name: Destroy Environment run-name: Destroying ${{ github.event.inputs.prefix }}* by @${{ github.actor }} on: # Ability to execute on demand workflow_dispatch: inputs: prefix: type: string description: "Delete all environments starting with `prefix`" required: true ignore-prefix: type: string description: "Ignore all environments starting with `ignore-prefix`" ec-api-key: type: string description: "**Optional** To delete env environments on your own organization, enter your Elastic Cloud API key." required: false env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_REGION: "eu-west-1" ENV_PREFIX: ${{ github.event.inputs.prefix }} ENV_IGNORE_PREFIX: ${{ github.event.inputs.ignore-prefix }} TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }} jobs: Destroy: runs-on: ubuntu-20.04 timeout-minutes: 120 # Add "id-token" with the intended permissions. permissions: contents: 'read' id-token: 'write' steps: - name: Check out the repo uses: actions/checkout@v4 - name: Init Hermit run: ./bin/hermit env -r >> $GITHUB_ENV working-directory: ./ - name: Mask API Key if: ${{ github.event.inputs.ec-api-key != '' }} run: | ec_api_key=$(jq -r '.inputs["ec-api-key"]' $GITHUB_EVENT_PATH) echo "::add-mask::$ec_api_key" echo "TF_VAR_ec_api_key=$ec_api_key" >> $GITHUB_ENV - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} - id: google-auth name: Authenticate to Google Cloud uses: google-github-actions/auth@v1 with: workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} - name: Destroy Environment run: | just delete-cloud-env ${{ env.ENV_PREFIX }} '${{ env.ENV_IGNORE_PREFIX }}' "false"