-
Notifications
You must be signed in to change notification settings - Fork 8
131 lines (112 loc) · 3.7 KB
/
pr-close-delete-env.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: PR - Delete Environment when PR is closed
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs:
slotID:
description: "Pull request number"
required: true
default: ""
workflow_call:
inputs:
slotIDs:
type: string
description: "Slot IDs"
required: true
defaults:
run:
shell: pwsh
env:
SLOT_NAME: ${{ inputs.slotIDs || inputs.slotID || github.event.number }}
SLOT_PREFIX: pr-
permissions:
id-token: write
contents: read
jobs:
setting-up-slot-ids:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Get slot ids from input
id: set-matrix
run: |
$slotIDs = '${{ env.SLOT_NAME }}'
if($slotIDs -notlike '`[*')
{
$array = $slotIDs -split " "
$slotIDs = ConvertTo-Json -Compress @($array)
}
echo "matrix=$slotIDs" >> $env:GITHUB_OUTPUT
delete-slot-and-acr-cleanup:
runs-on: ubuntu-latest
needs: setting-up-slot-ids
strategy:
matrix:
SLOT_NAME: ${{ fromJson(needs.setting-up-slot-ids.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- name: Load .env file
uses: xom9ikk/dotenv@v2
with:
path: ./.github
- name: Azure CLI - Login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Cleanup ACR and Key Vault Permissions
run: |
$acrId = az acr show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.ACR_LOGIN_SERVER }} `
--query id `
--output tsv
Write-Host '✅ acr found'
# get slot identity
$identityId = az webapp identity show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--query principalId `
--output tsv
Write-Host '✅ slot identity found'
# grant access to the identity on ACR
az role assignment delete `
--assignee $identityId `
--scope $acrId `
--role acrpull `
--output none
Write-Host '✅ acrpull role deleted'
$kvId = az keyvault show `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.KEY_VAULT }} `
--query id `
--output tsv
if($kvId) {
Write-Host '✅ KeyVault found'
# grant access to the identity on KeyVault
az role assignment delete `
--assignee $identityId `
--scope $kvId `
--role "Key Vault Secrets User" `
-o none
Write-Host '✅ Key Vault Secrets User role deleted'
} else {
Write-Host '❌ Key Vault not found'
}
- name: ACR - Delete image
run: |
$imageTagWithPrefix = '${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME}}'
az acr repository delete --name ${{ env.ACR_NAME }} `
--image ${{ env.IMAGE_NAME }}:$imageTagWithPrefix --yes
Write-Output "✅ ACR - ${{ env.IMAGE_NAME }}:$imageTagWithPrefix image deleted successfully."
- name: Delete slot
run: |
az webapp deployment slot delete `
--resource-group ${{ env.AZURE_RESOURCE_GROUP }} `
--name ${{ env.APP_SERVICE_NAME }} `
--slot ${{ env.SLOT_PREFIX }}${{ matrix.SLOT_NAME }} `
--output none