }}
permissions:
id-token: write
contents: read
actions: read
jobs:
destroy:
# Protected branches should be designated as such in the GitHub UI.
# So, a protected branch should never have this workflow run, since the branch should never be deleted.
# This conditional is a backup mechanism to help prevent mistakes from becoming disasters.
# This is a list of branch names that are commonly used for protected branches/environments.
# Add/remove names from this list as appropriate.
if: |
(
github.event.ref_type == 'branch' &&
(!startsWith(github.event.ref, 'skipci')) &&
(!contains(fromJson('["main", "val", "production"]'), github.event.ref))
) ||
(
inputs.environment != '' &&
(!contains(fromJson('["main", "val", "production"]'), inputs.environment))
)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
- name: set branch_name
run: |
BRANCH_NAME=$(./.github/setBranchName.sh ${{ inputs.environment || github.event.ref }})
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# - name: Delete topics from bigmac
# uses: benc-uk/workflow-dispatch@v1
# with:
# workflow: Delete Topics
# repo: Enterprise-CMCS/bigmac
# token: ${{ secrets.AUTOMATION_ACCESS_TOKEN }}
# inputs: '{ "topics": "mgmt.connect.cms-carts-seds.carts-bigmac-streams-${{env.BRANCH_NAME}}.config,mgmt.connect.cms-carts-seds.carts-bigmac-streams-${{env.BRANCH_NAME}}.offsets,mgmt.connect.cms-carts-seds.carts-bigmac-streams-${{env.BRANCH_NAME}}.status"}'
# ref: refs/heads/master # Otherwise workflow-dispatch tries to operate off of our default name
- name: Destroy
run: ./run destroy --stage $STAGE_PREFIX$branch_name --verify false
# Notify the integrations channel when a destroy action fails
notify_on_destroy_failure:
runs-on: ubuntu-latest
needs:
- destroy
if: ${{ failure() }}
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_TITLE: ":boom: A destroy action has failed on ${{ github.repository }}."
MSG_MINIMAL: true
SLACK_WEBHOOK: ${{ secrets.INTEGRATIONS_SLACK_WEBHOOK }}