Skip to content
PR - Delete Environment when PR is closed

September Newsletter Upload #1806

Sign in to view logs

September Newsletter Upload

September Newsletter Upload #1806

Workflow file for this run

.github/workflows/pr-close-delete-env.yml at deb9cd0
name: PR - Delete Environment when PR is closed
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs:
slotID:
description: "Pull request number"
required: true
default: ""
workflow_call:
inputs:
slotIDs:
type: string
description: "Slot IDs"
required: true
defaults:
run:
shell: pwsh
env:
SLOT_NAME: ${{ inputs.slotIDs || inputs.slotID || github.event.number }}
SLOT_PREFIX: pr-
permissions:
id-token: write
contents: read
jobs:
setting-up-slot-ids:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Get slot ids from input
id: set-matrix
run: |
$slotIDs = '${{ env.SLOT_NAME }}'
if($slotIDs -notlike '`[*')
{
$array = $slotIDs -split " "
$slotIDs = ConvertTo-Json -Compress @($array)
}
echo "matrix=$slotIDs" >> $env:GITHUB_OUTPUT
delete-slot-and-acr-cleanup:
runs-on: ubuntu-latest
needs: setting-up-slot-ids
strategy:
matrix:
SLOT_NAME: ${{ fromJson(needs.setting-up-slot-ids.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- name: Load .env file
uses: xom9ikk/dotenv@v2
with:
path: ./.github
- name: Azure CLI - Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Cleanup ACR and Key Vault Permissions
run: |
$acrId = az acr show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.ACR_LOGIN_SERVER }} `
--query id `
--output tsv
Write-Host '✅ acr found'
# get slot identity
$identityId = az webapp identity show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--query principalId `
--output tsv
Write-Host '✅ slot identity found'
# grant access to the identity on ACR
az role assignment delete `
--assignee $identityId `
--scope $acrId `
--role acrpull `
--output none
Write-Host '✅ acrpull role deleted'
$kvId = az keyvault show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.KEY_VAULT }} `
--query id `
--output tsv
if($kvId) {
Write-Host '✅ KeyVault found'
# grant access to the identity on KeyVault
az role assignment delete `
--assignee $identityId `
--scope $kvId `
--role "Key Vault Secrets User" `
-o none
Write-Host '✅ Key Vault Secrets User role deleted'
} else {
Write-Host '❌ Key Vault not found'
}
- name: Delete all untagged images
run: |
az acr manifest list-metadata `
-r ${{ env.ACR_NAME }} `
-n ${{ env.IMAGE_NAME }} `
--query "[?tags==null].digest" `
-o tsv | `
%{ `
az acr repository delete `
-n ${{ env.ACR_NAME }} `
-t ${{ env.IMAGE_NAME }}@$_ `
--yes `
}
Write-Host "✅ All untagged images have been deleted"
- name: ACR - Delete image
run: |
$imageTagWithPrefix = '${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME}}'
az acr repository delete --name ${{ env.ACR_NAME }} `
--image ${{ env.IMAGE_NAME }}:$imageTagWithPrefix --yes
Write-Output "✅ ACR - ${{ env.IMAGE_NAME }}:$imageTagWithPrefix image deleted successfully."
- name: Delete slot
run: |
az webapp deployment slot delete `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--output none