forked from elastic/cloudbeat
-
Notifications
You must be signed in to change notification settings - Fork 0
123 lines (113 loc) · 4.08 KB
/
destroy-environment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Destroy Environment
run-name: Destroying ${{ inputs.prefix }}* by @${{ github.actor }}
on:
# Ability to execute on demand
workflow_dispatch:
inputs:
prefix:
type: string
description: "Delete all environments starting with `prefix`"
required: true
ignore-prefix:
type: string
description: "Ignore all environments starting with `ignore-prefix`"
required: false
ec-api-key:
type: string
description: "**Optional** To delete env environments on your own organization, enter your Elastic Cloud API key."
required: false
workflow_call:
inputs:
prefix:
type: string
description: "Delete all environments starting with `prefix`"
required: true
ignore-prefix:
type: string
description: "Ignore all environments starting with `ignore-prefix`"
required: false
ec-api-key:
type: string
description: "**Optional** To delete env environments on your own organization, enter your Elastic Cloud API key."
required: false
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "eu-west-1"
ENV_PREFIX: ${{ inputs.prefix }}
ENV_IGNORE_PREFIX: ${{ inputs.ignore-prefix }}
TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }}
jobs:
Destroy:
runs-on: ubuntu-20.04
timeout-minutes: 120
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Init Hermit
run: ./bin/hermit env -r >> $GITHUB_ENV
working-directory: ./
- name: Mask API Key
if: ${{ inputs.ec-api-key != '' }}
run: |
ec_api_key=$(jq -r '.inputs["ec-api-key"]' $GITHUB_EVENT_PATH)
echo "::add-mask::$ec_api_key"
echo "TF_VAR_ec_api_key=$ec_api_key" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- id: google-auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- id: azure-auth
name: Azure login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Destroy Environment
run: |
just delete-cloud-env "${ENV_PREFIX}" "${ENV_IGNORE_PREFIX}" "false"
- name: Send Slack Notification
uses: ./.github/actions/slack-notification
if: always()
continue-on-error: true
env:
RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
JOB_STATUS_COLOR: "${{ job.status == 'success' && '#36a64f' || '#D40E0D' }}"
with:
vault-url: ${{ secrets.VAULT_ADDR }}
vault-role-id: ${{ secrets.CSP_VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.CSP_VAULT_SECRET_ID }}
slack-payload: |
{
"text": "${{ github.workflow }} job <${{env.RUN_URL}}|${{ inputs.prefix }}> triggered by `${{github.actor}}`",
"blocks": [
{
"type": "divider"
}
],
"attachments": [
{
"color": "${{ env.JOB_STATUS_COLOR }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "${{ github.workflow }} job <${{env.RUN_URL}}|${{ inputs.prefix }}> triggered by `${{github.actor}}`"
}
}
]
}
]
}