[171] Migration to add is_confidential column to Reference table
#2194
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Delete v2 Review App | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: [main] | |
| jobs: | |
| delete-v2-review-app: | |
| name: Delete v2 Review App ${{ github.event.pull_request.number }} | |
| concurrency: deploy_v2_review_${{ github.event.pull_request.number }} | |
| if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy_v2') || contains(github.event.pull_request.labels.*.name, 'dependencies') }} | |
| runs-on: ubuntu-latest | |
| environment: review_aks | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set Environment variables | |
| run: | | |
| terraform_version=$(awk '/{/{f=/^terraform/;next}f' terraform/aks/provider.tf | grep -o [0-9\.]*) | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| TF_STATE_FILE=pr-$PR_NUMBER.tfstate | |
| echo "DEPLOY_ENV=review_aks-$PR_NUMBER" >> $GITHUB_ENV | |
| echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV | |
| echo "TF_STATE_FILE=$TF_STATE_FILE" >> $GITHUB_ENV | |
| pr_state_file=$(az storage blob list -c att-tfstate \ | |
| --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" \ | |
| --prefix $TF_STATE_FILE --query "[].name" -o tsv) | |
| if [ -n "$pr_state_file" ]; then echo "TF_STATE_EXISTS=true" >> $GITHUB_ENV; fi; | |
| tf_vars_file=terraform/aks/workspace_variables/review_aks.tfvars.json | |
| echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV | |
| echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV | |
| echo "KEY_VAULT_APP_SECRET_NAME=$(jq -r '.key_vault_app_secret_name' ${tf_vars_file})" >> $GITHUB_ENV | |
| echo "KEY_VAULT_INFRA_SECRET_NAME=$(jq -r '.key_vault_infra_secret_name' ${tf_vars_file})" >> $GITHUB_ENV | |
| - name: Use Terraform ${{ env.TERRAFORM_VERSION }} | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - uses: azure/login@v2 | |
| if: env.TF_STATE_EXISTS == 'true' | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Validate Azure Key Vault secrets | |
| if: env.TF_STATE_EXISTS == 'true' | |
| uses: DFE-Digital/github-actions/validate-key-vault-secrets@master | |
| with: | |
| KEY_VAULT: ${{ env.KEY_VAULT_NAME }} | |
| SECRETS: | | |
| ${{ env.KEY_VAULT_APP_SECRET_NAME }} | |
| ${{ env.KEY_VAULT_INFRA_SECRET_NAME }} | |
| - uses: DFE-Digital/github-actions/set-kubelogin-environment@master | |
| with: | |
| azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Terraform destroy | |
| if: env.TF_STATE_EXISTS == 'true' | |
| run: make ci review_aks destroy | |
| env: | |
| APP_NAME: ${{ env.PR_NUMBER }} | |
| IMAGE_TAG: ignored | |
| - name: Delete tf state file | |
| if: env.TF_STATE_EXISTS == 'true' | |
| run: | | |
| az storage blob delete -c att-tfstate --name ${{ env.TF_STATE_FILE }} \ | |
| --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}" | |
| - name: Update ${{ env.DEPLOY_ENV }} status | |
| if: always() && env.TF_STATE_EXISTS == 'true' | |
| id: deactivate-env | |
| uses: bobheadxi/deployments@v1 | |
| with: | |
| env: ${{ env.DEPLOY_ENV }} | |
| step: deactivate-env | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| desc: The deployment for ${{ env.DEPLOY_ENV }} has been removed. | |
| - uses: actions/github-script@v7 | |
| name: Remove environment entity | |
| if: always() && (steps.deactivate-env.outcome == 'success') | |
| with: | |
| github-token: ${{ secrets.ACTIONS_API_ACCESS_TOKEN }} | |
| script: | | |
| const environment = process.env.DEPLOY_ENV || '' | |
| if (environment) { | |
| github.rest.repos.deleteAnEnvironment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| environment_name: environment | |
| }).then(res => { | |
| console.log(`The environment ${environment} was removed successfully.`) | |
| }).catch(err => { | |
| core.setFailed(err.message) | |
| }) | |
| } else { | |
| core.setFailed('An environment was not passed for deletion.') | |
| } | |
| env: | |
| DEPLOY_ENV: ${{env.DEPLOY_ENV}} |