VED-1116: Update PR Teardown to delete PR recordprocessor images #496
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Teardown | |
| on: | |
| pull_request: | |
| types: [closed] | |
| workflow_dispatch: | |
| inputs: | |
| pr_number: | |
| description: The PR number of the environment to teardown e.g 123 | |
| required: true | |
| type: string | |
| jobs: | |
| teardown: | |
| name: PR Teardown | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: dev | |
| env: | |
| APIGEE_ENVIRONMENT: internal-dev | |
| BACKEND_ENVIRONMENT: dev | |
| BACKEND_SUB_ENVIRONMENT: pr-${{ github.event_name == 'pull_request' && github.event.pull_request.number || inputs.pr_number }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Connect to AWS | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/auto-ops | |
| role-session-name: github-actions | |
| - name: Whoami | |
| run: aws sts get-caller-identity | |
| - name: Checkout | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 | |
| - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 | |
| with: | |
| terraform_version: "1.12.2" | |
| - name: Terraform Init and extract MNS SQS QUEUE ARN | |
| working-directory: infrastructure/instance | |
| run: | | |
| make init apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT | |
| make workspace apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT | |
| echo "ID_SYNC_QUEUE_ARN=$(make -s output name=id_sync_queue_arn)" >> $GITHUB_ENV | |
| - name: Install poetry | |
| run: pip install poetry==2.1.4 | |
| - uses: actions/setup-python@v6.2.0 | |
| with: | |
| python-version: 3.11 | |
| cache: "poetry" | |
| cache-dependency-path: | | |
| lambdas/mns_subscription/poetry.lock | |
| lambdas/shared/poetry.lock | |
| - name: Unsubscribe MNS | |
| working-directory: "./lambdas/mns_subscription" | |
| env: | |
| APIGEE_ENVIRONMENT: int | |
| SQS_ARN: ${{ env.ID_SYNC_QUEUE_ARN }} | |
| run: | | |
| poetry install --no-root | |
| echo "Unsubscribing SQS to MNS for notifications..." | |
| make unsubscribe | |
| - name: Terraform Destroy | |
| working-directory: infrastructure/instance | |
| run: | | |
| make destroy apigee_environment=$APIGEE_ENVIRONMENT environment=$BACKEND_ENVIRONMENT sub_environment=$BACKEND_SUB_ENVIRONMENT | |
| - name: Cleanup recordprocessor ECR images for PR | |
| env: | |
| AWS_REGION: eu-west-2 | |
| REPOSITORY_NAME: imms-recordprocessor-repo | |
| IMAGE_TAG_PREFIX: ${{ env.BACKEND_SUB_ENVIRONMENT }}- | |
| run: | | |
| MATCHING_TAGS=$( | |
| aws ecr list-images \ | |
| --repository-name "${REPOSITORY_NAME}" \ | |
| --region "${AWS_REGION}" \ | |
| --filter tagStatus=TAGGED \ | |
| --query "imageIds[?starts_with(imageTag, \`${IMAGE_TAG_PREFIX}\`)].imageTag" \ | |
| --output text | |
| ) | |
| if [ -z "${MATCHING_TAGS}" ] || [ "${MATCHING_TAGS}" = "None" ]; then | |
| echo "No recordprocessor images found for prefix '${IMAGE_TAG_PREFIX}'." | |
| exit 0 | |
| fi | |
| IMAGE_IDS_ARGS="" | |
| for image_tag in ${MATCHING_TAGS}; do | |
| echo "Queueing recordprocessor image tag '${image_tag}' for deletion..." | |
| IMAGE_IDS_ARGS="${IMAGE_IDS_ARGS} imageTag=${image_tag}" | |
| done | |
| aws ecr batch-delete-image \ | |
| --repository-name "${REPOSITORY_NAME}" \ | |
| --region "${AWS_REGION}" \ | |
| --image-ids ${IMAGE_IDS_ARGS} \ | |
| --output json |