-
Notifications
You must be signed in to change notification settings - Fork 8
96 lines (81 loc) · 2.57 KB
/
pr-close-delete-env.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: PR - Delete Environment when PR is closed
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs:
environment:
description: "Pull request number"
required: true
default: ""
defaults:
run:
shell: pwsh
env:
SLOT_NAME: pr-${{ github.event.number }}
permissions:
id-token: write
contents: read
jobs:
delete-slot:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load .env file
uses: xom9ikk/dotenv@v2
with:
path: ./.github
load-mode: strict
- name: Azure CLI - Login
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Cleanup ACRPull & KeyVault permission
run: |
$acrId = az acr show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.ACR_LOGIN_SERVER }} `
--query id `
--output tsv
Write-Host '✅ acr found'
# get slot identity
$identityId = az webapp identity show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_NAME }} `
--query principalId `
--output tsv
Write-Host '✅ slot identity found'
# grant access to the identity on ACR
az role assignment delete `
--assignee $identityId `
--scope $acrId `
--role acrpull `
--output none
Write-Host '✅ acrpull role deleted'
$kvId = az keyvault show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.KEY_VAULT }} `
--query id `
--output tsv
if($kvId) {
Write-Host '✅ KeyVault found'
# grant access to the identity on KeyVault
az role assignment delete `
--assignee $identityId `
--scope $kvId `
--role "Key Vault Secrets User" `
-o none
Write-Host '✅ Key Vault Secrets User role deleted'
} else {
Write-Host '❌ Key Vault not found'
}
- name: Delete slot on staging site
run: |
az webapp deployment slot delete `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_NAME }} `
--output none