main | roga7 | development #1715

Workflow file for this run

.github/workflows/tear-down-sandbox.yml at 55127ca

	name: "Tear down - Sandbox/Test"

	run-name: "${{ inputs.git_ref }} \| ${{ inputs.sandbox_name }} \| ${{ inputs.environment }}"

	on:
	workflow_dispatch:
	inputs:
	git_ref:
	default: "main"
	description: "Branch, tag or SHA for the destroy action"
	required: true
	type: "string"
	sandbox_name:
	description: "Sandbox to destroy"
	required: true
	type: "string"
	environment:
	default: "development"
	description: "GitHub Environment name"
	required: true
	type: choice
	options:
	- "development"
	- "test"

	workflow_call:
	inputs:
	git_ref:
	default: "main"
	description: "Branch, tag or SHA for the destroy action"
	required: true
	type: "string"
	sandbox_name:
	description: "Sandbox to destroy"
	required: true
	type: "string"
	environment:
	default: "development"
	description: "GitHub Environment name"
	required: true
	type: "string"

	permissions:
	pull-requests: write
	id-token: write
	contents: read

	jobs:
	remove_edge_associations:
	name: Remove Lambda@Edge Associations
	uses: ./.github/workflows/base-cleanup-lambda-edge.yml
	with:
	git_ref: ${{ inputs.git_ref }}
	sandbox_name: ${{ inputs.sandbox_name }}
	environment: ${{ inputs.environment }}
	secrets:
	AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role

	cleanup_versions:
	name: Cleanup Versions
	uses: ./.github/workflows/base-cleanup-workspace.yml
	with:
	git_ref: ${{ inputs.git_ref }}
	sandbox_name: ${{ inputs.sandbox_name }}
	environment: ${{ inputs.environment }}
	secrets:
	AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role

	terraform_destroy:
	name: Terraform Destroy
	runs-on: ubuntu-latest
	needs: [remove_edge_associations] # Ensure this runs after Lambda@Edge removal
	environment: ${{ inputs.environment }}
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	ref: ${{ inputs.git_ref }}

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v6
	with:
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role
	aws-region: ${{ vars.AWS_REGION }}
	mask-aws-account-id: true

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v4
	with:
	terraform_version: 1.14.7

	- name: Initialise Terraform
	run: terraform init -backend-config=${{ vars.TF_BACKEND_FILE }}
	working-directory: ./infrastructure

	- name: Select Terraform Workspace
	run: terraform workspace select ${{ inputs.sandbox_name }}
	working-directory: ./infrastructure

	- name: Run Terraform Destroy
	run: terraform destroy -auto-approve -var-file="${{ vars.TF_VARS_FILE }}"
	working-directory: ./infrastructure

	terraform_destroy_base_iam:
	name: Terraform Destroy (base_iam)
	# Only destroy base_iam in a Sandbox environment. Don't tear down in ndr-test or ndr-dev environments.
	if: ${{ inputs.environment == 'development' && inputs.sandbox_name != 'ndr-dev' }}
	runs-on: ubuntu-latest
	needs: [terraform_destroy]
	environment: ${{ inputs.environment }}
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	ref: ${{ inputs.git_ref }}

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v6
	with:
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap
	aws-region: ${{ vars.AWS_REGION }}
	mask-aws-account-id: true

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v4
	with:
	terraform_version: 1.14.7

	- name: Initialise Terraform
	run: terraform init -backend-config=bucket=ndr-dev-terraform-state-${{ secrets.AWS_ACCOUNT_ID }}
	working-directory: ./base_iam

	- name: Select Terraform Workspace
	run: terraform workspace select ${{ inputs.sandbox_name }}
	working-directory: ./base_iam

	- name: Run Terraform Destroy
	run: terraform destroy -auto-approve -var-file="${{ vars.TF_VARS_FILE }}" -var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}
	working-directory: ./base_iam

	cleanup_resources:
	name: Cleanup Resources
	runs-on: ubuntu-latest
	needs: [terraform_destroy_base_iam]
	environment: ${{ inputs.environment }}
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	ref: ${{ inputs.git_ref }}

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v6
	with:
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap
	aws-region: ${{ vars.AWS_REGION }}
	mask-aws-account-id: true

	- name: Setup Python 3.11
	uses: actions/setup-python@v6
	with:
	python-version: 3.11

	- name: Install Python Dependencies
	run: \|
	python3 -m venv ./venv
	./venv/bin/pip3 install --upgrade pip boto3

	- name: Run Cleanup Script (Terraform Workspace)
	run: ./venv/bin/python3 -u scripts/cleanup_terraform_states.py ${{ inputs.sandbox_name }}

	- name: Run Cleanup Script (Log Group)
	run: ./venv/bin/python3 -u scripts/cleanup_log_groups.py ${{ inputs.sandbox_name }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

main | roga7 | development #1715

Workflow file

main | roga7 | development #1715

Uh oh!

Workflow file for this run