-
Notifications
You must be signed in to change notification settings - Fork 3
45 lines (42 loc) · 2.06 KB
/
destroy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Destroy
on: delete
permissions:
id-token: write
contents: read
actions: read
jobs:
destroy:
# Protected branches should be designated as such in the GitHub UI.
# So, a protected branch should never have this workflow run, since the branch should never be deleted.
# This conditional is a backup mechanism to help prevent mistakes from becoming disasters.
# This is a list of branch names that are commonly used for protected branches/environments.
# Add/remove names from this list as appropriate.
if: github.event.ref_type == 'branch' && !contains(fromJson('["main", "val", "production"]'), github.event.ref)
runs-on: ubuntu-latest
steps:
- name: set branch_name
run: |
if [[ "${{ github.event.ref }}" =~ ^dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter.
echo "branch_name=`echo ${{ github.event.ref }} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
else
echo "branch_name=${{ github.event.ref }}" >> $GITHUB_ENV
fi
- uses: actions/checkout@v3
- name: set branch specific variable names
run: ./.github/build-vars.sh set_names
- name: set variable values
run: ./.github/build-vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: lock this branch to prevent concurrent builds
run: ./.github/github-lock.sh $branch_name
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: ./scripts/destroy.sh $STAGE_PREFIX$branch_name