-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (117 loc) · 4.47 KB
/
cron-tear-down-test.yml
File metadata and controls
138 lines (117 loc) · 4.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: 'Z-CRON: Tear down - Test'
on:
schedule:
- cron: 59 17 * * 1-5 # utc time
permissions:
pull-requests: write
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
remove_edge_associations:
name: Remove Lambda@Edge Associations
uses: ./.github/workflows/base-cleanup-lambda-edge.yml
with:
git_ref: main
sandbox_name: ndr-test
environment: test
secrets:
AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_WORKSPACE }}-github-actions-role
cleanup_versions:
name: Cleanup Versions
uses: ./.github/workflows/base-cleanup-workspace.yml
with:
git_ref: main
sandbox_name: ndr-test
environment: test
secrets:
AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_WORKSPACE }}-github-actions-role
terraform_destroy_process:
name: Destroy Test Environment
runs-on: ubuntu-latest
environment: test
needs: [cleanup_versions]
strategy:
matrix:
# Can't use an env var here unfortunately, we will have to update here with new sandbox environments
sandbox-name: [ndr-test]
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: main
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_WORKSPACE }}-github-actions-role
role-skip-session-tagging: true
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v4
with:
terraform_version: 1.14.7
terraform_wrapper: false
- name: Initialise Terraform
id: init
run: terraform init -backend-config=backend-test.conf
working-directory: ./infrastructure
shell: bash
- name: Select Terraform Workspace
id: workspace
run: terraform workspace select ${{ matrix.sandbox-name }}
working-directory: ./infrastructure
shell: bash
- name: Pre-cleanup AWS Backup Recovery Points
run: |
BACKUP_VAULT_EXISTS=$(aws backup list-backup-vaults \
--region eu-west-2 \
--query "BackupVaultList[?BackupVaultName=='${{ matrix.sandbox-name }}_backup_vault']" \
--output text)
if [ -z "$BACKUP_VAULT_EXISTS" ]; then
exit 0
fi
RECOVERY_POINTS=$(aws backup list-recovery-points-by-backup-vault \
--backup-vault-name ${{ matrix.sandbox-name }}_backup_vault \
--region eu-west-2 \
--query 'RecoveryPoints[*].RecoveryPointArn' \
--output text)
for ARN in $RECOVERY_POINTS; do
echo "Deleting recovery point: $ARN"
aws backup delete-recovery-point \
--backup-vault-name ${{ matrix.sandbox-name }}_backup_vault \
--recovery-point-arn $ARN \
--region eu-west-2
done
- name: Run Terraform Destroy
id: destroy
run: terraform destroy -auto-approve -var-file="${{ vars.TF_VARS_FILE }}"
working-directory: ./infrastructure
terraform_destroy_base_iam:
name: Terraform Destroy base_iam
runs-on: ubuntu-latest
needs: [terraform_destroy_process]
environment: test
steps:
- name: Checkout
uses: actions/checkout@v6
with:
ref: main
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v6
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/test-github-bootstrap
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v4
with:
terraform_version: 1.14.3
- name: Initialise Terraform
run: terraform init -backend-config=bucket=${{ secrets.AWS_WORKSPACE }}-terraform-state-${{ secrets.AWS_ACCOUNT_ID }}
working-directory: ./base_iam
- name: Select Terraform Workspace
run: terraform workspace select ${{ secrets.AWS_WORKSPACE }}
working-directory: ./base_iam
- name: Run Terraform Destroy
run: terraform destroy -auto-approve -var-file="${{ vars.TF_VARS_FILE }}" -var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}
working-directory: ./base_iam