Skip to content
Delete review app

Enable federated auth for big query #3664

Sign in to view logs

Enable federated auth for big query

Enable federated auth for big query #3664

Workflow file for this run

.github/workflows/delete_review_app.yml at 3a62db0
name: Delete review app
on:
pull_request:
types: [closed]
paths-ignore:
- 'bigquery/**'
- 'documentation/**'
- 'terraform/common/**'
- '**.md'
workflow_dispatch:
inputs:
pr_number:
description: 'Pull Request number to delete (EG: 1234 for review-pr-1234)'
required: true
concurrency: workflow-Build-and-deploy-${{ github.event.pull_request.number }}
permissions:
id-token: write
env:
DOCKER_REPOSITORY: ghcr.io/dfe-digital/teaching-vacancies
jobs:
delete-review-app:
if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name == 'workflow_dispatch'
name: Delete review app
runs-on: ubuntu-20.04
environment: review
steps:
- name: Set environment variables
run: |
PR_NUMBER=${{ github.event.inputs.pr_number || github.event.number }}
ENVIRONMENT=review-pr-${PR_NUMBER}
echo "PR_NUMBER=${PR_NUMBER}" >> $GITHUB_ENV
echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV
echo "LINK_TO_RUN=https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> $GITHUB_ENV
echo "LINK_TO_PR=https://github.com/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" >> $GITHUB_ENV
echo "LINK_TO_APP=https://teaching-vacancies-${ENVIRONMENT}.test.teacherservices.cloud" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
role-to-assume: Deployments
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Get secrets from AWS ParameterStore
uses: dkershner6/aws-ssm-getparameters-action@v2
with:
parameterPairs: "/teaching-vacancies/github_action/infra/slack_webhook = SLACK_WEBHOOK"
- uses: actions/checkout@v4
name: Checkout Code
- uses: google-github-actions/auth@v2
with:
project_id: teacher-vacancy-service
workload_identity_provider: projects/689616473831/locations/global/workloadIdentityPools/teaching-vacancies/providers/teaching-vacancies
- name: Set up Ruby
uses: ruby/setup-ruby@v1
- name: Download fetch_config.rb
shell: bash
run: |
echo "::group:: Download fetch_config.rb script"
curl -s https://raw.githubusercontent.com/DFE-Digital/bat-platform-building-blocks/master/scripts/fetch_config/fetch_config.rb -o bin/fetch_config.rb
chmod +x bin/fetch_config.rb
echo "::endgroup::"
- name: Validate secrets
shell: bash
run: |
gem install aws-sdk-ssm --no-document
bin/fetch_config.rb -s aws-ssm-parameter-path:/teaching-vacancies/dev/app -d quiet \
&& echo Data in /teaching-vacancies/dev looks valid
- name: Terraform pin version
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.5.1
- uses: DFE-Digital/github-actions/set-kubelogin-environment@master
with:
azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Terraform destroy (on PR closed)
run: |
make review ci terraform-app-destroy pr_id=${{env.PR_NUMBER}}
- name: Delete Terraform Statefile
run: ./bin/delete-state-file ${{env.PR_NUMBER}}
- name: Post sticky pull request comment
uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Review app <${{ env.LINK_TO_APP }}> was successfully deleted
- name: Send failure message to twd_tv_dev channel
if: failure()
uses: rtCamp/action-slack-notify@v2.3.2
env:
SLACK_CHANNEL: twd_tv_dev
SLACK_USERNAME: CI Deployment
SLACK_ICON_EMOJI: ':cry:'
SLACK_TITLE: Delete review app failure
SLACK_MESSAGE: |
Failed deletion of review app PR ${{env.PR_NUMBER}}
See: <${{ env.LINK_TO_RUN }}|Workflow run> - <${{ env.LINK_TO_PR }}|Pull request> - <${{ env.LINK_TO_APP }}|Review app>
<!channel>
SLACK_WEBHOOK: ${{env.SLACK_WEBHOOK}}
SLACK_COLOR: ${{ job.status }}